what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

CVE-2007-6427

Status Candidate

Overview

The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

Related Files

HP Security Bulletin 2008-00.83
Posted Nov 5, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Xserver. The vulnerabilities could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | hpux
advisories | CVE-2007-5958, CVE-2007-6427, CVE-2007-6429, CVE-2008-0006, CVE-2008-1377, CVE-2008-1379
SHA-256 | ced5c6740042c0cd094d009d362b7d7685ebb91d5fe0e017b9aab934a40f69b1
Gentoo Linux Security Advisory 200801-9
Posted Mar 12, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory [ERRATA UPDATE] GLSA 200801-09:03 - The previous version of the X.Org X server (1.3.0.0-r4) did not properly address the integer overflow vulnerability in the MIT-SHM extension (CVE-2007-6429). It failed to check on Pixmaps of certain bit depths. Versions less than 1.3.0.0-r5 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | ec9718e4bc7cbfde57e6fbae71ba194bdc3199ce1bdd7c9822705ba14c88559b
Mandriva Linux Security Advisory 2008-025
Posted Jan 25, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities including file verification, memory corruption, information disclosure, integer overflows, and an input validation flaw were discovered in x11-server-xgl.

tags | advisory, overflow, vulnerability, info disclosure
systems | linux, mandriva
advisories | CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2007-5760
SHA-256 | 92ecb1a076f5e1d5237fd0dc8af22f189ba31dda87c81dcb4ac65d4633e134cb
Mandriva Linux Security Advisory 2008-023
Posted Jan 25, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities including file verification, memory corruption, information disclosure, integer overflows, and an input validation flaw were discovered in x11-server.

tags | advisory, overflow, vulnerability, info disclosure
systems | linux, mandriva
advisories | CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2007-5760
SHA-256 | 7899a5f8c05a71db0dc6e0db3895c11521ba293b378be8e22f34b011a7f8e84c
Mandriva Linux Security Advisory 2008-022
Posted Jan 25, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities including file verification, memory corruption, information disclosure, integer overflows, and heap overflows were discovered in xorg-X11.

tags | advisory, overflow, vulnerability, info disclosure
systems | linux, mandriva
advisories | CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006, CVE-2007-4730, CVE-2007-5760
SHA-256 | 2690245c14cccd070bbdc7a657598d08fbe2f618754259f55d88d7477ba76ece
Mandriva Linux Security Advisory 2008-021
Posted Jan 25, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities including file verification, memory corruption, information disclosure, integer overflows, and heap overflows were discovered in XFree86.

tags | advisory, overflow, vulnerability, info disclosure
systems | linux, mandriva
advisories | CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | 361ca5c5a576c2dead010393dc88fc0b7518b65926bef03bec670799801efe06
Debian Linux Security Advisory 1466-3
Posted Jan 22, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1466-3 - The X.org fix for CVE-2007-6429 introduced a regression in the MIT-SHM extension, which prevented the start of a few applications. This update provides updated packages for the xfree86 version included in Debian old stable (Sarge) in addition to the fixed packages for Debian stable (Etch), which were provided in DSA 1466-2.

tags | advisory
systems | linux, debian
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | 7cf5d67192897942775250970ee137f0418d36a2330262b64f97e3001e0038ef
Gentoo Linux Security Advisory 200801-9
Posted Jan 22, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200801-09 - Multiple vulnerabilities have been discovered in the X.Org X server and Xfont library, allowing for a local privilege escalation and arbitrary code execution. Versions less than 1.3.0.0-r4 are affected.

tags | advisory, arbitrary, local, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | 7d28a99b610fcc02ab4b414215a56c997828db0b9753eaf6810776b58b6c869f
Debian Linux Security Advisory 1466-2
Posted Jan 22, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1466-2 - The X.org fix for CVE-2007-6429 introduced a regression in the MIT-SHM extension, which prevented the start of a few applications. This update fixes this problem and also references the patch for CVE-2008-0006, which was included in the previous update, but not mentioned in the advisory text.

tags | advisory
systems | linux, debian
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429
SHA-256 | 7880a06b59c46aba294ba5d3373d2819e546eb39e8fe850e19452ad8e5448397
Ubuntu Security Notice 571-2
Posted Jan 22, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 571-2 - USN-571-1 fixed vulnerabilities in X.org. The upstream fixes were incomplete, and under certain situations, applications using the MIT-SHM extension (e.g. Java, wxWidgets) would crash with BadAlloc X errors. This update fixes the problem.

tags | advisory, java, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | fbf38ace466f8679c27a645bf67eedb816d28d94e4c9f155caed68a4b00432cb
iDEFENSE Security Advisory 2008-01-17.1
Posted Jan 18, 2008
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 01.17.08 - Local exploitation of multiple memory corruption vulnerabilities in the X.Org X server, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the X server, typically root. Vulnerable code exists within multiple functions in the XInput extension. By sending specially crafted X11 requests, an attacker is able to corrupt heap memory located after their request data. This results in a potentially exploitable condition. Defense has confirmed the existence of these vulnerabilities in X.Org X11 version R7.3. Previous versions may also be affected.

tags | advisory, arbitrary, local, root, vulnerability
advisories | CVE-2007-6427
SHA-256 | 4357bff2a486d2934d0def5af55ed1b0333abfe4897f136cdcb70115231ac4b8
Ubuntu Security Notice 571-1
Posted Jan 18, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 571-1 - Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges.

tags | advisory, overflow, local, root
systems | linux, ubuntu
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | ed802d7374761fc7f216b15cd6a5443aef8801fd64dc5cd436bba1141cfd5934
Debian Linux Security Advisory 1466-1
Posted Jan 18, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1466-1 - Several local vulnerabilities have been discovered in the X.Org X server.

tags | advisory, local, vulnerability
systems | linux, debian
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429
SHA-256 | e6e2a481ccdd75f77778bd93cac243335052c16bf8480c3180dbf7cf634d7cfa
SUSE-SA-2008-003.txt
Posted Jan 18, 2008
Site suse.com

SUSE Security Announcement - The X windows system is vulnerable to several kinds of vulnerabilities that are caused due to insufficient input validation.

tags | advisory, vulnerability
systems | linux, windows, suse
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | db2211cc4f2a6baa5e2ef0ab490f4d619771e3e98a80aaa7ce517e872678b0f7
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close