[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-2361

Date: (C)2008-06-16   (M)2017-11-18 


Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory.

CVSS Score: 6.8Access Vector: NETWORK
Exploit Score: 8.0Access Complexity: LOW
Impact Score: 6.9Authentication: SINGLE_INSTANCE
 Confidentiality: NONE
 Integrity: NONE
 Availability: COMPLETE





Reference:
SECTRACK-1020244
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=719
http://www.securityfocus.com/archive/1/archive/1/493548/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/493550/100/0/threaded
SUNALERT-238686
BID-29665
SECUNIA-30627
SECUNIA-30629
SECUNIA-30630
SECUNIA-30637
SECUNIA-30659
SECUNIA-30664
SECUNIA-30666
SECUNIA-30671
SECUNIA-30715
SECUNIA-30772
SECUNIA-30809
SECUNIA-30843
SECUNIA-31025
SECUNIA-31109
SECUNIA-32099
SECUNIA-33937
ADV-2008-1803
ADV-2008-1833
ADV-2008-1983
APPLE-SA-2009-02-12
DSA-1595
GLSA-200806-07
GLSA-200807-07
MDVSA-2008:115
MDVSA-2008:116
MDVSA-2008:179
RHSA-2008:0502
RHSA-2008:0503
RHSA-2008:0504
SUSE-SA:2008:027
SUSE-SR:2008:019
USN-616-1
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2361.diff
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201
https://issues.rpath.com/browse/RPL-2607
https://issues.rpath.com/browse/RPL-2619

CWE    1
CWE-189
OVAL    3
oval:org.secpod.oval:def:301595
oval:org.secpod.oval:def:301416
oval:org.mitre.oval:def:8313

© 2013 SecPod Technologies