Back to search
CVE-2008-1377
Published: Jun 16, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://issues.rpath.com/browse/RPL-2607
x_refsource_CONFIRM
30629
third-party-advisory
x_refsource_SECUNIA
20080611 Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities
third-party-advisory
x_refsource_IDEFENSE
oval:org.mitre.oval:def:10109
vdb-entry
signature
x_refsource_OVAL
238686
vendor-advisory
x_refsource_SUNALERT
33937
third-party-advisory
x_refsource_SECUNIA
30664
third-party-advisory
x_refsource_SECUNIA
MDVSA-2008:115
vendor-advisory
x_refsource_MANDRIVA
20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
mailing-list
x_refsource_BUGTRAQ
31025
third-party-advisory
x_refsource_SECUNIA
RHSA-2008:0502
vendor-advisory
x_refsource_REDHAT
SSRT080083
vendor-advisory
x_refsource_HP
http://support.apple.com/kb/HT3438
x_refsource_CONFIRM
APPLE-SA-2009-02-12
vendor-advisory
x_refsource_APPLE
ADV-2008-1833
vdb-entry
x_refsource_VUPEN
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201
x_refsource_CONFIRM
GLSA-200806-07
vendor-advisory
x_refsource_GENTOO
30715
third-party-advisory
x_refsource_SECUNIA
30666
third-party-advisory
x_refsource_SECUNIA
30627
third-party-advisory
x_refsource_SECUNIA
30637
third-party-advisory
x_refsource_SECUNIA
MDVSA-2008:116
vendor-advisory
x_refsource_MANDRIVA
ADV-2008-1803
vdb-entry
x_refsource_VUPEN
HPSBUX02381
vendor-advisory
x_refsource_HP
http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm
x_refsource_CONFIRM
SUSE-SA:2008:027
vendor-advisory
x_refsource_SUSE
30772
third-party-advisory
x_refsource_SECUNIA
1020247
vdb-entry
x_refsource_SECTRACK
RHSA-2008:0503
vendor-advisory
x_refsource_REDHAT
30628
third-party-advisory
x_refsource_SECUNIA
30659
third-party-advisory
x_refsource_SECUNIA
31109
third-party-advisory
x_refsource_SECUNIA
ADV-2008-1983
vdb-entry
x_refsource_VUPEN
30671
third-party-advisory
x_refsource_SECUNIA
30809
third-party-advisory
x_refsource_SECUNIA
ADV-2008-3000
vdb-entry
x_refsource_VUPEN
[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions
mailing-list
x_refsource_MLIST
RHSA-2008:0504
vendor-advisory
x_refsource_REDHAT
32545
third-party-advisory
x_refsource_SECUNIA
30843
third-party-advisory
x_refsource_SECUNIA
DSA-1595
vendor-advisory
x_refsource_DEBIAN
USN-616-1
vendor-advisory
x_refsource_UBUNTU
32099
third-party-advisory
x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-2619
x_refsource_CONFIRM
SUSE-SR:2008:019
vendor-advisory
x_refsource_SUSE
RHSA-2008:0512
vendor-advisory
x_refsource_REDHAT
20080620 rPSA-2008-0200-1 xorg-server
mailing-list
x_refsource_BUGTRAQ
30630
third-party-advisory
x_refsource_SECUNIA
GLSA-200807-07
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now