what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2008-2360

Status Candidate

Overview

Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow.

Related Files

Mandriva Linux Security Advisory 2008-179
Posted Aug 22, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server. Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. The Metisse program is likewise affected by these issues; the updated packages have been patched to prevent them.

tags | advisory, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362
SHA-256 | 21ab26995f3e8ac3cf68bea088a9613c7a17cdd32ee933bb7754a04a8a14dea0
Gentoo Linux Security Advisory 200806-7
Posted Jun 19, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200806-07 - Multiple vulnerabilities have been discovered in the X.Org X server, possibly allowing for the remote execution of arbitrary code with root privileges. Versions less than 1.3.0.0-r6 are affected.

tags | advisory, remote, arbitrary, root, vulnerability
systems | linux, gentoo
advisories | CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362
SHA-256 | c436c08a829831b69be8b3fbef436c0feeb53912329ac936cbc711ea80355b96
Mandriva Linux Security Advisory 2008-116
Posted Jun 17, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - An input validation flaw was found in X.org's Security and Record extensions. A malicious authorized client could exploit the issue to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server. Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. In addition, this update corrects a problem that could cause memory corruption or segfaults in the render code of the vnc server on Mandriva Linux 2008.1

tags | advisory, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362
SHA-256 | 5ffea7cb2bcdc6377984292956c0256c79820cff0d71079514b6e9198832c821
Mandriva Linux Security Advisory 2008-115
Posted Jun 17, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - An input validation flaw was found in X.org's Security and Record extensions. A malicious authorized client could exploit the issue to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server. Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server.

tags | advisory, denial of service, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361
SHA-256 | e0eb11d8b1184320ed2e29b9902a06050ddda7312561602b4589d9c728f495d3
Ubuntu Security Notice 616-1
Posted Jun 13, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 616-1 - Multiple flaws were found in the RENDER, RECORD, and Security extensions of X.org which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges or crash X. It was discovered that the MIT-SHM extension of X.org did not correctly validate the location of memory during an image copy. An authenticated attacker could exploit this to read arbitrary memory locations within X, exposing sensitive information.

tags | advisory, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2008-1377, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362, CVE-2008-1379
SHA-256 | e68afa4a3b9f564a0925b4738fb8574270851a397d02743a5151ba59b408b24a
Debian Linux Security Advisory 1595-1
Posted Jun 13, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1595-1 - Lack of validation of the parameters of the SProcSecurityGenerateAuthorization SProcRecordCreateContext functions makes it possible for a specially crafted request to trigger the swapping of bytes outside the parameter of these requests, causing memory corruption. An integer overflow in the validation of the parameters of the ShmPutImage() request makes it possible to trigger the copy of arbitrary server memory to a pixmap that can subsequently be read by the client, to read arbitrary parts of the X server memory space. An integer overflow may occur in the computation of the size of the glyph to be allocated by the AllocateGlyph() function which will cause less memory to be allocated than expected, leading to later heap overflow. An integer overflow may occur in the computation of the size of the glyph to be allocated by the ProcRenderCreateCursor() function which will cause less memory to be allocated than expected, leading later to dereferencing un-mapped memory, causing a crash of the X server. Integer overflows can also occur in the code validating the parameters for the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient and SProcRenderCreateConicalGradient functions, leading to memory corruption by swapping bytes outside of the intended request parameters.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362
SHA-256 | 8bb80d9e191b414bb1fc52ae160f8716e0f93880b309bf094fa85c41663b059f
iDEFENSE Security Advisory 2008-06-11.1
Posted Jun 11, 2008
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 06.11.08 - Local exploitation of an integer overflow vulnerability in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the X server, typically root. The vulnerability exists within the AllocateGlyph() function, which is called from several request handlers in the render extension. This function takes several values from the request, and multiplies them together to calculate how much memory to allocate for a heap buffer. This calculation can overflow, which leads to a heap overflow. iDefense has confirmed the existence of this vulnerability in X server 1.4 included with X.org X11R7.3, with all patches as of 03/01/08 applied. Previous versions may also be affected.

tags | advisory, overflow, arbitrary, local, root
advisories | CVE-2008-2360
SHA-256 | 8af2a005f2bcb28930e75e027ff46599b31bf9c3361ab9c6cb6a2f8bbff1df5d
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close