CVE-2008-1377

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

CVSS v2.0 9

9^/10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff
http://www.debian.org/security/2008/dsa-1595	Patch
http://rhn.redhat.com/errata/RHSA-2008-0502.html	Patch
http://rhn.redhat.com/errata/RHSA-2008-0504.html
http://rhn.redhat.com/errata/RHSA-2008-0512.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html	Patch
http://www.ubuntu.com/usn/usn-616-1	Patch
http://securitytracker.com/id?1020247
http://secunia.com/advisories/30627	Vendor Advisory
http://secunia.com/advisories/30628	Vendor Advisory
http://secunia.com/advisories/30629	Vendor Advisory
http://secunia.com/advisories/30630	Vendor Advisory
http://secunia.com/advisories/30637	Vendor Advisory
http://secunia.com/advisories/30659	Vendor Advisory
http://secunia.com/advisories/30664	Vendor Advisory
http://secunia.com/advisories/30666	Vendor Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201
http://secunia.com/advisories/31109
http://www.redhat.com/support/errata/RHSA-2008-0503.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:115
http://secunia.com/advisories/30772
http://www.mandriva.com/security/advisories?name=MDVSA-2008:116
http://secunia.com/advisories/30809
http://secunia.com/advisories/30671
https://issues.rpath.com/browse/RPL-2607
http://security.gentoo.org/glsa/glsa-200806-07.xml
http://secunia.com/advisories/30843
http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm
https://issues.rpath.com/browse/RPL-2619
http://secunia.com/advisories/30715
http://secunia.com/advisories/32099
http://secunia.com/advisories/31025
http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://secunia.com/advisories/33937
http://www.vupen.com/english/advisories/2008/3000
http://secunia.com/advisories/32545
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
http://support.apple.com/kb/HT3438
http://www.vupen.com/english/advisories/2008/1983/references
http://www.vupen.com/english/advisories/2008/1803
http://www.vupen.com/english/advisories/2008/1833
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109
http://www.securityfocus.com/archive/1/493550/100/0/threaded
http://www.securityfocus.com/archive/1/493548/100/0/threaded

Configurations

Configuration 1

cpe:2.3:a:x:x11:r7.3:*:*:*:*:*:*:*

History

24 Jan 2023, 16:19

Type	Values Removed	Values Added
CPE		cpe:2.3:a:predictapp_project:predictapp::::::::
References	~~(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 -~~	(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 - Patch, Third Party Advisory
References	~~(MISC) https://github.com/abhilash1985/PredictApp/pull/73 -~~	(MISC) https://github.com/abhilash1985/PredictApp/pull/73 - Patch, Third Party Advisory
References	~~(MISC) https://vuldb.com/?id.218387 -~~	(MISC) https://vuldb.com/?id.218387 - Third Party Advisory
References	~~(MISC) https://vuldb.com/?ctiid.218387 -~~	(MISC) https://vuldb.com/?ctiid.218387 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Predictapp Project predictapp Predictapp Project

16 Jan 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2008-06-16 07:41

Updated : 2018-10-11 08:32

NVD link : CVE-2008-1377

Mitre link : CVE-2008-1377

Products Affected

No products.

CWE

CWE-189