CVE-2008-1377 : The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

Published 2008-06-16 19:41:00

Updated 2025-04-09 00:30:58

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2008-1377

X » X11 » Version: R7.3
cpe:2.3:a:x:x11:r7.3:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-1377

EPSS FAQ

2.37%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 84 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-1377

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-1377

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-1377

http://rhn.redhat.com/errata/RHSA-2008-0502.html

RHSA-2008:0502 - Security Advisory - Red Hat Customer Portal
Patch

CVEs referencing this url
http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml

NX: User-assisted execution of arbitrary code (GLSA 200807-07) — Gentoo security

CVEs referencing this url
http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm

ASA-2008-249 (SUN 238686)

CVEs referencing this url
http://secunia.com/advisories/32545

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/31025

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/31109

About Secunia Research | Flexera

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109

404 Not Found
http://security.gentoo.org/glsa/glsa-200806-07.xml

X.Org X server: Multiple vulnerabilities (GLSA 200806-07) — Gentoo security

CVEs referencing this url
http://secunia.com/advisories/30671

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/30630

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff
http://www.mandriva.com/security/advisories?name=MDVSA-2008:115

Mandriva

CVEs referencing this url
http://secunia.com/advisories/30664

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://securitytracker.com/id?1020247

GoDaddy Domain Name Search
https://issues.rpath.com/browse/RPL-2607

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html

[security-announce] SUSE Security Announcement: X.org/XFree86 security problems (SUSE-SA:2008:027) - openSUSE Security Announce - openSUSE Mailing Lists
Patch

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/1833

Site en construction

CVEs referencing this url
http://www.securityfocus.com/archive/1/493550/100/0/threaded

CVEs referencing this url
http://www.ubuntu.com/usn/usn-616-1

USN-616-1: X.org vulnerabilities | Ubuntu security notices | Ubuntu
Patch

CVEs referencing this url
http://secunia.com/advisories/30629

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/32099

About Secunia Research | Flexera

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/1983/references

Site en construction

CVEs referencing this url
http://secunia.com/advisories/30666

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/archive/1/493548/100/0/threaded

CVEs referencing this url
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html

button->down used inconsistently

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/1803

Site en construction

CVEs referencing this url
http://secunia.com/advisories/30715

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/30772

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/33937

About Secunia Research | Flexera

CVEs referencing this url
https://issues.rpath.com/browse/RPL-2619

CVEs referencing this url
http://secunia.com/advisories/30628

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://www.debian.org/security/2008/dsa-1595

[SECURITY] [DSA 1595-1] New xorg-server packages fix several vulnerabilities
Patch

CVEs referencing this url
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2008-0504.html

RHSA-2008:0504 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://support.apple.com/kb/HT3438

About the security content of Security Update 2009-001 - Apple Support

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

CVEs referencing this url
http://secunia.com/advisories/30627

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2008:116

Mandriva

CVEs referencing this url
http://secunia.com/advisories/30659

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2008-0512.html

RHSA-2008:0512 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2008:019 - openSUSE Security Announce - openSUSE Mailing Lists

CVEs referencing this url
http://secunia.com/advisories/30637

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2008-0503.html

Support

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/3000

Site en construction

CVEs referencing this url
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721
http://secunia.com/advisories/30809

About Secunia Research | Flexera

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1

CVEs referencing this url
http://secunia.com/advisories/30843

About Secunia Research | Flexera

CVEs referencing this url
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2008-1377

Products affected by CVE-2008-1377

Exploit prediction scoring system (EPSS) score for CVE-2008-1377

CVSS scores for CVE-2008-1377

CWE ids for CVE-2008-1377

References for CVE-2008-1377