Vulnerability CVE-2008-1377: Information

Description

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

Severity: CRITICAL (9.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2008-1377
Published: June 16, 2008
Modified: Oct. 11, 2018
Error type identifier: CWE-189

References to Advisories, Solutions, and Tools

Hyperlink
Resource
20080611 Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities
    [xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions
      ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff
        DSA-1595
        • Patch
        RHSA-2008:0502
        • Patch
        RHSA-2008:0504
          RHSA-2008:0512
            238686
              SUSE-SA:2008:027
              • Patch
              USN-616-1
              • Patch
              1020247
                30627
                • Vendor Advisory
                30628
                • Vendor Advisory
                30629
                • Vendor Advisory
                30630
                • Vendor Advisory
                30637
                • Vendor Advisory
                30659
                • Vendor Advisory
                30664
                • Vendor Advisory
                30666
                • Vendor Advisory
                http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201
                  31109
                    RHSA-2008:0503
                      MDVSA-2008:115
                        30772
                          MDVSA-2008:116
                            30809
                              30671
                                https://issues.rpath.com/browse/RPL-2607
                                  GLSA-200806-07
                                    30843
                                      http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm
                                        https://issues.rpath.com/browse/RPL-2619
                                          30715
                                            32099
                                              31025
                                                GLSA-200807-07
                                                  SUSE-SR:2008:019
                                                    APPLE-SA-2009-02-12
                                                      33937
                                                        ADV-2008-3000
                                                          32545
                                                            SSRT080083
                                                              http://support.apple.com/kb/HT3438
                                                                ADV-2008-1983
                                                                  ADV-2008-1803
                                                                    ADV-2008-1833
                                                                      oval:org.mitre.oval:def:10109
                                                                        20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
                                                                          20080620 rPSA-2008-0200-1 xorg-server

                                                                              1. Configuration 1

                                                                                cpe:2.3:a:x:x11:r7.3:*:*:*:*:*:*:*
                                                                            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                                                                            Version: v24.5.0
                                                                            Back to top