FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-2362

This CVE name corresponds to:

Entered Topic
2008-06-15 xorg -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2008-2362
Phase Assigned(20080521)

Description

Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.

References

Source Reference
IDEFENSE 20080611 Multiple Vendor X Server Render Extension Gradient Creation Integer Overflow Vulnerability
BUGTRAQ 20080620 rPSA-2008-0200-1 xorg-server
BUGTRAQ 20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
MLIST [xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions
CONFIRM ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff
CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201
CONFIRM https://issues.rpath.com/browse/RPL-2607
CONFIRM https://issues.rpath.com/browse/RPL-2619
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm
CONFIRM http://support.apple.com/kb/HT3438
APPLE APPLE-SA-2009-02-12
DEBIAN DSA-1595
GENTOO GLSA-200806-07
GENTOO GLSA-200807-07
MANDRIVA MDVSA-2008:116
MANDRIVA MDVSA-2008:179
REDHAT RHSA-2008:0504
SUNALERT 238686
SUSE SUSE-SA:2008:027
SUSE SUSE-SR:2008:019
UBUNTU USN-616-1
BID 29670
OVAL oval:org.mitre.oval:def:11246
VUPEN ADV-2008-1803
VUPEN ADV-2008-1833
VUPEN ADV-2008-1983
SECTRACK 1020245
SECUNIA 30627
SECUNIA 30630
SECUNIA 30637
SECUNIA 30659
SECUNIA 30664
SECUNIA 30666
SECUNIA 30671
SECUNIA 30715
SECUNIA 30772
SECUNIA 30809
SECUNIA 30843
SECUNIA 31109
SECUNIA 32099
SECUNIA 31025
SECUNIA 33937