accept no compromises
Showing 1 - 8 of 8 RSS Feed

CVE-2008-1379

Status Candidate

Overview

Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height.

Related Files

HP Security Bulletin 2008-00.83
Posted Nov 5, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Xserver. The vulnerabilities could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | hpux
advisories | CVE-2007-5958, CVE-2007-6427, CVE-2007-6429, CVE-2008-0006, CVE-2008-1377, CVE-2008-1379
MD5 | 3ea7bd0d050356285bd818c942aa590c
Mandriva Linux Security Advisory 2008-179
Posted Aug 22, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server. Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. The Metisse program is likewise affected by these issues; the updated packages have been patched to prevent them.

tags | advisory, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362
MD5 | 7fa23a387b9a6aa48f33a17134658e9b
Gentoo Linux Security Advisory 200806-7
Posted Jun 19, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200806-07 - Multiple vulnerabilities have been discovered in the X.Org X server, possibly allowing for the remote execution of arbitrary code with root privileges. Versions less than 1.3.0.0-r6 are affected.

tags | advisory, remote, arbitrary, root, vulnerability
systems | linux, gentoo
advisories | CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362
MD5 | 573e9d1ad3a40d05a9a4e1ef02d9acf5
Mandriva Linux Security Advisory 2008-116
Posted Jun 17, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - An input validation flaw was found in X.org's Security and Record extensions. A malicious authorized client could exploit the issue to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server. Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. In addition, this update corrects a problem that could cause memory corruption or segfaults in the render code of the vnc server on Mandriva Linux 2008.1

tags | advisory, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362
MD5 | b517657379a7aa72957fef323eea0c6a
Mandriva Linux Security Advisory 2008-115
Posted Jun 17, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - An input validation flaw was found in X.org's Security and Record extensions. A malicious authorized client could exploit the issue to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server. Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server.

tags | advisory, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361
MD5 | aa2f2e2ac172a337017cbc0773c50eb4
Ubuntu Security Notice 616-1
Posted Jun 13, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 616-1 - Multiple flaws were found in the RENDER, RECORD, and Security extensions of X.org which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges or crash X. It was discovered that the MIT-SHM extension of X.org did not correctly validate the location of memory during an image copy. An authenticated attacker could exploit this to read arbitrary memory locations within X, exposing sensitive information.

tags | advisory, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2008-1377, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362, CVE-2008-1379
MD5 | a0ffdd2dfdee818f9b6d08cd37d7f402
Debian Linux Security Advisory 1595-1
Posted Jun 13, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1595-1 - Lack of validation of the parameters of the SProcSecurityGenerateAuthorization SProcRecordCreateContext functions makes it possible for a specially crafted request to trigger the swapping of bytes outside the parameter of these requests, causing memory corruption. An integer overflow in the validation of the parameters of the ShmPutImage() request makes it possible to trigger the copy of arbitrary server memory to a pixmap that can subsequently be read by the client, to read arbitrary parts of the X server memory space. An integer overflow may occur in the computation of the size of the glyph to be allocated by the AllocateGlyph() function which will cause less memory to be allocated than expected, leading to later heap overflow. An integer overflow may occur in the computation of the size of the glyph to be allocated by the ProcRenderCreateCursor() function which will cause less memory to be allocated than expected, leading later to dereferencing un-mapped memory, causing a crash of the X server. Integer overflows can also occur in the code validating the parameters for the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient and SProcRenderCreateConicalGradient functions, leading to memory corruption by swapping bytes outside of the intended request parameters.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362
MD5 | f83e5d1509dce4327dbb2137017aeeb2
iDEFENSE Security Advisory 2008-06-11.5
Posted Jun 11, 2008
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 06.11.08 - Local exploitation of an information disclosure vulnerability in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to gain access to sensitive information stored in server memory. The vulnerability exists when creating a Pixmap in the fbShmPutImage() function. The width and height of the Pixmap, which are controlled by the user, are not properly validated to ensure that the Pixmap they define are within the bounds of the shared memory segment. This allows an attacker to read arbitrary areas of memory in the X server process. iDefense has confirmed the existence of this vulnerability in X server 1.4 included with X.org X11R7.3, with all patches as of 03/01/08 applied. Previous versions may also be affected.

tags | advisory, arbitrary, local, info disclosure
advisories | CVE-2008-1379
MD5 | b97be81b56db7c21a2c2ce11144f8ca3
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close