Home > Vulnerability Database > CVE-2008-1377

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2008-1377

Date: June 16, 2008

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

Severity Score

8.8

Related Resources (52)

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:116

Url: http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:115

Url: http://secunia.com/advisories/31025

Url: http://secunia.com/advisories/30772

Url: https://issues.rpath.com/browse/RPL-2607

Url: http://www.ubuntu.com/usn/usn-616-1

Url: http://secunia.com/advisories/30659

Url: http://secunia.com/advisories/31109

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321

Url: http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html

Url: ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff

Url: http://secunia.com/advisories/30843

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1

Url: http://lists.freedesktop.org/archives/xorg/2008-June/036026.html

Url: http://secunia.com/advisories/32545

Url: http://www.vupen.com/english/advisories/2008/3000

Url: https://issues.rpath.com/browse/RPL-2619

Url: http://rhn.redhat.com/errata/RHSA-2008-0502.html

Url: http://secunia.com/advisories/30809

Url: http://securitytracker.com/id?1020247

Url: http://security.gentoo.org/glsa/glsa-200806-07.xml

Url: http://secunia.com/advisories/30671

Url: http://www.vupen.com/english/advisories/2008/1803

Url: http://secunia.com/advisories/32099

Url: http://www.securityfocus.com/archive/1/493550/100/0/threaded

Url: http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

Url: http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml

Url: http://secunia.com/advisories/30630

Url: http://www.securityfocus.com/archive/1/493548/100/0/threaded

Url: http://support.apple.com/kb/HT3438

Url: http://rhn.redhat.com/errata/RHSA-2008-0512.html

Url: http://secunia.com/advisories/30715

Url: http://secunia.com/advisories/30637

Url: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721

Url: http://rhn.redhat.com/errata/RHSA-2008-0504.html

Url: http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-1377

Url: http://www.vupen.com/english/advisories/2008/1833

Url: http://secunia.com/advisories/30666

Url: http://www.vupen.com/english/advisories/2008/1983/references

Url: https://access.redhat.com/security/cve/CVE-2008-1377

Url: http://secunia.com/advisories/30664

Url: http://secunia.com/advisories/30629

Url: http://www.redhat.com/support/errata/RHSA-2008-0503.html

Url: http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html

Url: http://secunia.com/advisories/30627

Url: http://secunia.com/advisories/30628

Url: http://www.debian.org/security/2008/dsa-1595

Url: http://secunia.com/advisories/33937

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109

Url: https://www.mend.io/vulnerability-database/CVE-2008-1377

Severity Score

8.8

Weakness Type (CWE)

Numeric Errors

CWE-189

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Do you need more information?

Contact Us