X ShmPutImage() Integer Overflow Lets Local Users and Remote Authenticated Users View Arbitrary Memory Contents - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Application (Generic) > X

X ShmPutImage() Integer Overflow Lets Local Users and Remote Authenticated Users View Arbitrary Memory Contents

SecurityTracker Alert ID: 1020246

SecurityTracker URL: http://securitytracker.com/id/1020246

CVE Reference: CVE-2008-1379 (Links to External Site)

Date: Jun 11 2008

Impact: Disclosure of system information, Disclosure of user information

Fix Available: Yes Vendor Confirmed: Yes

Version(s): X11R7.3

Description: A vulnerability was reported in the X Window System. A local user or remote authenticated user can view arbitrary memory contents on the target system.

A local user or a remote authenticated user can send specially crafted data to trigger an integer overflow in the processing of ShmPutImage() requests and allow the user to view arbitrary X server memory locations.

The vendor was notified on March 26, 2008.

regenrecht reported this vulnerability via iDefense.

Impact: A local user or remote authenticated user can view arbitrary X server memory contents on the target system.

Solution: The vendor has issued the following patches.

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff
MD5: 7462bea57623ad7ccdcad334ff5592b3 xorg-xserver-1.4-cve-2008-1377.diff
SHA1: 2b75985081665b8d646b5810d411047c6c150576
xorg-xserver-1.4-cve-2008-1377.diff

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1379.diff
MD5: edb93f202b70eea8f6cb6be39b126e56 xorg-xserver-1.4-cve-2008-1379.diff
SHA1: 1ca8b8417d805e0c233bda4b980cb168ec444abd
xorg-xserver-1.4-cve-2008-1379.diff

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff
MD5: 7e45c657e587ddb85b36b0ac155ae20c xorg-xserver-1.4-cve-2008-2360.diff
SHA1: 2e8532fe737e702cb18160705cd75daed4141a4c
xorg-xserver-1.4-cve-2008-2360.diff

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2361.diff
MD5: 0841c68a30d458918bd11747cf28bae6 xorg-xserver-1.4-cve-2008-2361.diff
SHA1: 950af2461d0bc5ff5b2b3cc40d517344a77e19f9
xorg-xserver-1.4-cve-2008-2361.diff

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff
MD5: 7c86b4b6927f1ed6e0f58c04ed984ea5 xorg-xserver-1.4-cve-2008-2362.diff
SHA1: e773f720057785062958d0fa9f29a4cb441883c8
xorg-xserver-1.4-cve-2008-2362.diff

The vendor's advisory is available at:

http://lists.freedesktop.org/archives/xorg/2008-June/036026.html

Vendor URL: x.org/ (Links to External Site)

Cause: Access control error, Boundary error

Underlying OS: Linux (Any), UNIX (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

Jun 12 2008	(Red Hat Issues Fix) X ShmPutImage() Integer Overflow Lets Local Users and Remote Authenticated Users View Arbitrary Memory Contents Red Hat has released a fix for Red Hat Enterprise Linux 5.
Jun 12 2008	(Red Hat Issues Fix) X ShmPutImage() Integer Overflow Lets Local Users and Remote Authenticated Users View Arbitrary Memory Contents Red Hat has released a fix for Red Hat Enterprise Linux 4.
Jun 12 2008	(Red Hat Issues Fix for XFree86) X ShmPutImage() Integer Overflow Lets Local Users and Remote Authenticated Users View Arbitrary Memory Contents Red Hat has released a fix for XFree86 on Red Hat Enterprise Linux 3.
Jun 12 2008	(Red Hat Issues Fix for XFree86) X ShmPutImage() Integer Overflow Lets Local Users and Remote Authenticated Users View Arbitrary Memory Contents Red Hat has released a fix for XFree86 on Red Hat Enterprise Linux 2.1.
Jun 13 2008	(Sun Issues Fix) X ShmPutImage() Integer Overflow Lets Local Users and Remote Authenticated Users View Arbitrary Memory Contents Sun has issued a fix for Solaris 8, 9, and 10 and for OpenSolaris.
Jul 18 2008	(OpenBSD Issues Fix) X ShmPutImage() Integer Overflow Lets Local Users and Remote Authenticated Users View Arbitrary Memory Contents OpenBSD has issued a fix for OpenBSD 4.2 and 4.3.
Nov 4 2008	(HP Issues Fix) X ShmPutImage() Integer Overflow Lets Local Users and Remote Authenticated Users View Arbitrary Memory Contents HP has issued a fix for HP-UX 11.11, 11.23, and 11.31.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2020, SecurityGlobal.net LLC