oval:org.mitre.oval:def:8313

Definition Id: oval:org.mitre.oval:def:8313

Oval ID:	oval:org.mitre.oval:def:8313
Title:	DSA-1595 xorg-server -- several vulnerabilities
Description:	Several local vulnerabilities have been discovered in the X Window system. The Common Vulnerabilities and Exposures project identifies the following problems: Lack of validation of the parameters of the SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions makes it possible for a specially crafted request to trigger the swapping of bytes outside the parameter of these requests, causing memory corruption. An integer overflow in the validation of the parameters of the ShmPutImage() request makes it possible to trigger the copy of arbitrary server memory to a pixmap that can subsequently be read by the client, to read arbitrary parts of the X server memory space. An integer overflow may occur in the computation of the size of the glyph to be allocated by the AllocateGlyph() function which will cause less memory to be allocated than expected, leading to later heap overflow. An integer overflow may occur in the computation of the size of the glyph to be allocated by the ProcRenderCreateCursor() function which will cause less memory to be allocated than expected, leading later to dereferencing un-mapped memory, causing a crash of the X server. Integer overflows can also occur in the code validating the parameters for the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient and SProcRenderCreateConicalGradient functions, leading to memory corruption by swapping bytes outside of the intended request parameters.
Family:	unix	Class:	patch
Reference(s):	DSA-1595 CVE-2008-1377 CVE-2008-1379 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	xorg-server
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Packages section xserver-xorg-core is earlier than 1.1.1-21etch5 AND xdmx is earlier than 1.1.1-21etch5 AND xserver-xorg-dev is earlier than 1.1.1-21etch5 AND xvfb is earlier than 1.1.1-21etch5 AND xnest is earlier than 1.1.1-21etch5 AND xserver-xephyr is earlier than 1.1.1-21etch5 AND xdmx-tools is earlier than 1.1.1-21etch5

Definition Id: oval:org.mitre.oval:def:6461

Oval ID:	oval:org.mitre.oval:def:6461
Title:	Debian GNU/Linux 4.0 is installed.
Description:	Debian GNU/Linux 4.0 (etch) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:4.0	Version:	9
Platform(s):	Debian GNU/Linux 4.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 4.0 is installed
Referenced By:
oval:org.mitre.oval:def:8313

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0216s

Facebook rss twitter linkedin mail