FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-2360

This CVE name corresponds to:

Entered Topic
2008-06-15 xorg -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-2360 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-2360
Phase Assigned(20080521)

Description

Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow.

References

Source Reference
IDEFENSE 20080611 Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability
BUGTRAQ 20080620 rPSA-2008-0200-1 xorg-server
BUGTRAQ 20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
MLIST [xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions
CONFIRM ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201
CONFIRM https://issues.rpath.com/browse/RPL-2607
CONFIRM https://issues.rpath.com/browse/RPL-2619
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm
CONFIRM http://support.apple.com/kb/HT3438
APPLE APPLE-SA-2009-02-12
DEBIAN DSA-1595
GENTOO GLSA-200806-07
GENTOO GLSA-200807-07
MANDRIVA MDVSA-2008:116
MANDRIVA MDVSA-2008:115
MANDRIVA MDVSA-2008:179
REDHAT RHSA-2008:0502
REDHAT RHSA-2008:0504
REDHAT RHSA-2008:0512
REDHAT RHSA-2008:0503
SUNALERT 238686
SUSE SUSE-SA:2008:027
SUSE SUSE-SR:2008:019
UBUNTU USN-616-1
OVAL oval:org.mitre.oval:def:9329
VUPEN ADV-2008-1803
VUPEN ADV-2008-1833
VUPEN ADV-2008-1983
SECTRACK 1020243
SECUNIA 30627
SECUNIA 30628
SECUNIA 30629
SECUNIA 30630
SECUNIA 30637
SECUNIA 30659
SECUNIA 30664
SECUNIA 30666
SECUNIA 30671
SECUNIA 30715
SECUNIA 30772
SECUNIA 30809
SECUNIA 30843
SECUNIA 31109
SECUNIA 32099
SECUNIA 31025
SECUNIA 33937

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.