exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

CVE-2007-5760

Status Candidate

Overview

Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index.

Related Files

Gentoo Linux Security Advisory 200801-9
Posted Mar 12, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory [ERRATA UPDATE] GLSA 200801-09:03 - The previous version of the X.Org X server (1.3.0.0-r4) did not properly address the integer overflow vulnerability in the MIT-SHM extension (CVE-2007-6429). It failed to check on Pixmaps of certain bit depths. Versions less than 1.3.0.0-r5 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | ec9718e4bc7cbfde57e6fbae71ba194bdc3199ce1bdd7c9822705ba14c88559b
Mandriva Linux Security Advisory 2008-025
Posted Jan 25, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities including file verification, memory corruption, information disclosure, integer overflows, and an input validation flaw were discovered in x11-server-xgl.

tags | advisory, overflow, vulnerability, info disclosure
systems | linux, mandriva
advisories | CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2007-5760
SHA-256 | 92ecb1a076f5e1d5237fd0dc8af22f189ba31dda87c81dcb4ac65d4633e134cb
Mandriva Linux Security Advisory 2008-023
Posted Jan 25, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities including file verification, memory corruption, information disclosure, integer overflows, and an input validation flaw were discovered in x11-server.

tags | advisory, overflow, vulnerability, info disclosure
systems | linux, mandriva
advisories | CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2007-5760
SHA-256 | 7899a5f8c05a71db0dc6e0db3895c11521ba293b378be8e22f34b011a7f8e84c
Mandriva Linux Security Advisory 2008-022
Posted Jan 25, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities including file verification, memory corruption, information disclosure, integer overflows, and heap overflows were discovered in xorg-X11.

tags | advisory, overflow, vulnerability, info disclosure
systems | linux, mandriva
advisories | CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006, CVE-2007-4730, CVE-2007-5760
SHA-256 | 2690245c14cccd070bbdc7a657598d08fbe2f618754259f55d88d7477ba76ece
Debian Linux Security Advisory 1466-3
Posted Jan 22, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1466-3 - The X.org fix for CVE-2007-6429 introduced a regression in the MIT-SHM extension, which prevented the start of a few applications. This update provides updated packages for the xfree86 version included in Debian old stable (Sarge) in addition to the fixed packages for Debian stable (Etch), which were provided in DSA 1466-2.

tags | advisory
systems | linux, debian
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | 7cf5d67192897942775250970ee137f0418d36a2330262b64f97e3001e0038ef
Gentoo Linux Security Advisory 200801-9
Posted Jan 22, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200801-09 - Multiple vulnerabilities have been discovered in the X.Org X server and Xfont library, allowing for a local privilege escalation and arbitrary code execution. Versions less than 1.3.0.0-r4 are affected.

tags | advisory, arbitrary, local, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | 7d28a99b610fcc02ab4b414215a56c997828db0b9753eaf6810776b58b6c869f
Debian Linux Security Advisory 1466-2
Posted Jan 22, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1466-2 - The X.org fix for CVE-2007-6429 introduced a regression in the MIT-SHM extension, which prevented the start of a few applications. This update fixes this problem and also references the patch for CVE-2008-0006, which was included in the previous update, but not mentioned in the advisory text.

tags | advisory
systems | linux, debian
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429
SHA-256 | 7880a06b59c46aba294ba5d3373d2819e546eb39e8fe850e19452ad8e5448397
Ubuntu Security Notice 571-2
Posted Jan 22, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 571-2 - USN-571-1 fixed vulnerabilities in X.org. The upstream fixes were incomplete, and under certain situations, applications using the MIT-SHM extension (e.g. Java, wxWidgets) would crash with BadAlloc X errors. This update fixes the problem.

tags | advisory, java, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | fbf38ace466f8679c27a645bf67eedb816d28d94e4c9f155caed68a4b00432cb
iDEFENSE Security Advisory 2008-01-17.4
Posted Jan 18, 2008
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 01.17.08 - Local exploitation of an invalid array index vulnerability in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the X server, typically root. The vulnerability exists within the XFree86-Misc extension. When processing a request, a 32-bit value from the client's request is used as an index into an array of structures. This structure contains an array of function pointers, one of which is used later in the request handling. By supplying a large array index, an arbitrary function pointer can be dereferenced. This results in the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in X.org X11 version R7.3. Previous versions may also be affected.

tags | advisory, arbitrary, local, root
advisories | CVE-2007-5760
SHA-256 | b1bca06565d2f165aedea3eb15eab5d2d20441857d50764b8dc053baf339d3f8
Ubuntu Security Notice 571-1
Posted Jan 18, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 571-1 - Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges.

tags | advisory, overflow, local, root
systems | linux, ubuntu
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | ed802d7374761fc7f216b15cd6a5443aef8801fd64dc5cd436bba1141cfd5934
Debian Linux Security Advisory 1466-1
Posted Jan 18, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1466-1 - Several local vulnerabilities have been discovered in the X.Org X server.

tags | advisory, local, vulnerability
systems | linux, debian
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429
SHA-256 | e6e2a481ccdd75f77778bd93cac243335052c16bf8480c3180dbf7cf634d7cfa
SUSE-SA-2008-003.txt
Posted Jan 18, 2008
Site suse.com

SUSE Security Announcement - The X windows system is vulnerable to several kinds of vulnerabilities that are caused due to insufficient input validation.

tags | advisory, vulnerability
systems | linux, windows, suse
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | db2211cc4f2a6baa5e2ef0ab490f4d619771e3e98a80aaa7ce517e872678b0f7
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close