Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2008-1377

Published: 16/06/2008 Updated: 11/10/2018
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
VMScore: 801
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to X11

Vulnerability Summary

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent malicious users to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

Vulnerable Product Search on Vulmon Subscribe to Product

x x11 r7.3

Vendor Advisories

Ubuntu Security Notice: xorg-server vulnerabilities
Multiple flaws were found in the RENDER, RECORD, and Security extensions of Xorg which did not correctly validate function arguments An authenticated attacker could send specially crafted requests and gain root privileges or crash X (CVE-2008-1377, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362) ...
Debian Security Advisories: DSA-1595-1 xorg-server -- several vulnerabilities
Several local vulnerabilities have been discovered in the X Window system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1377 Lack of validation of the parameters of the SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions makes it possible for a specially crafted requ ...

References

CWE-189http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721http://lists.freedesktop.org/archives/xorg/2008-June/036026.htmlftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diffhttp://www.debian.org/security/2008/dsa-1595http://rhn.redhat.com/errata/RHSA-2008-0502.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0504.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0512.htmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.htmlhttp://www.ubuntu.com/usn/usn-616-1http://securitytracker.com/id?1020247http://secunia.com/advisories/30627http://secunia.com/advisories/30628http://secunia.com/advisories/30629http://secunia.com/advisories/30630http://secunia.com/advisories/30637http://secunia.com/advisories/30659http://secunia.com/advisories/30664http://secunia.com/advisories/30666http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201http://secunia.com/advisories/31109http://www.redhat.com/support/errata/RHSA-2008-0503.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:115http://secunia.com/advisories/30772http://www.mandriva.com/security/advisories?name=MDVSA-2008:116http://secunia.com/advisories/30809http://secunia.com/advisories/30671https://issues.rpath.com/browse/RPL-2607http://security.gentoo.org/glsa/glsa-200806-07.xmlhttp://secunia.com/advisories/30843http://support.avaya.com/elmodocs2/security/ASA-2008-249.htmhttps://issues.rpath.com/browse/RPL-2619http://secunia.com/advisories/30715http://secunia.com/advisories/32099http://secunia.com/advisories/31025http://www.gentoo.org/security/en/glsa/glsa-200807-07.xmlhttp://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.htmlhttp://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlhttp://secunia.com/advisories/33937http://www.vupen.com/english/advisories/2008/3000http://secunia.com/advisories/32545http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321http://support.apple.com/kb/HT3438http://www.vupen.com/english/advisories/2008/1983/referenceshttp://www.vupen.com/english/advisories/2008/1803http://www.vupen.com/english/advisories/2008/1833https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109http://www.securityfocus.com/archive/1/493550/100/0/threadedhttp://www.securityfocus.com/archive/1/493548/100/0/threadedhttps://usn.ubuntu.com/616-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook