CVE-2008-1377

critical

Description

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109

https://issues.rpath.com/browse/RPL-2619

https://issues.rpath.com/browse/RPL-2607

http://www.vupen.com/english/advisories/2008/3000

http://www.vupen.com/english/advisories/2008/1983/references

http://www.vupen.com/english/advisories/2008/1833

http://www.vupen.com/english/advisories/2008/1803

http://www.ubuntu.com/usn/usn-616-1

http://www.securityfocus.com/archive/1/493550/100/0/threaded

http://www.securityfocus.com/archive/1/493548/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2008-0503.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:116

http://www.mandriva.com/security/advisories?name=MDVSA-2008:115

http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml

http://www.debian.org/security/2008/dsa-1595

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201

http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm

http://support.apple.com/kb/HT3438

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1

http://securitytracker.com/id?1020247

http://security.gentoo.org/glsa/glsa-200806-07.xml

http://secunia.com/advisories/33937

http://secunia.com/advisories/32545

http://secunia.com/advisories/32099

http://secunia.com/advisories/31109

http://secunia.com/advisories/31025

http://secunia.com/advisories/30843

http://secunia.com/advisories/30809

http://secunia.com/advisories/30772

http://secunia.com/advisories/30715

http://secunia.com/advisories/30671

http://secunia.com/advisories/30666

http://secunia.com/advisories/30664

http://secunia.com/advisories/30659

http://secunia.com/advisories/30637

http://secunia.com/advisories/30630

http://secunia.com/advisories/30629

http://secunia.com/advisories/30628

http://secunia.com/advisories/30627

http://rhn.redhat.com/errata/RHSA-2008-0512.html

http://rhn.redhat.com/errata/RHSA-2008-0504.html

http://rhn.redhat.com/errata/RHSA-2008-0502.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html

http://lists.freedesktop.org/archives/xorg/2008-June/036026.html

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321

Details

Source: Mitre, NVD

Published: 2008-06-16

Updated: 2018-10-11

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical