Vulnerability Details : CVE-2008-2361

Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory.
Publish Date : 2008-06-16 Last Update Date : 2018-10-11

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	6.8
Confidentiality Impact	None (There is no impact to the confidentiality of the system.)
Integrity Impact	None (There is no impact to the integrity of the system)
Availability Impact	Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity	Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Single system (The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface).)
Gained Access	None
Vulnerability Type(s)	Denial Of ServiceOverflow
CWE ID	189

- Additional Vendor Supplied Data

Vendor	Impact	CVSS Score	CVSS Vector	Report Date	Publish Date
Redhat	important			2008-04-03	2008-06-11

If you are a vendor and you have additional data which can be automatically imported into our database, please contact admin @ cvedetails.com

- Related OVAL Definitions

Title	Definition Id	Family
CVE-2008-2361	oval:org.opensuse.security:def:20082361	unix
DSA-1595 xorg-server -- several vulnerabilities	oval:org.mitre.oval:def:8313	unix
DSA-1595-1 xorg-server - several vulnerabilities	oval:org.mitre.oval:def:20128	unix
ELSA-2008:0504: xorg-x11-server security update (Important)	oval:org.mitre.oval:def:21810	unix
Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 all...	oval:org.mitre.oval:def:8978	unix
RHSA-2008:0502: XFree86 security update (Important)	oval:com.redhat.rhsa:def:20080502	unix
RHSA-2008:0503: xorg-x11 security update (Important)	oval:com.redhat.rhsa:def:20080503	unix
RHSA-2008:0504: xorg-x11-server security update (Important)	oval:com.redhat.rhsa:def:20080504	unix
USN-616-1 -- xorg-server vulnerabilities	oval:org.mitre.oval:def:17578	unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2008-2361

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	Application	Xorg	X11	R7.3				Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Xorg	X11	1

- References For CVE-2008-2361

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201 CONFIRM

http://security.gentoo.org/glsa/glsa-200806-07.xml
GENTOO GLSA-200806-07

http://securitytracker.com/id?1020244
SECTRACK 1020244

http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
MLIST [xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions

https://issues.rpath.com/browse/RPL-2607 CONFIRM

https://issues.rpath.com/browse/RPL-2619 CONFIRM

http://www.vupen.com/english/advisories/2008/1983/references
VUPEN ADV-2008-1983

http://www.vupen.com/english/advisories/2008/1833
VUPEN ADV-2008-1833

http://www.securityfocus.com/bid/29665
BID 29665 X.Org X Server RENDER Extension 'ProcRenderCreateCursor()' Denial of Service Vulnerability Release Date:2010-06-04

http://www.ubuntu.com/usn/usn-616-1
UBUNTU USN-616-1

http://www.vupen.com/english/advisories/2008/1803
VUPEN ADV-2008-1803

http://www.securityfocus.com/archive/1/493548/100/0/threaded
BUGTRAQ 20080620 rPSA-2008-0200-1 xorg-server

http://www.securityfocus.com/archive/1/493550/100/0/threaded
BUGTRAQ 20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs

http://www.redhat.com/support/errata/RHSA-2008-0503.html
REDHAT RHSA-2008:0503

http://www.mandriva.com/security/advisories?name=MDVSA-2008:116
MANDRIVA MDVSA-2008:116

http://www.mandriva.com/security/advisories?name=MDVSA-2008:179
MANDRIVA MDVSA-2008:179

http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml
GENTOO GLSA-200807-07

http://www.mandriva.com/security/advisories?name=MDVSA-2008:115
MANDRIVA MDVSA-2008:115

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1
SUNALERT 238686

http://support.apple.com/kb/HT3438 CONFIRM

http://www.debian.org/security/2008/dsa-1595
DEBIAN DSA-1595

http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm CONFIRM

http://rhn.redhat.com/errata/RHSA-2008-0504.html
REDHAT RHSA-2008:0504

http://rhn.redhat.com/errata/RHSA-2008-0502.html
REDHAT RHSA-2008:0502

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html
SUSE SUSE-SA:2008:027

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
SUSE SUSE-SR:2008:019

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2361.diff CONFIRM

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=719
IDEFENSE 20080611 Multiple Vendor X Server Render Extension ProcRenderCreateCursor() Integer Overflow Vulnerability

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
APPLE APPLE-SA-2009-02-12

- Metasploit Modules Related To CVE-2008-2361

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)