PRIOn knowledge basePRION:CVE-2008-1377Heap overflow
7.5 High
AI Score
Confidence
Low
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
76.2%
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
References
ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
labs.idefense.com/intelligence/vulnerabilities/display.php?id=721
lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
lists.freedesktop.org/archives/xorg/2008-June/036026.html
lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html
lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
rhn.redhat.com/errata/RHSA-2008-0502.html
rhn.redhat.com/errata/RHSA-2008-0504.html
rhn.redhat.com/errata/RHSA-2008-0512.html
secunia.com/advisories/30627
secunia.com/advisories/30628
secunia.com/advisories/30629
secunia.com/advisories/30630
secunia.com/advisories/30637
secunia.com/advisories/30659
secunia.com/advisories/30664
secunia.com/advisories/30666
secunia.com/advisories/30671
secunia.com/advisories/30715
secunia.com/advisories/30772
secunia.com/advisories/30809
secunia.com/advisories/30843
secunia.com/advisories/31025
secunia.com/advisories/31109
secunia.com/advisories/32099
secunia.com/advisories/32545
secunia.com/advisories/33937
security.gentoo.org/glsa/glsa-200806-07.xml
securitytracker.com/id?1020247
sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1
support.apple.com/kb/HT3438
support.avaya.com/elmodocs2/security/ASA-2008-249.htm
wiki.rpath.com/wiki/Advisories:rPSA-2008-0201
www.debian.org/security/2008/dsa-1595
www.gentoo.org/security/en/glsa/glsa-200807-07.xml
www.mandriva.com/security/advisories?name=MDVSA-2008:115
www.mandriva.com/security/advisories?name=MDVSA-2008:116
www.redhat.com/support/errata/RHSA-2008-0503.html
www.securityfocus.com/archive/1/493548/100/0/threaded
www.securityfocus.com/archive/1/493550/100/0/threaded
www.ubuntu.com/usn/usn-616-1
www.vupen.com/english/advisories/2008/1803
www.vupen.com/english/advisories/2008/1833
www.vupen.com/english/advisories/2008/1983/references
www.vupen.com/english/advisories/2008/3000
issues.rpath.com/browse/RPL-2607
issues.rpath.com/browse/RPL-2619
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109
Related
7.5 High
AI Score
Confidence
Low
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
76.2%