[Forgot Password]
Login  Register Subscribe

23631

 
 

125647

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-2360

Date: (C)2008-06-16   (M)2017-11-18 


Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow.

CVSS Score: 9.0Access Vector: NETWORK
Exploit Score: 8.0Access Complexity: LOW
Impact Score: 10.0Authentication: SINGLE_INSTANCE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
SECTRACK-1020243
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718
http://www.securityfocus.com/archive/1/archive/1/493548/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/493550/100/0/threaded
SUNALERT-238686
SECUNIA-30627
SECUNIA-30628
SECUNIA-30629
SECUNIA-30630
SECUNIA-30637
SECUNIA-30659
SECUNIA-30664
SECUNIA-30666
SECUNIA-30671
SECUNIA-30715
SECUNIA-30772
SECUNIA-30809
SECUNIA-30843
SECUNIA-31025
SECUNIA-31109
SECUNIA-32099
SECUNIA-33937
ADV-2008-1803
ADV-2008-1833
ADV-2008-1983
APPLE-SA-2009-02-12
DSA-1595
GLSA-200806-07
GLSA-200807-07
MDVSA-2008:115
MDVSA-2008:116
MDVSA-2008:179
RHSA-2008:0502
RHSA-2008:0503
RHSA-2008:0504
RHSA-2008:0512
SUSE-SA:2008:027
SUSE-SR:2008:019
USN-616-1
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201
https://issues.rpath.com/browse/RPL-2607
https://issues.rpath.com/browse/RPL-2619

CWE    1
CWE-189
OVAL    3
oval:org.secpod.oval:def:301595
oval:org.secpod.oval:def:301416
oval:org.mitre.oval:def:8313

© 2013 SecPod Technologies