Rapid7 Vulnerability & Exploit Database

RHSA-2008:0504: xorg-x11-server security update

Back to Search

RHSA-2008:0504: xorg-x11-server security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
06/16/2008
Created
07/25/2018
Added
07/08/2008
Modified
07/04/2017

Description

X.Org is an open source implementation of the X Window System. It providesbasic low-level functionality that full-fledged graphical user interfacesare designed upon.An input validation flaw was discovered in X.org's Security and Recordextensions. A malicious authorized client could exploit this issue to causea denial of service (crash) or, potentially, execute arbitrary code withroot privileges on the X.Org server. (CVE-2008-1377)Multiple integer overflow flaws were found in X.org's Render extension. Amalicious authorized client could exploit these issues to cause a denial ofservice (crash) or, potentially, execute arbitrary code with rootprivileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361,CVE-2008-2362)An input validation flaw was discovered in X.org's MIT-SHM extension. Aclient connected to the X.org server could read arbitrary server memory.This could result in the sensitive data of other users of the X.org serverbeing disclosed. (CVE-2008-1379)Users of xorg-x11-server should upgrade to these updated packages, whichcontain backported patches to resolve these issues.

Solution(s)

  • redhat-upgrade-xorg-x11-server-randr-source
  • redhat-upgrade-xorg-x11-server-sdk
  • redhat-upgrade-xorg-x11-server-xdmx
  • redhat-upgrade-xorg-x11-server-xephyr
  • redhat-upgrade-xorg-x11-server-xnest
  • redhat-upgrade-xorg-x11-server-xorg
  • redhat-upgrade-xorg-x11-server-xvfb

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;