CVE-2008-1377

Name of the Vulnerable Software and Affected Versions XFree86-twm versions 4.1.0 through 4.3.0 XFree86-sdk versions 4.1.0 through 4.3.0 XFree86-doc versions 4.1.0 through 4.3.0 XFree86-devel versions 4.1.0 through 4.3.0 XFree86-font-utils version 4.3.0 XFree86-xf86cfg versions 4.1.0 XFree86-libs versions 4.1.0 through 4.3.0 XFree86-tools versions 4.1.0 through 4.3.0 XFree86-xdm versions 4.1.0 through 4.3.0 XFree86-xfs versions 4.1.0 through 4.3.0 XFree86-Xvfb versions 4.1.0 through 4.3.0 XFree86-75dpi-fonts versions 4.1.0 through 4.3.0 XFree86-100dpi-fonts versions 4.1.0 through 4.3.0 XFree86-ISO8859-2-75dpi-fonts versions 4.1.0 through 4.3.0 XFree86-ISO8859-9-75dpi-fonts versions 4.1.0 through 4.3.0 XFree86-ISO8859-14-75dpi-fonts version 4.3.0 XFree86-ISO8859-15-75dpi-fonts versions 4.1.0 through 4.3.0 XFree86-ISO8859-2-100dpi-fonts versions 4.1.0 through 4.3.0 XFree86-ISO8859-9-100dpi-fonts versions 4.1.0 through 4.3.0 XFree86-ISO8859-14-100dpi-fonts version 4.3.0 XFree86-ISO8859-15-100dpi-fonts versions 4.1.0 through 4.3.0 xorg-x11-server versions prior to 1.3.0.0-r6 xorg-x11-server-Xorg version 1.1.1 xorg-x11-server-Xvfb version 1.1.1 xorg-x11-server-Xnest version 1.1.1 xorg-x11-server-Xdmx version 1.1.1 xorg-x11-server-Xephyr version 1.1.1

Description The issue allows context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. The SProcRecordCreateContext and SProcRecordRegisterClients functions in the Record extension and the SProcSecurityGenerateAuthorization function in the Security extension in the X server are affected. Exploitation of the vulnerabilities can be done remotely.

Recommendations For XFree86-twm versions 4.1.0 through 4.3.0, update to a version outside this range. For XFree86-sdk versions 4.1.0 through 4.3.0, update to a version outside this range. For XFree86-doc versions 4.1.0 through 4.3.0, update to a version outside this range. For XFree86-devel versions 4.1.0 through 4.3.0, update to a version outside this range. For XFree86-font-utils version 4.3.0, update to a version outside this range. For XFree86-xf86cfg versions 4.1.0, update to a version outside this range. For XFree86-libs versions 4.1.0 through 4.3.0, update to a version outside this range. For XFree86-tools versions 4.1.0 through 4.3.0, update to a version outside this range. For XFree86-xdm versions 4.1.0 through 4.3.0, update to a version outside this range. For XFree86-xfs versions 4.1.0 through 4.3.0, update to a version outside this range. For XFree86-Xvfb versions 4.1.0 through 4.3.0, update to a version outside this range. For XFree86-75dpi-fonts versions 4.1.0 through 4.3.0, update to a version outside this range. For XFree86-100dpi-fonts versions 4.1.0 through 4.3.0, update to a version outside this range. For XFree86-ISO8859-2-75dpi-fonts versions 4.1.0 through 4.3.0, update to a version outside this range. For XFree86-ISO8859-9-75dpi-fonts versions 4.1.0 through 4.3.0, update to a version outside this range. For XFree86-ISO8859-14-75dpi-fonts version 4.3.0, update to a version outside this range. For XFree86-ISO8859-15-75dpi-fonts versions 4.1.0 through 4.3.0, update to a version outside this range. For XFree86-ISO8859-2-100dpi-fonts versions 4.1.0 through 4.3.0, update to a version outside this range. For XFree86-ISO8859-9-100dpi-fonts versions 4.1.0 through 4.3.0, update to a version outside this range. For XFree86-ISO8859-14-100dpi-fonts version 4.3.0, update to a version outside this range. For XFree86-ISO8859-15-100dpi-fonts versions 4.1.0 through 4.3.0, update to a version outside this range. For xorg-x11-server versions prior to 1.3.0.0-r6, update to version 1.3.0.0-r6 or later. For xorg-x11-server-Xorg version 1.1.1, update to a version outside this range. For xorg-x11-server-Xvfb version 1.1.1, update to a version outside this range. For xorg-x11-server-Xnest version 1.1.1, update to a version outside this range. For xorg-x11-server-Xdmx version 1.1.1, update to a version outside this range. For xorg-x11-server-Xephyr version 1.1.1, update to a version outside this range.