FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-6428

This CVE name corresponds to:

Entered Topic
2008-01-23 xorg -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-6428 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-6428
Phase Assigned(20071218)

Description

The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.

References

Source Reference
IDEFENSE 20080117 Multiple Vendor X Server TOG-CUP Extension Information Disclosure Vulnerability
BUGTRAQ 20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
MLIST [xorg] 20080117 X.Org security advisory: multiple vulnerabilities in the X server
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=204362
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-039.htm
CONFIRM https://issues.rpath.com/browse/RPL-2010
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm
CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities
CONFIRM http://docs.info.apple.com/article.html?artnum=307562
APPLE APPLE-SA-2008-03-18
DEBIAN DSA-1466
FEDORA FEDORA-2008-0760
FEDORA FEDORA-2008-0831
GENTOO GLSA-200801-09
GENTOO GLSA-200804-05
GENTOO GLSA-200805-07
MANDRIVA MDVSA-2008:021
MANDRIVA MDVSA-2008:022
MANDRIVA MDVSA-2008:023
MANDRIVA MDVSA-2008:025
OPENBSD [4.1] 20080208 012: SECURITY FIX: February 8, 2008
OPENBSD [4.2] 20080208 006: SECURITY FIX: February 8, 2008
REDHAT RHSA-2008:0029
REDHAT RHSA-2008:0030
REDHAT RHSA-2008:0031
SUNALERT 103200
SUNALERT 200153
SUSE SUSE-SA:2008:003
SUSE SUSE-SR:2008:003
SUSE SUSE-SR:2008:008
UBUNTU USN-571-1
BID 27336
BID 27355
OVAL oval:org.mitre.oval:def:11754
VUPEN ADV-2008-0179
VUPEN ADV-2008-0184
VUPEN ADV-2008-0497
VUPEN ADV-2008-0703
VUPEN ADV-2008-0924
SECTRACK 1019232
SECUNIA 28532
SECUNIA 28535
SECUNIA 28536
SECUNIA 28539
SECUNIA 28540
SECUNIA 28542
SECUNIA 28543
SECUNIA 28550
SECUNIA 28273
SECUNIA 28592
SECUNIA 28616
SECUNIA 28584
SECUNIA 28693
SECUNIA 28718
SECUNIA 28838
SECUNIA 28843
SECUNIA 28885
SECUNIA 28941
SECUNIA 29139
SECUNIA 29420
SECUNIA 29622
SECUNIA 29707
SECUNIA 30161
XF xorg-togcup-information-disclosure(39761)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.