CVE - CVE-2008-2361

CVE-ID
CVE-2008-2361	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2009-02-12 URL:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BID:29665 URL:http://www.securityfocus.com/bid/29665 BUGTRAQ:20080620 rPSA-2008-0200-1 xorg-server URL:http://www.securityfocus.com/archive/1/493548/100/0/threaded BUGTRAQ:20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs URL:http://www.securityfocus.com/archive/1/493550/100/0/threaded CONFIRM:ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2361.diff CONFIRM:http://support.apple.com/kb/HT3438 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 CONFIRM:https://issues.rpath.com/browse/RPL-2607 CONFIRM:https://issues.rpath.com/browse/RPL-2619 DEBIAN:DSA-1595 URL:http://www.debian.org/security/2008/dsa-1595 GENTOO:GLSA-200806-07 URL:http://security.gentoo.org/glsa/glsa-200806-07.xml GENTOO:GLSA-200807-07 URL:http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml IDEFENSE:20080611 Multiple Vendor X Server Render Extension ProcRenderCreateCursor() Integer Overflow Vulnerability URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=719 MANDRIVA:MDVSA-2008:115 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:115~~ (Obsolete source) MANDRIVA:MDVSA-2008:116 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:116~~ (Obsolete source) MANDRIVA:MDVSA-2008:179 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:179~~ (Obsolete source) MLIST:[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions URL:http://lists.freedesktop.org/archives/xorg/2008-June/036026.html OVAL:oval:org.mitre.oval:def:8978 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8978 REDHAT:RHSA-2008:0502 URL:http://rhn.redhat.com/errata/RHSA-2008-0502.html REDHAT:RHSA-2008:0503 URL:http://www.redhat.com/support/errata/RHSA-2008-0503.html REDHAT:RHSA-2008:0504 URL:http://rhn.redhat.com/errata/RHSA-2008-0504.html SECTRACK:1020244 URL:http://securitytracker.com/id?1020244 SECUNIA:30627 URL:http://secunia.com/advisories/30627 SECUNIA:30629 URL:http://secunia.com/advisories/30629 SECUNIA:30630 URL:http://secunia.com/advisories/30630 SECUNIA:30637 URL:http://secunia.com/advisories/30637 SECUNIA:30659 URL:http://secunia.com/advisories/30659 SECUNIA:30664 URL:http://secunia.com/advisories/30664 SECUNIA:30666 URL:http://secunia.com/advisories/30666 SECUNIA:30671 URL:http://secunia.com/advisories/30671 SECUNIA:30715 URL:http://secunia.com/advisories/30715 SECUNIA:30772 URL:http://secunia.com/advisories/30772 SECUNIA:30809 URL:http://secunia.com/advisories/30809 SECUNIA:30843 URL:http://secunia.com/advisories/30843 SECUNIA:31025 URL:http://secunia.com/advisories/31025 SECUNIA:31109 URL:http://secunia.com/advisories/31109 SECUNIA:32099 URL:http://secunia.com/advisories/32099 SECUNIA:33937 URL:http://secunia.com/advisories/33937 SUNALERT:238686 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1~~ (Obsolete source) SUSE:SUSE-SA:2008:027 URL:http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html SUSE:SUSE-SR:2008:019 URL:http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html UBUNTU:USN-616-1 URL:http://www.ubuntu.com/usn/usn-616-1 VUPEN:ADV-2008-1803 URL:~~http://www.vupen.com/english/advisories/2008/1803~~ (Obsolete source) VUPEN:ADV-2008-1833 URL:~~http://www.vupen.com/english/advisories/2008/1833~~ (Obsolete source) VUPEN:ADV-2008-1983 URL:~~http://www.vupen.com/english/advisories/2008/1983/references~~ (Obsolete source)
Assigning CNA
Red Hat, Inc.
Date Record Created
20080521	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080521)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)