Published: 16/06/2008 Updated: 11/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent malicious users to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x x11 r7.3

Multiple flaws were found in the RENDER, RECORD, and Security extensions of Xorg which did not correctly validate function arguments An authenticated attacker could send specially crafted requests and gain root privileges or crash X (CVE-2008-1377, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362) ...

Several local vulnerabilities have been discovered in the X Window system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1377 Lack of validation of the parameters of the SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions makes it possible for a specially crafted requ ...

CWE-189 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=720 http://lists.freedesktop.org/archives/xorg/2008-June/036026.html ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff http://www.debian.org/security/2008/dsa-1595 http://rhn.redhat.com/errata/RHSA-2008-0504.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1 http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html http://www.ubuntu.com/usn/usn-616-1 http://www.securityfocus.com/bid/29670 http://securitytracker.com/id?1020245 http://secunia.com/advisories/30627 http://secunia.com/advisories/30630 http://secunia.com/advisories/30637 http://secunia.com/advisories/30659 http://secunia.com/advisories/30664 http://secunia.com/advisories/30666 http://security.gentoo.org/glsa/glsa-200806-07.xml http://secunia.com/advisories/30715 https://issues.rpath.com/browse/RPL-2607 http://secunia.com/advisories/30843 http://secunia.com/advisories/30772 http://www.mandriva.com/security/advisories?name=MDVSA-2008:116 https://issues.rpath.com/browse/RPL-2619 http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm http://secunia.com/advisories/30671 http://secunia.com/advisories/31109 http://secunia.com/advisories/30809 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 http://secunia.com/advisories/32099 http://www.mandriva.com/security/advisories?name=MDVSA-2008:179 http://secunia.com/advisories/31025 http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://support.apple.com/kb/HT3438 http://www.vupen.com/english/advisories/2008/1803 http://www.vupen.com/english/advisories/2008/1833 http://www.vupen.com/english/advisories/2008/1983/references https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11246 http://www.securityfocus.com/archive/1/493550/100/0/threaded http://www.securityfocus.com/archive/1/493548/100/0/threaded https://usn.ubuntu.com/616-1/https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook