Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2007-6427

Disclosure Date: January 18, 2008 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

apple,
canonical,
debian,
fedoraproject,
opensuse,
suse,
x.org

Products

debian linux 3.1,
debian linux 4.0,
fedora 7,
fedora 8,
linux 10.1,
linux enterprise desktop 10,
linux enterprise desktop 9,
linux enterprise server 10,
linux enterprise server 8,
linux enterprise server 9,
linux enterprise software development kit 10,
mac os x,
open enterprise server -,
opensuse 10.2,
opensuse 10.3,
ubuntu linux 6.06,
ubuntu linux 6.10,
ubuntu linux 7.04,
ubuntu linux 7.10,
x server

References

Canonical

CVE-2007-6427 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6427)

BID-27336 (http://www.securityfocus.com/bid/27336)

BID-27351 (http://www.securityfocus.com/bid/27351)

Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10372

SECUNIA-28542 (http://secunia.com/advisories/28542)

SECUNIA-29139 (http://secunia.com/advisories/29139)

ADV-2008-0184 (http://www.vupen.com/english/advisories/2008/0184)

SECUNIA-29622 (http://secunia.com/advisories/29622)

FEDORA-2008-0831 (https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html)

http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html

SECUNIA-28532 (http://secunia.com/advisories/28532)

SECUNIA-29707 (http://secunia.com/advisories/29707)

http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm

SECUNIA-28843 (http://secunia.com/advisories/28843)

DSA-1466 (http://www.debian.org/security/2008/dsa-1466)

SECUNIA-28540 (http://secunia.com/advisories/28540)

SSRT080083 (http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321)

20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (http://www.securityfocus.com/archive/1/487335/100/0/threaded)

ADV-2008-0703 (http://www.vupen.com/english/advisories/2008/0703)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:021

ADV-2008-0924 (http://www.vupen.com/english/advisories/2008/0924/references)

SECUNIA-28718 (http://secunia.com/advisories/28718)

SUNALERT-200153 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1)

http://www.redhat.com/support/errata/RHSA-2008-0029.html

SECUNIA-28584 (http://secunia.com/advisories/28584)

SECUNIA-28941 (http://secunia.com/advisories/28941)

SECUNIA-28592 (http://secunia.com/advisories/28592)

http://support.avaya.com/elmodocs2/security/ASA-2008-039.htm

SECUNIA-29420 (http://secunia.com/advisories/29420)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:022

APPLE-SA-2008-03-18 (http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html)

SECUNIA-30161 (http://secunia.com/advisories/30161)

GLSA-200805-07 (http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml)

http://www.redhat.com/support/errata/RHSA-2008-0030.html

SECUNIA-28543 (http://secunia.com/advisories/28543)

SECUNIA-28273 (http://secunia.com/advisories/28273)

http://www.redhat.com/support/errata/RHSA-2008-0031.html

SECUNIA-28550 (http://secunia.com/advisories/28550)

ADV-2008-0497 (http://www.vupen.com/english/advisories/2008/0497/references)

http://bugs.gentoo.org/show_bug.cgi?id=204362

http://www.mandriva.com/security/advisories?name=MDVSA-2008:023

SECUNIA-28885 (http://secunia.com/advisories/28885)

SUNALERT-103200 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1)

http://www.mandriva.com/security/advisories?name=MDVSA-2008:025

USN-571-1 (https://usn.ubuntu.com/571-1)

GLSA-200804-05 (http://security.gentoo.org/glsa/glsa-200804-05.xml)

SECUNIA-28535 (http://secunia.com/advisories/28535)

ADV-2008-3000 (http://www.vupen.com/english/advisories/2008/3000)

http://docs.info.apple.com/article.html?artnum=307562

[xorg] 20080117 X.Org security advisory: multiple vulnerabilities in the X server (http://lists.freedesktop.org/archives/xorg/2008-January/031918.html)

http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities

SECUNIA-32545 (http://secunia.com/advisories/32545)

XF-xorg-xinput-code-execution(39759) (https://exchange.xforce.ibmcloud.com/vulnerabilities/39759)

SECUNIA-28838 (http://secunia.com/advisories/28838)

SECTRACK-1019232 (http://securitytracker.com/id?1019232)

https://issues.rpath.com/browse/RPL-2010

SECUNIA-28539 (http://secunia.com/advisories/28539)

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

SECUNIA-28616 (http://secunia.com/advisories/28616)

FEDORA-2008-0760 (https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html)

SECUNIA-28536 (http://secunia.com/advisories/28536)

SECUNIA-28693 (http://secunia.com/advisories/28693)

GLSA-200801-09 (http://security.gentoo.org/glsa/glsa-200801-09.xml)

ADV-2008-0179 (http://www.vupen.com/english/advisories/2008/0179)

Miscellaneous

[4.1] 20080208 012: SECURITY FIX: February 8, 2008 (http://www.openbsd.org/errata41.html#012_xorg)

20080117 Multiple Vendor X Server XInput Extension Multiple Memory Corruption Vulnerabilities (http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=643)

[4.2] 20080208 006: SECURITY FIX: February 8, 2008 (http://www.openbsd.org/errata42.html#006_xorg)

Rapid7

Technical Analysis