Lucene search

PRIOn knowledge basePRION:CVE-2008-1377

HistoryJun 16, 2008 - 7:41 p.m.

Heap overflow

2008-06-1619:41:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.6%

JSON

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

CPENameOperatorVersion
x11eq7.3.114

CPE	Name	Operator	Version
	x11	eq	7.3.114

References

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321

labs.idefense.com/intelligence/vulnerabilities/display.php?id=721

lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

lists.freedesktop.org/archives/xorg/2008-June/036026.html

lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html

lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html

rhn.redhat.com/errata/RHSA-2008-0502.html

rhn.redhat.com/errata/RHSA-2008-0504.html

rhn.redhat.com/errata/RHSA-2008-0512.html

secunia.com/advisories/30627

secunia.com/advisories/30628

secunia.com/advisories/30629

secunia.com/advisories/30630

secunia.com/advisories/30637

secunia.com/advisories/30659

secunia.com/advisories/30664

secunia.com/advisories/30666

secunia.com/advisories/30671

secunia.com/advisories/30715

secunia.com/advisories/30772

secunia.com/advisories/30809

secunia.com/advisories/30843

secunia.com/advisories/31025

secunia.com/advisories/31109

secunia.com/advisories/32099

secunia.com/advisories/32545

secunia.com/advisories/33937

security.gentoo.org/glsa/glsa-200806-07.xml

securitytracker.com/id?1020247

sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1

support.apple.com/kb/HT3438

support.avaya.com/elmodocs2/security/ASA-2008-249.htm

wiki.rpath.com/wiki/Advisories:rPSA-2008-0201

www.debian.org/security/2008/dsa-1595

www.gentoo.org/security/en/glsa/glsa-200807-07.xml

www.mandriva.com/security/advisories?name=MDVSA-2008:115

www.mandriva.com/security/advisories?name=MDVSA-2008:116

www.redhat.com/support/errata/RHSA-2008-0503.html

www.securityfocus.com/archive/1/493548/100/0/threaded

www.securityfocus.com/archive/1/493550/100/0/threaded

www.ubuntu.com/usn/usn-616-1

www.vupen.com/english/advisories/2008/1803

www.vupen.com/english/advisories/2008/1833

www.vupen.com/english/advisories/2008/1983/references

www.vupen.com/english/advisories/2008/3000

issues.rpath.com/browse/RPL-2607

issues.rpath.com/browse/RPL-2619

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109