Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2008-1377

Disclosure Date: June 16, 2008 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

x

Products

x11 r7.3

References

Canonical

CVE-2008-1377 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377)

Advisory

https://issues.rpath.com/browse/RPL-2607

SECUNIA-30629 (http://secunia.com/advisories/30629)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109

SUNALERT-238686 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1)

SECUNIA-33937 (http://secunia.com/advisories/33937)

SECUNIA-30664 (http://secunia.com/advisories/30664)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:115

20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (http://www.securityfocus.com/archive/1/493550/100/0/threaded)

SECUNIA-31025 (http://secunia.com/advisories/31025)

http://rhn.redhat.com/errata/RHSA-2008-0502.html

SSRT080083 (http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321)

http://support.apple.com/kb/HT3438

APPLE-SA-2009-02-12 (http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html)

ADV-2008-1833 (http://www.vupen.com/english/advisories/2008/1833)

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201

GLSA-200806-07 (http://security.gentoo.org/glsa/glsa-200806-07.xml)

SECUNIA-30715 (http://secunia.com/advisories/30715)

SECUNIA-30666 (http://secunia.com/advisories/30666)

SECUNIA-30627 (http://secunia.com/advisories/30627)

SECUNIA-30637 (http://secunia.com/advisories/30637)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:116

ADV-2008-1803 (http://www.vupen.com/english/advisories/2008/1803)

http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html

SECUNIA-30772 (http://secunia.com/advisories/30772)

SECTRACK-1020247 (http://securitytracker.com/id?1020247)

http://www.redhat.com/support/errata/RHSA-2008-0503.html

SECUNIA-30628 (http://secunia.com/advisories/30628)

SECUNIA-30659 (http://secunia.com/advisories/30659)

SECUNIA-31109 (http://secunia.com/advisories/31109)

ADV-2008-1983 (http://www.vupen.com/english/advisories/2008/1983/references)

SECUNIA-30671 (http://secunia.com/advisories/30671)

SECUNIA-30809 (http://secunia.com/advisories/30809)

ADV-2008-3000 (http://www.vupen.com/english/advisories/2008/3000)

[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions (http://lists.freedesktop.org/archives/xorg/2008-June/036026.html)

http://rhn.redhat.com/errata/RHSA-2008-0504.html

SECUNIA-32545 (http://secunia.com/advisories/32545)

SECUNIA-30843 (http://secunia.com/advisories/30843)

DSA-1595 (http://www.debian.org/security/2008/dsa-1595)

USN-616-1 (http://www.ubuntu.com/usn/usn-616-1)

SECUNIA-32099 (http://secunia.com/advisories/32099)

https://issues.rpath.com/browse/RPL-2619

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html

http://rhn.redhat.com/errata/RHSA-2008-0512.html

20080620 rPSA-2008-0200-1 xorg-server (http://www.securityfocus.com/archive/1/493548/100/0/threaded)

SECUNIA-30630 (http://secunia.com/advisories/30630)

GLSA-200807-07 (http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml)

Miscellaneous

20080611 Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities (http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721)

Rapid7

Technical Analysis