Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2007-6427

Disclosure Date: January 18, 2008 •

Description

The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

References

Canonical

CVE-2007-6427 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6427)

BID-27336 (http://www.securityfocus.com/bid/27336)

BID-27351 (http://www.securityfocus.com/bid/27351)

Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10372

SECUNIA-28542 (http://secunia.com/advisories/28542)

SECUNIA-29139 (http://secunia.com/advisories/29139)

ADV-2008-0184 (http://www.vupen.com/english/advisories/2008/0184)

SECUNIA-29622 (http://secunia.com/advisories/29622)

FEDORA-2008-0831 (https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html)

http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html

SECUNIA-28532 (http://secunia.com/advisories/28532)

SECUNIA-29707 (http://secunia.com/advisories/29707)

http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm

SECUNIA-28843 (http://secunia.com/advisories/28843)

DSA-1466 (http://www.debian.org/security/2008/dsa-1466)

SECUNIA-28540 (http://secunia.com/advisories/28540)

SSRT080083 (http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321)

20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (http://www.securityfocus.com/archive/1/487335/100/0/threaded)

ADV-2008-0703 (http://www.vupen.com/english/advisories/2008/0703)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:021

ADV-2008-0924 (http://www.vupen.com/english/advisories/2008/0924/references)

SECUNIA-28718 (http://secunia.com/advisories/28718)

SUNALERT-200153 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1)

http://www.redhat.com/support/errata/RHSA-2008-0029.html

SECUNIA-28584 (http://secunia.com/advisories/28584)

SECUNIA-28941 (http://secunia.com/advisories/28941)

SECUNIA-28592 (http://secunia.com/advisories/28592)

http://support.avaya.com/elmodocs2/security/ASA-2008-039.htm

SECUNIA-29420 (http://secunia.com/advisories/29420)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:022

APPLE-SA-2008-03-18 (http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html)

SECUNIA-30161 (http://secunia.com/advisories/30161)

GLSA-200805-07 (http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml)

http://www.redhat.com/support/errata/RHSA-2008-0030.html

SECUNIA-28543 (http://secunia.com/advisories/28543)

SECUNIA-28273 (http://secunia.com/advisories/28273)

http://www.redhat.com/support/errata/RHSA-2008-0031.html

SECUNIA-28550 (http://secunia.com/advisories/28550)

ADV-2008-0497 (http://www.vupen.com/english/advisories/2008/0497/references)

http://bugs.gentoo.org/show_bug.cgi?id=204362

http://www.mandriva.com/security/advisories?name=MDVSA-2008:023

SECUNIA-28885 (http://secunia.com/advisories/28885)

SUNALERT-103200 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:025

USN-571-1 (https://usn.ubuntu.com/571-1)

GLSA-200804-05 (http://security.gentoo.org/glsa/glsa-200804-05.xml)

SECUNIA-28535 (http://secunia.com/advisories/28535)

ADV-2008-3000 (http://www.vupen.com/english/advisories/2008/3000)

http://docs.info.apple.com/article.html?artnum=307562

[xorg] 20080117 X.Org security advisory: multiple vulnerabilities in the X server (http://lists.freedesktop.org/archives/xorg/2008-January/031918.html)

http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities

SECUNIA-32545 (http://secunia.com/advisories/32545)

XF-xorg-xinput-code-execution(39759) (https://exchange.xforce.ibmcloud.com/vulnerabilities/39759)

SECUNIA-28838 (http://secunia.com/advisories/28838)

SECTRACK-1019232 (http://securitytracker.com/id?1019232)

https://issues.rpath.com/browse/RPL-2010

SECUNIA-28539 (http://secunia.com/advisories/28539)

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

SECUNIA-28616 (http://secunia.com/advisories/28616)

FEDORA-2008-0760 (https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html)

SECUNIA-28536 (http://secunia.com/advisories/28536)

SECUNIA-28693 (http://secunia.com/advisories/28693)

GLSA-200801-09 (http://security.gentoo.org/glsa/glsa-200801-09.xml)

ADV-2008-0179 (http://www.vupen.com/english/advisories/2008/0179)

Miscellaneous

[4.1] 20080208 012: SECURITY FIX: February 8, 2008 (http://www.openbsd.org/errata41.html#012_xorg)

20080117 Multiple Vendor X Server XInput Extension Multiple Memory Corruption Vulnerabilities (http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=643)

[4.2] 20080208 006: SECURITY FIX: February 8, 2008 (http://www.openbsd.org/errata42.html#006_xorg)

Rapid7

Technical Analysis