Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-1377

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

Published

2008-06-16T19:41:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-189

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	x	x11	r7.3	Yes

References

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 ([email protected])
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721 ([email protected])
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html ([email protected])
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html Patch ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2008-0502.html Patch ([email protected])
http://rhn.redhat.com/errata/RHSA-2008-0504.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2008-0512.html ([email protected])
http://secunia.com/advisories/30627 Vendor Advisory ([email protected])
http://secunia.com/advisories/30628 Vendor Advisory ([email protected])
http://secunia.com/advisories/30629 Vendor Advisory ([email protected])
http://secunia.com/advisories/30630 Vendor Advisory ([email protected])
http://secunia.com/advisories/30637 Vendor Advisory ([email protected])
http://secunia.com/advisories/30659 Vendor Advisory ([email protected])
http://secunia.com/advisories/30664 Vendor Advisory ([email protected])
http://secunia.com/advisories/30666 Vendor Advisory ([email protected])
http://secunia.com/advisories/30671 ([email protected])
http://secunia.com/advisories/30715 ([email protected])
http://secunia.com/advisories/30772 ([email protected])
http://secunia.com/advisories/30809 ([email protected])
http://secunia.com/advisories/30843 ([email protected])
http://secunia.com/advisories/31025 ([email protected])
http://secunia.com/advisories/31109 ([email protected])
http://secunia.com/advisories/32099 ([email protected])
http://secunia.com/advisories/32545 ([email protected])
http://secunia.com/advisories/33937 ([email protected])
http://security.gentoo.org/glsa/glsa-200806-07.xml ([email protected])
http://securitytracker.com/id?1020247 ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1 ([email protected])
http://support.apple.com/kb/HT3438 ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm ([email protected])
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 ([email protected])
http://www.debian.org/security/2008/dsa-1595 Patch ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:115 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:116 ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0503.html ([email protected])
http://www.securityfocus.com/archive/1/493548/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/493550/100/0/threaded ([email protected])
http://www.ubuntu.com/usn/usn-616-1 Patch ([email protected])
http://www.vupen.com/english/advisories/2008/1803 ([email protected])
http://www.vupen.com/english/advisories/2008/1833 ([email protected])
http://www.vupen.com/english/advisories/2008/1983/references ([email protected])
http://www.vupen.com/english/advisories/2008/3000 ([email protected])
https://issues.rpath.com/browse/RPL-2607 ([email protected])
https://issues.rpath.com/browse/RPL-2619 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109 ([email protected])
ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 (af854a3a-2127-422b-91ae-364da2661108)
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721 (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2008-0502.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2008-0504.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2008-0512.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30627 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30628 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30629 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30630 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30637 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30659 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30664 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30666 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30671 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30715 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30772 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30809 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30843 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31025 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31109 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32099 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32545 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33937 (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200806-07.xml (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1020247 (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1 (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT3438 (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm (af854a3a-2127-422b-91ae-364da2661108)
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1595 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:115 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:116 (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0503.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/493548/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/493550/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-616-1 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/1803 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/1833 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/1983/references (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/3000 (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-2607 (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-2619 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109 (af854a3a-2127-422b-91ae-364da2661108)