CVE-2008-1377

2008-06-1600:00:00

ubuntu.com

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

76.5%

JSON

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients
functions in the Record extension and the (3)
SProcSecurityGenerateAuthorization function in the Security extension in
the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to
execute arbitrary code via requests with crafted length values that specify
an arbitrary number of bytes to be swapped on the heap, which triggers heap
corruption.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchxorg-server< 1:1.0.2-0ubuntu10.13UNKNOWN
ubuntu7.04noarchxorg-server< 2:1.2.0-3ubuntu8.4UNKNOWN
ubuntu7.10noarchxorg-server< 2:1.3.0.0.dfsg-12ubuntu8.4UNKNOWN
ubuntu8.04noarchxorg-server< 2:1.4.1~git20080131-1ubuntu9.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	xorg-server	< 1:1.0.2-0ubuntu10.13	UNKNOWN
ubuntu	7.04	noarch	xorg-server	< 2:1.2.0-3ubuntu8.4	UNKNOWN
ubuntu	7.10	noarch	xorg-server	< 2:1.3.0.0.dfsg-12ubuntu8.4	UNKNOWN
ubuntu	8.04	noarch	xorg-server	< 2:1.4.1~git20080131-1ubuntu9.2	UNKNOWN