CVE-2008-1377 Information

Feb 14, 2021 cve

Description

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap which triggers heap corruption.

Reference

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.freedesktop.org/archives/xorg/2008-June/036026.html http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html http://rhn.redhat.com/errata/RHSA-2008-0502.html http://rhn.redhat.com/errata/RHSA-2008-0504.html http://rhn.redhat.com/errata/RHSA-2008-0512.html http://secunia.com/advisories/30627 http://secunia.com/advisories/30628 http://secunia.com/advisories/30629 http://secunia.com/advisories/30630 http://secunia.com/advisories/30637 http://secunia.com/advisories/30659 http://secunia.com/advisories/30664 http://secunia.com/advisories/30666 http://secunia.com/advisories/30671 http://secunia.com/advisories/30715 http://secunia.com/advisories/30772 http://secunia.com/advisories/30809 http://secunia.com/advisories/30843 http://secunia.com/advisories/31025 http://secunia.com/advisories/31109 http://secunia.com/advisories/32099 http://secunia.com/advisories/32545 http://secunia.com/advisories/33937 http://security.gentoo.org/glsa/glsa-200806-07.xml http://securitytracker.com/id?1020247 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1 http://support.apple.com/kb/HT3438 http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 http://www.debian.org/security/2008/dsa-1595 http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:115 http://www.mandriva.com/security/advisories?name=MDVSA-2008:116 http://www.redhat.com/support/errata/RHSA-2008-0503.html http://www.securityfocus.com/archive/1/493548/100/0/threaded http://www.securityfocus.com/archive/1/493550/100/0/threaded http://www.ubuntu.com/usn/usn-616-1 http://www.vupen.com/english/advisories/2008/1803 http://www.vupen.com/english/advisories/2008/1833 http://www.vupen.com/english/advisories/2008/1983/references http://www.vupen.com/english/advisories/2008/3000 https://issues.rpath.com/browse/RPL-2607 https://issues.rpath.com/browse/RPL-2619 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10109

Share on: