Vulnerabilidad en X-window X.org (CVE-2008-2360)
Gravedad CVSS v2.0:
ALTA
Tipo:
CWE-189
Errores numéricos
Fecha de publicación:
16/06/2008
Última modificación:
09/04/2025
Descripción
Desboramiento de entero en la función AllocateGlyph de la extensión Render del servidor X-window 1.4 en X.org X11R7.3 permite a atacantes, dependiendo del contexto, ejecutar código arbitrario a través de campos de solicitud no especificados, que son usados para calcular el tamaño del montículo del buffer, que dispara un desbordamiento de buffer basado en montículo.
Impacto
Puntuación base 2.0
9.00
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:x:x11:r7.3:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718
- http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
- http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
- http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
- http://rhn.redhat.com/errata/RHSA-2008-0502.html
- http://rhn.redhat.com/errata/RHSA-2008-0504.html
- http://rhn.redhat.com/errata/RHSA-2008-0512.html
- http://secunia.com/advisories/30627
- http://secunia.com/advisories/30628
- http://secunia.com/advisories/30629
- http://secunia.com/advisories/30630
- http://secunia.com/advisories/30637
- http://secunia.com/advisories/30659
- http://secunia.com/advisories/30664
- http://secunia.com/advisories/30666
- http://secunia.com/advisories/30671
- http://secunia.com/advisories/30715
- http://secunia.com/advisories/30772
- http://secunia.com/advisories/30809
- http://secunia.com/advisories/30843
- http://secunia.com/advisories/31025
- http://secunia.com/advisories/31109
- http://secunia.com/advisories/32099
- http://secunia.com/advisories/33937
- http://security.gentoo.org/glsa/glsa-200806-07.xml
- http://securitytracker.com/id?1020243=
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1
- http://support.apple.com/kb/HT3438
- http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201
- http://www.debian.org/security/2008/dsa-1595
- http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2008%3A115
- http://www.mandriva.com/security/advisories?name=MDVSA-2008%3A116
- http://www.mandriva.com/security/advisories?name=MDVSA-2008%3A179
- http://www.redhat.com/support/errata/RHSA-2008-0503.html
- http://www.securityfocus.com/archive/1/493548/100/0/threaded
- http://www.securityfocus.com/archive/1/493550/100/0/threaded
- http://www.ubuntu.com/usn/usn-616-1
- http://www.vupen.com/english/advisories/2008/1803
- http://www.vupen.com/english/advisories/2008/1833
- http://www.vupen.com/english/advisories/2008/1983/references
- https://issues.rpath.com/browse/RPL-2607
- https://issues.rpath.com/browse/RPL-2619
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9329
- ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718
- http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
- http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
- http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
- http://rhn.redhat.com/errata/RHSA-2008-0502.html
- http://rhn.redhat.com/errata/RHSA-2008-0504.html
- http://rhn.redhat.com/errata/RHSA-2008-0512.html
- http://secunia.com/advisories/30627
- http://secunia.com/advisories/30628
- http://secunia.com/advisories/30629
- http://secunia.com/advisories/30630
- http://secunia.com/advisories/30637
- http://secunia.com/advisories/30659
- http://secunia.com/advisories/30664
- http://secunia.com/advisories/30666
- http://secunia.com/advisories/30671
- http://secunia.com/advisories/30715
- http://secunia.com/advisories/30772
- http://secunia.com/advisories/30809
- http://secunia.com/advisories/30843
- http://secunia.com/advisories/31025
- http://secunia.com/advisories/31109
- http://secunia.com/advisories/32099
- http://secunia.com/advisories/33937
- http://security.gentoo.org/glsa/glsa-200806-07.xml
- http://securitytracker.com/id?1020243=
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1
- http://support.apple.com/kb/HT3438
- http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201
- http://www.debian.org/security/2008/dsa-1595
- http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2008%3A115
- http://www.mandriva.com/security/advisories?name=MDVSA-2008%3A116
- http://www.mandriva.com/security/advisories?name=MDVSA-2008%3A179
- http://www.redhat.com/support/errata/RHSA-2008-0503.html
- http://www.securityfocus.com/archive/1/493548/100/0/threaded
- http://www.securityfocus.com/archive/1/493550/100/0/threaded
- http://www.ubuntu.com/usn/usn-616-1
- http://www.vupen.com/english/advisories/2008/1803
- http://www.vupen.com/english/advisories/2008/1833
- http://www.vupen.com/english/advisories/2008/1983/references
- https://issues.rpath.com/browse/RPL-2607
- https://issues.rpath.com/browse/RPL-2619
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9329