Published: 16/06/2008 Updated: 11/10/2018

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Subscribe to X11

Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent malicious users to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x x11 r7.3

Multiple flaws were found in the RENDER, RECORD, and Security extensions of Xorg which did not correctly validate function arguments An authenticated attacker could send specially crafted requests and gain root privileges or crash X (CVE-2008-1377, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362) ...

Several local vulnerabilities have been discovered in the X Window system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1377 Lack of validation of the parameters of the SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions makes it possible for a specially crafted requ ...

CWE-189 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718 http://lists.freedesktop.org/archives/xorg/2008-June/036026.html ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff http://www.debian.org/security/2008/dsa-1595 http://rhn.redhat.com/errata/RHSA-2008-0502.html http://rhn.redhat.com/errata/RHSA-2008-0504.html http://rhn.redhat.com/errata/RHSA-2008-0512.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1 http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html http://www.ubuntu.com/usn/usn-616-1 http://securitytracker.com/id?1020243 http://secunia.com/advisories/30627 http://secunia.com/advisories/30628 http://secunia.com/advisories/30629 http://secunia.com/advisories/30630 http://secunia.com/advisories/30637 http://secunia.com/advisories/30659 http://secunia.com/advisories/30664 http://secunia.com/advisories/30666 https://issues.rpath.com/browse/RPL-2619 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 http://security.gentoo.org/glsa/glsa-200806-07.xml https://issues.rpath.com/browse/RPL-2607 http://www.mandriva.com/security/advisories?name=MDVSA-2008:115 http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm http://secunia.com/advisories/30772 http://www.mandriva.com/security/advisories?name=MDVSA-2008:116 http://www.redhat.com/support/errata/RHSA-2008-0503.html http://secunia.com/advisories/30843 http://secunia.com/advisories/31109 http://secunia.com/advisories/30809 http://secunia.com/advisories/30715 http://secunia.com/advisories/30671 http://secunia.com/advisories/32099 http://www.mandriva.com/security/advisories?name=MDVSA-2008:179 http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml http://secunia.com/advisories/31025 http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://support.apple.com/kb/HT3438 http://www.vupen.com/english/advisories/2008/1803 http://www.vupen.com/english/advisories/2008/1833 http://www.vupen.com/english/advisories/2008/1983/references https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9329 http://www.securityfocus.com/archive/1/493550/100/0/threaded http://www.securityfocus.com/archive/1/493548/100/0/threaded https://usn.ubuntu.com/616-1/https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook