CVE-2008-1377

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
References
Link Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff
http://www.debian.org/security/2008/dsa-1595 Patch
http://rhn.redhat.com/errata/RHSA-2008-0502.html Patch
http://rhn.redhat.com/errata/RHSA-2008-0504.html
http://rhn.redhat.com/errata/RHSA-2008-0512.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html Patch
http://www.ubuntu.com/usn/usn-616-1 Patch
http://securitytracker.com/id?1020247
http://secunia.com/advisories/30627 Vendor Advisory
http://secunia.com/advisories/30628 Vendor Advisory
http://secunia.com/advisories/30629 Vendor Advisory
http://secunia.com/advisories/30630 Vendor Advisory
http://secunia.com/advisories/30637 Vendor Advisory
http://secunia.com/advisories/30659 Vendor Advisory
http://secunia.com/advisories/30664 Vendor Advisory
http://secunia.com/advisories/30666 Vendor Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201
http://secunia.com/advisories/31109
http://www.redhat.com/support/errata/RHSA-2008-0503.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:115
http://secunia.com/advisories/30772
http://www.mandriva.com/security/advisories?name=MDVSA-2008:116
http://secunia.com/advisories/30809
http://secunia.com/advisories/30671
https://issues.rpath.com/browse/RPL-2607
http://security.gentoo.org/glsa/glsa-200806-07.xml
http://secunia.com/advisories/30843
http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm
https://issues.rpath.com/browse/RPL-2619
http://secunia.com/advisories/30715
http://secunia.com/advisories/32099
http://secunia.com/advisories/31025
http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://secunia.com/advisories/33937
http://www.vupen.com/english/advisories/2008/3000
http://secunia.com/advisories/32545
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
http://support.apple.com/kb/HT3438
http://www.vupen.com/english/advisories/2008/1983/references
http://www.vupen.com/english/advisories/2008/1803
http://www.vupen.com/english/advisories/2008/1833
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109
http://www.securityfocus.com/archive/1/493550/100/0/threaded
http://www.securityfocus.com/archive/1/493548/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:x:x11:r7.3:*:*:*:*:*:*:*

Information

Published : 2008-06-16 07:41

Updated : 2018-10-11 08:32


NVD link : CVE-2008-1377

Mitre link : CVE-2008-1377

Products Affected
No products.
CWE