SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   X Vendors:   X.org
X Integer Overflow in SProcRenderCreate Functions Lets Local Users and Remote Authenticated Users Execute Arbitrary Code
SecurityTracker Alert ID:  1020245
SecurityTracker URL:  http://securitytracker.com/id/1020245
CVE Reference:   CVE-2008-2362   (Links to External Site)
Date:  Jun 11 2008
Impact:   Execution of arbitrary code via network, Root access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): X11R7.3
Description:   A vulnerability was reported in the X Window System. A remote authenticated user can execute arbitrary code on the target system. A local user can obtain elevated privileges on the target system.

A remote authenticated user can send specially crafted data to trigger an integer overflow in the SProcRenderCreateLinearGradient(), SProcRenderCreateRadialGradient() and SProcRenderCreateConicalGradient() functions and execute arbitrary code on the target X server. The code will run with the privileges of the target server (which may be root privileges on many systems).

A local user can execute arbitrary commands on the target system with elevated privileges.

The RENDER Extension is affected.

The vendor was notified on March 26, 2008.

regenrecht reported this vulnerability via iDefense.

Impact:   A remote authenticated user can execute arbitrary code on the target system.

A local user can obtain elevated privileges on the target system.

Solution:   The vendor has issued the following patches.

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff
MD5: 7462bea57623ad7ccdcad334ff5592b3 xorg-xserver-1.4-cve-2008-1377.diff
SHA1: 2b75985081665b8d646b5810d411047c6c150576
xorg-xserver-1.4-cve-2008-1377.diff

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1379.diff
MD5: edb93f202b70eea8f6cb6be39b126e56 xorg-xserver-1.4-cve-2008-1379.diff
SHA1: 1ca8b8417d805e0c233bda4b980cb168ec444abd
xorg-xserver-1.4-cve-2008-1379.diff

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff
MD5: 7e45c657e587ddb85b36b0ac155ae20c xorg-xserver-1.4-cve-2008-2360.diff
SHA1: 2e8532fe737e702cb18160705cd75daed4141a4c
xorg-xserver-1.4-cve-2008-2360.diff

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2361.diff
MD5: 0841c68a30d458918bd11747cf28bae6 xorg-xserver-1.4-cve-2008-2361.diff
SHA1: 950af2461d0bc5ff5b2b3cc40d517344a77e19f9
xorg-xserver-1.4-cve-2008-2361.diff

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff
MD5: 7c86b4b6927f1ed6e0f58c04ed984ea5 xorg-xserver-1.4-cve-2008-2362.diff
SHA1: e773f720057785062958d0fa9f29a4cb441883c8
xorg-xserver-1.4-cve-2008-2362.diff

The vendor's advisory is available at:

http://lists.freedesktop.org/archives/xorg/2008-June/036026.html

Vendor URL:  x.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 12 2008 (Red Hat Issues Fix) X Integer Overflow in SProcRenderCreate Functions Lets Local Users and Remote Authenticated Users Execute Arbitrary Code
Red Hat has released a fix for Red Hat Enterprise Linux 5.
Jun 13 2008 (Sun Issues Fix) X Integer Overflow in SProcRenderCreate Functions Lets Local Users and Remote Authenticated Users Execute Arbitrary Code
Sun has issued a fix for Solaris 8, 9, and 10 and for OpenSolaris.
Jul 18 2008 (OpenBSD Issues Fix) X Integer Overflow in SProcRenderCreate Functions Lets Local Users and Remote Authenticated Users Execute Arbitrary Code
OpenBSD has issued a fix for OpenBSD 4.2 and 4.3.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2016, SecurityGlobal.net LLC