SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2008-1377

Date: (C)2008-06-16 (M)2023-12-22

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.0
Exploit Score: 8.0
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

SECTRACK-1020247

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721

http://www.securityfocus.com/archive/1/493548/100/0/threaded

http://www.securityfocus.com/archive/1/493550/100/0/threaded

SUNALERT-238686

APPLE-SA-2009-02-12

SUSE-SA:2008:027

SUSE-SR:2008:019

http://lists.freedesktop.org/archives/xorg/2008-June/036026.html

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff

http://support.apple.com/kb/HT3438

http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201

https://issues.rpath.com/browse/RPL-2607

https://issues.rpath.com/browse/RPL-2619

oval:org.mitre.oval:def:10109

oval:org.mitre.oval:def:8313
oval:org.secpod.oval:def:301416

© SecPod Technologies