CVE-2007-6427

Name of the Vulnerable Software and Affected Versions xorg-server versions prior to 1.4.1 libxfont1 (affected versions not specified) libxaw6 (affected versions not specified) libxaw7 (affected versions not specified) libxext6 (affected versions not specified) libxft1 (affected versions not specified) libx11-6 (affected versions not specified) libxi6 (affected versions not specified) libxp6 (affected versions not specified) libxpm4 (affected versions not specified) libxrandr2 (affected versions not specified) libxt6 (affected versions not specified) libxv1 (affected versions not specified) libxmu6 (affected versions not specified) libxmuu1 (affected versions not specified) libxtrap6 (affected versions not specified) x-window-system (affected versions not specified) x-window-system-core (affected versions not specified) x-window-system-dev (affected versions not specified) xlibs (affected versions not specified) xlibs-data (affected versions not specified) xlibs-dev (affected versions not specified) xlibs-dbg (affected versions not specified) xfwp (affected versions not specified) xfs (affected versions not specified) xmh (affected versions not specified) xnest (affected versions not specified) xspecs (affected versions not specified) xvfb (affected versions not specified) xfonts-100dpi (affected versions not specified) xfonts-100dpi-transcoded (affected versions not specified) xfonts-75dpi (affected versions not specified) xfonts-75dpi-transcoded (affected versions not specified) xfonts-base (affected versions not specified) xfonts-base-transcoded (affected versions not specified) xfonts-cyrillic (affected versions not specified) xfonts-scalable (affected versions not specified) lbxproxy (affected versions not specified) libdps1 (affected versions not specified) libdps-dev (affected versions not specified) libdps1-dbg (affected versions not specified) libsm6 (affected versions not specified) libsm6-dbg (affected versions not specified) libsm-dev (affected versions not specified) libxaw6-dbg (affected versions not specified) libxaw6-dev (affected versions not specified) libxaw7-dbg (affected versions not specified) libxaw7-dev (affected versions not specified) libxext6-dbg (affected versions not specified) libxext-dev (affected versions not specified) libxft1-dbg (affected versions not specified) libx11-dev (affected versions not specified) libx11-6-dbg (affected versions not specified) libxi6-dbg (affected versions not specified) libxi-dev (affected versions not specified) libxp6-dbg (affected versions not specified) libxp-dev (affected versions not specified) libxpm4-dbg (affected versions not specified) libxpm-dev (affected versions not specified) libxrandr2-dbg (affected versions not specified) libxrandr-dev (affected versions not specified) libxv1-dbg (affected versions not specified) libxv-dev (affected versions not specified) libxt6-dbg (affected versions not specified) libxt-dev (affected versions not specified) libxtst6 (affected versions not specified) libxtst6-dbg (affected versions not specified) libxtst-dev (affected versions not specified) libxmu-dev (affected versions not specified) libxmu6-dbg (affected versions not specified) libxmuu1-dbg (affected versions not specified) libxmuu-dev (affected versions not specified) libxtrap6-dbg (affected versions not specified) libxtrap-dev (affected versions not specified) xlibmesa3 (affected versions not specified) xlibmesa3-dbg (affected versions not specified) xlibmesa-dri (affected versions not specified) xlibmesa-dri-dbg (affected versions not specified) xlibmesa-gl (affected versions not specified) xlibmesa-gl-dbg (affected versions not specified) xlibmesa-gl-dev (affected versions not specified) xlibmesa-glu (affected versions not specified) xlibmesa-glu-dbg (affected versions not specified) xlibmesa-glu-dev (affected versions not specified) xlibosmesa4 (affected versions not specified) xlibosmesa4-dbg (affected versions not specified) xlibosmesa-dev (affected versions not specified) xdm (affected versions not specified) xdmx (affected versions not specified) xdmx-tools (affected versions not specified)

Description The XInput extension in X.Org Xserver prior to version 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions. This vulnerability can be exploited remotely. The issue affects multiple packages in the Debian GNU/Linux operating system, including x-window-system, x-window-system-core, x-window-system-dev, xlibs, xlibs-data, xlibs-dev, xlibs-dbg, xfwp, xfs, xmh, xnest, xspecs, xvfb, xfonts-100dpi, xfonts-100dpi-transcoded, xfonts-75dpi, xfonts-75dpi-transcoded, xfonts-base, xfonts-base-transcoded, xfonts-cyrillic, xfonts-scalable, lbxproxy, libdps1, libdps-dev, libdps1-dbg, libsm6, libsm6-dbg, libsm-dev, libxaw6, libxaw6-dbg, libxaw6-dev, libxaw7, libxaw7-dbg, libxaw7-dev, libxext6, libxext6-dbg, libxext-dev, libxft1, libxft1-dbg, libx11-6, libx11-dev, libx11-6-dbg, libxi6, libxi6-dbg, libxi-dev, libxp6, libxp6-dbg, libxp-dev, libxpm4, libxpm4-dbg, libxpm-dev, libxrandr2, libxrandr2-dbg, libxrandr-dev, libxv1, libxv1-dbg, libxv-dev, libxt6, libxt6-dbg, libxt-dev, libxtst6, libxtst6-dbg, libxtst-dev, libxmu6, libxmu6-dbg, libxmu-dev, libxmuu1, libxmuu1-dbg, libxmuu-dev, libxtrap6, libxtrap6-dbg, libxtrap-dev, xlibmesa3, xlibmesa3-dbg, xlibmesa-dri, xlibmesa-dri-dbg, xlibmesa-gl, xlibmesa-gl-dbg, xlibmesa-gl-dev, xlibmesa-glu, xlibmesa-glu-dbg, xlibmesa-glu-dev, xlibosmesa4, xlibosmesa4-dbg, xlibosmesa-dev, xdm, xdmx, xdmx-tools, proxymngr, and pm-dev.

Recommendations As a temporary workaround, consider disabling the XInput extension until a patch is available. Restrict access to the vulnerable packages to minimize the risk of exploitation. Avoid using the affected packages until the issue is resolved. Update to version 1.4.1 or later of the xorg-server package. For each affected package, update to the latest version or apply the recommended patch. Disable the vulnerableFunction() function until a patch is available. Restrict access to the vulnerable module moduleX to minimize the risk of exploitation. Avoid using the parameter user id in the affected API endpoint until the issue is resolved. Apply the recommended configuration changes and workarounds to mitigate the risk of exploitation.