Vulnonym.org

CVE-2008-1377 - Pushing Drum

Description

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap which triggers heap corruption.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721 http://lists.freedesktop.org/archives/xorg/2008-June/036026.html ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff http://www.debian.org/security/2008/dsa-1595 http://rhn.redhat.com/errata/RHSA-2008-0502.html http://rhn.redhat.com/errata/RHSA-2008-0504.html http://rhn.redhat.com/errata/RHSA-2008-0512.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1 http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html http://www.ubuntu.com/usn/usn-616-1 http://securitytracker.com/id?1020247 http://secunia.com/advisories/30627 http://secunia.com/advisories/30628 http://secunia.com/advisories/30629 http://secunia.com/advisories/30630 http://secunia.com/advisories/30637 http://secunia.com/advisories/30659 http://secunia.com/advisories/30664 http://secunia.com/advisories/30666 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 http://secunia.com/advisories/31109 http://www.redhat.com/support/errata/RHSA-2008-0503.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:115 http://secunia.com/advisories/30772 http://www.mandriva.com/security/advisories?name=MDVSA-2008:116 http://secunia.com/advisories/30809 http://secunia.com/advisories/30671 https://issues.rpath.com/browse/RPL-2607 http://security.gentoo.org/glsa/glsa-200806-07.xml http://secunia.com/advisories/30843 http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm https://issues.rpath.com/browse/RPL-2619 http://secunia.com/advisories/30715 http://secunia.com/advisories/32099 http://secunia.com/advisories/31025 http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://www.vupen.com/english/advisories/2008/3000 http://secunia.com/advisories/32545 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 http://support.apple.com/kb/HT3438 http://www.vupen.com/english/advisories/2008/1983/references http://www.vupen.com/english/advisories/2008/1803 http://www.vupen.com/english/advisories/2008/1833 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109 http://www.securityfocus.com/archive/1/493550/100/0/threaded http://www.securityfocus.com/archive/1/493548/100/0/threaded