Vulnerability Details : CVE-2008-1377
The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
Vulnerability category: Execute code
Products affected by CVE-2008-1377
- cpe:2.3:a:x:x11:r7.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1377
2.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1377
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
CWE ids for CVE-2008-1377
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-1377
-
http://rhn.redhat.com/errata/RHSA-2008-0502.html
RHSA-2008:0502 - Security Advisory - Red Hat Customer PortalPatch
-
http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml
NX: User-assisted execution of arbitrary code (GLSA 200807-07) — Gentoo security
-
http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm
ASA-2008-249 (SUN 238686)
-
http://secunia.com/advisories/32545
About Secunia Research | Flexera
-
http://secunia.com/advisories/31025
About Secunia Research | Flexera
-
http://secunia.com/advisories/31109
About Secunia Research | Flexera
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109
404 Not Found
-
http://security.gentoo.org/glsa/glsa-200806-07.xml
X.Org X server: Multiple vulnerabilities (GLSA 200806-07) — Gentoo security
-
http://secunia.com/advisories/30671
About Secunia Research | Flexera
-
http://secunia.com/advisories/30630
About Secunia Research | FlexeraVendor Advisory
-
ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:115
Mandriva
-
http://secunia.com/advisories/30664
About Secunia Research | FlexeraVendor Advisory
-
http://securitytracker.com/id?1020247
GoDaddy Domain Name Search
-
https://issues.rpath.com/browse/RPL-2607
-
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html
[security-announce] SUSE Security Announcement: X.org/XFree86 security problems (SUSE-SA:2008:027) - openSUSE Security Announce - openSUSE Mailing ListsPatch
-
http://www.vupen.com/english/advisories/2008/1833
Site en construction
-
http://www.securityfocus.com/archive/1/493550/100/0/threaded
-
http://www.ubuntu.com/usn/usn-616-1
USN-616-1: X.org vulnerabilities | Ubuntu security notices | UbuntuPatch
-
http://secunia.com/advisories/30629
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/32099
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2008/1983/references
Site en construction
-
http://secunia.com/advisories/30666
About Secunia Research | FlexeraVendor Advisory
-
http://www.securityfocus.com/archive/1/493548/100/0/threaded
-
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
button->down used inconsistently
-
http://www.vupen.com/english/advisories/2008/1803
Site en construction
-
http://secunia.com/advisories/30715
About Secunia Research | Flexera
-
http://secunia.com/advisories/30772
About Secunia Research | Flexera
-
http://secunia.com/advisories/33937
About Secunia Research | Flexera
-
https://issues.rpath.com/browse/RPL-2619
-
http://secunia.com/advisories/30628
About Secunia Research | FlexeraVendor Advisory
-
http://www.debian.org/security/2008/dsa-1595
[SECURITY] [DSA 1595-1] New xorg-server packages fix several vulnerabilitiesPatch
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201
-
http://rhn.redhat.com/errata/RHSA-2008-0504.html
RHSA-2008:0504 - Security Advisory - Red Hat Customer Portal
-
http://support.apple.com/kb/HT3438
About the security content of Security Update 2009-001 - Apple Support
-
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
-
http://secunia.com/advisories/30627
About Secunia Research | FlexeraVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:116
Mandriva
-
http://secunia.com/advisories/30659
About Secunia Research | FlexeraVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2008-0512.html
RHSA-2008:0512 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2008:019 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://secunia.com/advisories/30637
About Secunia Research | FlexeraVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2008-0503.html
Support
-
http://www.vupen.com/english/advisories/2008/3000
Site en construction
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721
-
http://secunia.com/advisories/30809
About Secunia Research | Flexera
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1
-
http://secunia.com/advisories/30843
About Secunia Research | Flexera
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
Jump to