Description

Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.

References

• APPLE-APPLE-SA-2008-03-18
• BID-27336
• BID-27350
• BID-27351
• BID-27352
• BID-27353
• BID-27354
• BID-27355
• BID-27356
• CVE-2007-5760
• CVE-2007-5958
• CVE-2007-6427
• CVE-2007-6428
• CVE-2007-6429
• CVE-2008-0006
• DEBIAN-DSA-1466
• OVAL-OVAL10021
• OVAL-OVAL10372
• OVAL-OVAL10991
• OVAL-OVAL11045
• OVAL-OVAL11718
• OVAL-OVAL11754
• OVAL-OVAL5393
• REDHAT-RHSA-2008:0029
• REDHAT-RHSA-2008:0030
• REDHAT-RHSA-2008:0031
• REDHAT-RHSA-2008:0064
• SUSE-SUSE-SA:2008:003
• URL: http://lists.freedesktop.org/archives/xorg/2008-January/031918.html
• URL: http://lists.freedesktop.org/archives/xorg/2008-January/032099.html
• XF-39759
• XF-39761
• XF-39763
• XF-39764
• XF-39766
• XF-39767
• XF-39769

Solution

Related Vulnerabilities

• Gentoo Linux: CVE-2007-5760: X.Org X server and Xfont library: Multiple vulnerabilities
• Gentoo Linux: CVE-2007-5958: X.Org X server and Xfont library: Multiple vulnerabilities
• SUSE Linux Security Vulnerability: CVE-2007-6429
• OS X security update 2008-002 for X11 (CVE-2007-6427)
• OS X security update 2008-002 for X11 (CVE-2007-6428)
• SUSE Linux Security Advisory: SUSE-SR:2008:003
• SUSE Linux Security Vulnerability: CVE-2007-6428
• OS X security update 2008-002 for X11 (CVE-2007-6429)
• IBM AIX: X_advisory2, xorg_advisory (CVE-2007-6427): Memory leak vulnerability in AIX X-server
• ELSA-2008-0031 Important: Enterprise Linux xorg-x11-server security update
• SUSE Linux Security Vulnerability: CVE-2007-6427
• Sun Patch: X11 6.4.1_x86: Xsun patch
• HP-UX: CVE-2007-6427: Running Xserver, Remote Execution of Arbitrary Code
• SUSE Linux Security Advisory: SUSE-SR:2008:008
• ELSA-2008-0029 Important: Enterprise Linux XFree86 security update
• SUSE Linux Security Vulnerability: CVE-2008-0006
• Sun Patch: X11 6.6.2_x86: Xsun patch
• ELSA-2008-0064 Important: Enterprise Linux libXfont security update
• Sun Patch: X11 6.6.2: Xsun patch
• SUSE-SA:2008:003: Xorg and XFree
• SUSE-SR:2008:003:vuln9: NX also affected by X.org security problems
• OS X security update 2008-002 for X11 (CVE-2008-0006)
• OS X security update 2008-002 for X11 (CVE-2007-5958)
• ELSA-2008-0030 Important: Enterprise Linux xorg-x11 security update
• HP-UX: CVE-2007-6429: Running Xserver, Remote Execution of Arbitrary Code
• IBM AIX: xorg_advisory (CVE-2007-6429): Multiple vulnerabilities in the X server
• Sun Patch: X11 6.7.0_x86: Xorg patch
• CESA-2008:0030: RHSA-2008:0030
• SUSE Linux Security Vulnerability: CVE-2007-5760
• RHSA-2008:0029: XFree86 security update
• HP-UX: CVE-2007-5958: Running Xserver, Remote Execution of Arbitrary Code
• Sun Patch: X11 6.6.1_x86: Xsun patch
• Gentoo Linux: CVE-2007-6429: X.Org X server and Xfont library: Multiple vulnerabilities
• Sun Patch: X11 6.4.1: Xsun patch
• HP-UX: CVE-2008-0006: Running Xserver, Remote Execution of Arbitrary Code
• CESA-2008:0031: xorg-x11-server security update
• Gentoo Linux: CVE-2007-6427: X.Org X server and Xfont library: Multiple vulnerabilities
• Gentoo Linux: CVE-2007-6428: X.Org X server and Xfont library: Multiple vulnerabilities
• RHSA-2008:0030: xorg-x11 security update
• USN-571-1: X.org vulnerabilities
• Sun Patch: X11 6.8.0_x86: Xorg server patch
• CESA-2008:0029: XFree86 security update
• Sun Patch: X11 6.6.1: Xsun patch
• SUSE Linux Security Vulnerability: CVE-2007-5958
• Sun Patch: X11 6.8.0: Xorg server patch
• RHSA-2008:0031: xorg-x11-server security update
• SUSE-SR:2008:008:vuln4: xgl various X related security fixes
• CESA-2008:0064: libXfont security update
• Gentoo Linux: CVE-2008-0006: X.Org X server and Xfont library: Multiple vulnerabilities
• SUSE Linux Security Advisory: SUSE-SA:2008:003
• RHSA-2008:0064: libXfont security update