X ShmPutImage() Integer Overflow Lets Local Users and Remote Authenticated Users View Arbitrary Memory Contents
|
SecurityTracker Alert ID: 1020246 |
SecurityTracker URL: http://securitytracker.com/id/1020246
|
CVE Reference:
CVE-2008-1379
(Links to External Site)
|
Date: Jun 11 2008
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): X11R7.3
|
Description:
A vulnerability was reported in the X Window System. A local user or remote authenticated user can view arbitrary memory contents on the target system.
A local user or a remote authenticated user can send specially crafted data to trigger an integer overflow in the processing of ShmPutImage() requests and allow the user to view arbitrary X server memory locations.
The vendor was notified on March 26, 2008.
regenrecht reported this vulnerability via iDefense.
|
Impact:
A local user or remote authenticated user can view arbitrary X server memory contents on the target system.
|
Solution:
The vendor has issued the following patches.
ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff
MD5: 7462bea57623ad7ccdcad334ff5592b3 xorg-xserver-1.4-cve-2008-1377.diff
SHA1: 2b75985081665b8d646b5810d411047c6c150576
xorg-xserver-1.4-cve-2008-1377.diff
ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1379.diff
MD5: edb93f202b70eea8f6cb6be39b126e56 xorg-xserver-1.4-cve-2008-1379.diff
SHA1: 1ca8b8417d805e0c233bda4b980cb168ec444abd
xorg-xserver-1.4-cve-2008-1379.diff
ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff
MD5: 7e45c657e587ddb85b36b0ac155ae20c xorg-xserver-1.4-cve-2008-2360.diff
SHA1: 2e8532fe737e702cb18160705cd75daed4141a4c
xorg-xserver-1.4-cve-2008-2360.diff
ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2361.diff
MD5: 0841c68a30d458918bd11747cf28bae6 xorg-xserver-1.4-cve-2008-2361.diff
SHA1: 950af2461d0bc5ff5b2b3cc40d517344a77e19f9
xorg-xserver-1.4-cve-2008-2361.diff
ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff
MD5: 7c86b4b6927f1ed6e0f58c04ed984ea5 xorg-xserver-1.4-cve-2008-2362.diff
SHA1: e773f720057785062958d0fa9f29a4cb441883c8
xorg-xserver-1.4-cve-2008-2362.diff
The vendor's advisory is available at:
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
|
Vendor URL: x.org/ (Links to External Site)
|
Cause:
Access control error, Boundary error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|