English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61171
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-1595-1)
Summary:The remote host is missing an update for the Debian 'xorg-server' package(s) announced via the DSA-1595-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'xorg-server' package(s) announced via the DSA-1595-1 advisory.

Vulnerability Insight:
Several local vulnerabilities have been discovered in the X Window system. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-1377

Lack of validation of the parameters of the SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions makes it possible for a specially crafted request to trigger the swapping of bytes outside the parameter of these requests, causing memory corruption.

CVE-2008-1379

An integer overflow in the validation of the parameters of the ShmPutImage() request makes it possible to trigger the copy of arbitrary server memory to a pixmap that can subsequently be read by the client, to read arbitrary parts of the X server memory space.

CVE-2008-2360

An integer overflow may occur in the computation of the size of the glyph to be allocated by the AllocateGlyph() function which will cause less memory to be allocated than expected, leading to later heap overflow.

CVE-2008-2361

An integer overflow may occur in the computation of the size of the glyph to be allocated by the ProcRenderCreateCursor() function which will cause less memory to be allocated than expected, leading later to dereferencing un-mapped memory, causing a crash of the X server.

CVE-2008-2362

Integer overflows can also occur in the code validating the parameters for the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient and SProcRenderCreateConicalGradient functions, leading to memory corruption by swapping bytes outside of the intended request parameters.

For the stable distribution (etch), these problems have been fixed in version 2:1.1.1-21etch5.

For the unstable distribution (sid), these problems have been fixed in version 2:1.4.1~
git20080517-2.

We recommend that you upgrade your xorg-server package.

Affected Software/OS:
'xorg-server' package(s) on Debian 4.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-1377
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
Bugtraq: 20080620 rPSA-2008-0200-1 xorg-server (Google Search)
http://www.securityfocus.com/archive/1/493548/100/0/threaded
Bugtraq: 20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search)
http://www.securityfocus.com/archive/1/493550/100/0/threaded
Debian Security Information: DSA-1595 (Google Search)
http://www.debian.org/security/2008/dsa-1595
http://security.gentoo.org/glsa/glsa-200806-07.xml
http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml
HPdes Security Advisory: HPSBUX02381
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
HPdes Security Advisory: SSRT080083
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721
http://www.mandriva.com/security/advisories?name=MDVSA-2008:115
http://www.mandriva.com/security/advisories?name=MDVSA-2008:116
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109
RedHat Security Advisories: RHSA-2008:0502
http://rhn.redhat.com/errata/RHSA-2008-0502.html
http://www.redhat.com/support/errata/RHSA-2008-0503.html
RedHat Security Advisories: RHSA-2008:0504
http://rhn.redhat.com/errata/RHSA-2008-0504.html
RedHat Security Advisories: RHSA-2008:0512
http://rhn.redhat.com/errata/RHSA-2008-0512.html
http://securitytracker.com/id?1020247
http://secunia.com/advisories/30627
http://secunia.com/advisories/30628
http://secunia.com/advisories/30629
http://secunia.com/advisories/30630
http://secunia.com/advisories/30637
http://secunia.com/advisories/30659
http://secunia.com/advisories/30664
http://secunia.com/advisories/30666
http://secunia.com/advisories/30671
http://secunia.com/advisories/30715
http://secunia.com/advisories/30772
http://secunia.com/advisories/30809
http://secunia.com/advisories/30843
http://secunia.com/advisories/31025
http://secunia.com/advisories/31109
http://secunia.com/advisories/32099
http://secunia.com/advisories/32545
http://secunia.com/advisories/33937
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1
SuSE Security Announcement: SUSE-SA:2008:027 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html
SuSE Security Announcement: SUSE-SR:2008:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
http://www.ubuntu.com/usn/usn-616-1
http://www.vupen.com/english/advisories/2008/1803
http://www.vupen.com/english/advisories/2008/1833
http://www.vupen.com/english/advisories/2008/1983/references
http://www.vupen.com/english/advisories/2008/3000
Common Vulnerability Exposure (CVE) ID: CVE-2008-1379
BugTraq ID: 29669
http://www.securityfocus.com/bid/29669
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=722
http://www.mandriva.com/security/advisories?name=MDVSA-2008:179
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8966
http://securitytracker.com/id?1020246
XForce ISS Database: xorg-fbshmputimage-information-disclosure(43016)
https://exchange.xforce.ibmcloud.com/vulnerabilities/43016
Common Vulnerability Exposure (CVE) ID: CVE-2008-2360
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9329
http://securitytracker.com/id?1020243
Common Vulnerability Exposure (CVE) ID: CVE-2008-2361
BugTraq ID: 29665
http://www.securityfocus.com/bid/29665
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=719
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8978
http://securitytracker.com/id?1020244
Common Vulnerability Exposure (CVE) ID: CVE-2008-2362
BugTraq ID: 29670
http://www.securityfocus.com/bid/29670
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=720
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11246
http://securitytracker.com/id?1020245
CopyrightCopyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.