cvelistv5 - cve-2008-1377

CVE-2008-1377 (GCVE-0-2008-1377)

Vulnerability from cvelistv5

Published

2008-06-16 19:00

Modified

2024-08-07 08:17

Severity ?

CWE

Summary

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

References

URL

Tags

	https://issues.rpath.com/browse/RPL-2607	x_refsource_CONFIRM
	http://secunia.com/advisories/30629	third-party-advisory, x_refsource_SECUNIA
	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721	third-party-advisory, x_refsource_IDEFENSE
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109	vdb-entry, signature, x_refsource_OVAL
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1	vendor-advisory, x_refsource_SUNALERT
	http://secunia.com/advisories/33937	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/30664	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:115	vendor-advisory, x_refsource_MANDRIVA
	http://www.securityfocus.com/archive/1/493550/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/31025	third-party-advisory, x_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2008-0502.html	vendor-advisory, x_refsource_REDHAT
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321	vendor-advisory, x_refsource_HP
	http://support.apple.com/kb/HT3438	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html	vendor-advisory, x_refsource_APPLE
	http://www.vupen.com/english/advisories/2008/1833	vdb-entry, x_refsource_VUPEN
	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-200806-07.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/30715	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/30666	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/30627	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/30637	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:116	vendor-advisory, x_refsource_MANDRIVA
	http://www.vupen.com/english/advisories/2008/1803	vdb-entry, x_refsource_VUPEN
	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321	vendor-advisory, x_refsource_HP
	ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff	x_refsource_CONFIRM
	http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/30772	third-party-advisory, x_refsource_SECUNIA
	http://securitytracker.com/id?1020247	vdb-entry, x_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2008-0503.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/30628	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/30659	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/31109	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1983/references	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/30671	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/30809	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/3000	vdb-entry, x_refsource_VUPEN
	http://lists.freedesktop.org/archives/xorg/2008-June/036026.html	mailing-list, x_refsource_MLIST
	http://rhn.redhat.com/errata/RHSA-2008-0504.html	vendor-advisory, x_refsource_REDHAT
	http://secunia.com/advisories/32545	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/30843	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2008/dsa-1595	vendor-advisory, x_refsource_DEBIAN
	http://www.ubuntu.com/usn/usn-616-1	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/32099	third-party-advisory, x_refsource_SECUNIA
	https://issues.rpath.com/browse/RPL-2619	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2008-0512.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/archive/1/493548/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/30630	third-party-advisory, x_refsource_SECUNIA
	http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:17:34.564Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-2607"
          },
          {
            "name": "30629",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30629"
          },
          {
            "name": "20080611 Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721"
          },
          {
            "name": "oval:org.mitre.oval:def:10109",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109"
          },
          {
            "name": "238686",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
          },
          {
            "name": "33937",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33937"
          },
          {
            "name": "30664",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30664"
          },
          {
            "name": "MDVSA-2008:115",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
          },
          {
            "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
          },
          {
            "name": "31025",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31025"
          },
          {
            "name": "RHSA-2008:0502",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
          },
          {
            "name": "SSRT080083",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3438"
          },
          {
            "name": "APPLE-SA-2009-02-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
          },
          {
            "name": "ADV-2008-1833",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1833"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
          },
          {
            "name": "GLSA-200806-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
          },
          {
            "name": "30715",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30715"
          },
          {
            "name": "30666",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30666"
          },
          {
            "name": "30627",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30627"
          },
          {
            "name": "30637",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30637"
          },
          {
            "name": "MDVSA-2008:116",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
          },
          {
            "name": "ADV-2008-1803",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1803"
          },
          {
            "name": "HPSBUX02381",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
          },
          {
            "name": "SUSE-SA:2008:027",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
          },
          {
            "name": "30772",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30772"
          },
          {
            "name": "1020247",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1020247"
          },
          {
            "name": "RHSA-2008:0503",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
          },
          {
            "name": "30628",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30628"
          },
          {
            "name": "30659",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30659"
          },
          {
            "name": "31109",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31109"
          },
          {
            "name": "ADV-2008-1983",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1983/references"
          },
          {
            "name": "30671",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30671"
          },
          {
            "name": "30809",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30809"
          },
          {
            "name": "ADV-2008-3000",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3000"
          },
          {
            "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
          },
          {
            "name": "RHSA-2008:0504",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
          },
          {
            "name": "32545",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32545"
          },
          {
            "name": "30843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30843"
          },
          {
            "name": "DSA-1595",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1595"
          },
          {
            "name": "USN-616-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-616-1"
          },
          {
            "name": "32099",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32099"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-2619"
          },
          {
            "name": "SUSE-SR:2008:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
          },
          {
            "name": "RHSA-2008:0512",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
          },
          {
            "name": "20080620 rPSA-2008-0200-1 xorg-server",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
          },
          {
            "name": "30630",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30630"
          },
          {
            "name": "GLSA-200807-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-06-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-2607"
        },
        {
          "name": "30629",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30629"
        },
        {
          "name": "20080611 Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721"
        },
        {
          "name": "oval:org.mitre.oval:def:10109",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109"
        },
        {
          "name": "238686",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
        },
        {
          "name": "33937",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33937"
        },
        {
          "name": "30664",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30664"
        },
        {
          "name": "MDVSA-2008:115",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
        },
        {
          "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
        },
        {
          "name": "31025",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31025"
        },
        {
          "name": "RHSA-2008:0502",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
        },
        {
          "name": "SSRT080083",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3438"
        },
        {
          "name": "APPLE-SA-2009-02-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
        },
        {
          "name": "ADV-2008-1833",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1833"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
        },
        {
          "name": "GLSA-200806-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
        },
        {
          "name": "30715",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30715"
        },
        {
          "name": "30666",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30666"
        },
        {
          "name": "30627",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30627"
        },
        {
          "name": "30637",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30637"
        },
        {
          "name": "MDVSA-2008:116",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
        },
        {
          "name": "ADV-2008-1803",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1803"
        },
        {
          "name": "HPSBUX02381",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
        },
        {
          "name": "SUSE-SA:2008:027",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
        },
        {
          "name": "30772",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30772"
        },
        {
          "name": "1020247",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1020247"
        },
        {
          "name": "RHSA-2008:0503",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
        },
        {
          "name": "30628",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30628"
        },
        {
          "name": "30659",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30659"
        },
        {
          "name": "31109",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31109"
        },
        {
          "name": "ADV-2008-1983",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1983/references"
        },
        {
          "name": "30671",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30671"
        },
        {
          "name": "30809",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30809"
        },
        {
          "name": "ADV-2008-3000",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3000"
        },
        {
          "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
        },
        {
          "name": "RHSA-2008:0504",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
        },
        {
          "name": "32545",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32545"
        },
        {
          "name": "30843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30843"
        },
        {
          "name": "DSA-1595",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1595"
        },
        {
          "name": "USN-616-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-616-1"
        },
        {
          "name": "32099",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32099"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-2619"
        },
        {
          "name": "SUSE-SR:2008:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
        },
        {
          "name": "RHSA-2008:0512",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
        },
        {
          "name": "20080620 rPSA-2008-0200-1 xorg-server",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
        },
        {
          "name": "30630",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30630"
        },
        {
          "name": "GLSA-200807-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-1377",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://issues.rpath.com/browse/RPL-2607",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-2607"
            },
            {
              "name": "30629",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30629"
            },
            {
              "name": "20080611 Multiple Vendor X Server Record and Security Extensions Multiple Memory Corruption Vulnerabilities",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721"
            },
            {
              "name": "oval:org.mitre.oval:def:10109",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10109"
            },
            {
              "name": "238686",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
            },
            {
              "name": "33937",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33937"
            },
            {
              "name": "30664",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30664"
            },
            {
              "name": "MDVSA-2008:115",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
            },
            {
              "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
            },
            {
              "name": "31025",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31025"
            },
            {
              "name": "RHSA-2008:0502",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
            },
            {
              "name": "SSRT080083",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
            },
            {
              "name": "http://support.apple.com/kb/HT3438",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3438"
            },
            {
              "name": "APPLE-SA-2009-02-12",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
            },
            {
              "name": "ADV-2008-1833",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1833"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
            },
            {
              "name": "GLSA-200806-07",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
            },
            {
              "name": "30715",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30715"
            },
            {
              "name": "30666",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30666"
            },
            {
              "name": "30627",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30627"
            },
            {
              "name": "30637",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30637"
            },
            {
              "name": "MDVSA-2008:116",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
            },
            {
              "name": "ADV-2008-1803",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1803"
            },
            {
              "name": "HPSBUX02381",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
            },
            {
              "name": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff",
              "refsource": "CONFIRM",
              "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
            },
            {
              "name": "SUSE-SA:2008:027",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
            },
            {
              "name": "30772",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30772"
            },
            {
              "name": "1020247",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1020247"
            },
            {
              "name": "RHSA-2008:0503",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
            },
            {
              "name": "30628",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30628"
            },
            {
              "name": "30659",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30659"
            },
            {
              "name": "31109",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31109"
            },
            {
              "name": "ADV-2008-1983",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1983/references"
            },
            {
              "name": "30671",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30671"
            },
            {
              "name": "30809",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30809"
            },
            {
              "name": "ADV-2008-3000",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3000"
            },
            {
              "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
              "refsource": "MLIST",
              "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
            },
            {
              "name": "RHSA-2008:0504",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
            },
            {
              "name": "32545",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32545"
            },
            {
              "name": "30843",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30843"
            },
            {
              "name": "DSA-1595",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1595"
            },
            {
              "name": "USN-616-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-616-1"
            },
            {
              "name": "32099",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32099"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-2619",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-2619"
            },
            {
              "name": "SUSE-SR:2008:019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
            },
            {
              "name": "RHSA-2008:0512",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
            },
            {
              "name": "20080620 rPSA-2008-0200-1 xorg-server",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
            },
            {
              "name": "30630",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30630"
            },
            {
              "name": "GLSA-200807-07",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-1377",
    "datePublished": "2008-06-16T19:00:00.000Z",
    "dateReserved": "2008-03-18T00:00:00.000Z",
    "dateUpdated": "2024-08-07T08:17:34.564Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2009-AVI-068

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans le système Mac OS X d'Apple. L'exploitation de ces vulnérabilités permet un grand nombre d'actions, dont l'exécution de code arbitraire à distance.

Description

Apple vient de publier des mises à jour pour son système d'exploitation Mac OS X. Ces correctifs concernent la mise à jour de plusieurs applicatifs :

AFP Server ;
Apple Pixlet Video ;
Carbon Core ;
CFNetwork ;
Certificate Assistant ;
ClamAV ;
CoreText ;
CUPS ;
DS Tools ;
fetchmail ;
Folder Manager ;
FSEvents ;
Network Time ;
perl ;
Printing ;
python ;
Remote Apple Events ;
Safari RSS ;
servermgrd ;
SMB ;
SquirrelMail ;
X11 ;
Xterm.

L'exploitation des différentes vulnérabilités permet d'effectuer un grand nombre d'actions malveillantes, dont l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Mac OS X versions 10.5.6 et antérieures ;
	Apple	N/A	Mac OS X versions 10.4.11 et antérieures.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 2009-001 du 12 février 2009	None	vendor-advisory
Bulletin de sécurité Apple HT3438 du 12 février 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X versions 10.5.6 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X versions 10.4.11 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nApple vient de publier des mises \u00e0 jour pour son syst\u00e8me d\u0027exploitation\nMac OS X. Ces correctifs concernent la mise \u00e0 jour de plusieurs\napplicatifs :\n\n-   AFP Server ;\n-   Apple Pixlet Video ;\n-   Carbon Core ;\n-   CFNetwork ;\n-   Certificate Assistant ;\n-   ClamAV ;\n-   CoreText ;\n-   CUPS ;\n-   DS Tools ;\n-   fetchmail ;\n-   Folder Manager ;\n-   FSEvents ;\n-   Network Time ;\n-   perl ;\n-   Printing ;\n-   python ;\n-   Remote Apple Events ;\n-   Safari RSS ;\n-   servermgrd ;\n-   SMB ;\n-   SquirrelMail ;\n-   X11 ;\n-   Xterm.\n\nL\u0027exploitation des diff\u00e9rentes vuln\u00e9rabilit\u00e9s permet d\u0027effectuer un\ngrand nombre d\u0027actions malveillantes, dont l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2316"
    },
    {
      "name": "CVE-2008-2361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2361"
    },
    {
      "name": "CVE-2008-2379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2379"
    },
    {
      "name": "CVE-2008-1808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1808"
    },
    {
      "name": "CVE-2009-0020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0020"
    },
    {
      "name": "CVE-2009-0012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0012"
    },
    {
      "name": "CVE-2008-3663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3663"
    },
    {
      "name": "CVE-2009-0141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0141"
    },
    {
      "name": "CVE-2008-3142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3142"
    },
    {
      "name": "CVE-2007-4565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4565"
    },
    {
      "name": "CVE-2007-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1352"
    },
    {
      "name": "CVE-2009-0139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0139"
    },
    {
      "name": "CVE-2008-4864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4864"
    },
    {
      "name": "CVE-2009-0019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0019"
    },
    {
      "name": "CVE-2008-1679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1679"
    },
    {
      "name": "CVE-2008-2711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2711"
    },
    {
      "name": "CVE-2008-3144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3144"
    },
    {
      "name": "CVE-2008-2362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2362"
    },
    {
      "name": "CVE-2009-0018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0018"
    },
    {
      "name": "CVE-2009-0140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0140"
    },
    {
      "name": "CVE-2009-0015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0015"
    },
    {
      "name": "CVE-2008-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1379"
    },
    {
      "name": "CVE-2008-5031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5031"
    },
    {
      "name": "CVE-2008-1721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1721"
    },
    {
      "name": "CVE-2008-5050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5050"
    },
    {
      "name": "CVE-2006-1861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1861"
    },
    {
      "name": "CVE-2008-1927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1927"
    },
    {
      "name": "CVE-2007-1667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1667"
    },
    {
      "name": "CVE-2008-5183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5183"
    },
    {
      "name": "CVE-2009-0138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0138"
    },
    {
      "name": "CVE-2009-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0014"
    },
    {
      "name": "CVE-2009-0009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0009"
    },
    {
      "name": "CVE-2009-0137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0137"
    },
    {
      "name": "CVE-2008-2360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2360"
    },
    {
      "name": "CVE-2009-0142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0142"
    },
    {
      "name": "CVE-2007-4965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4965"
    },
    {
      "name": "CVE-2009-0011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0011"
    },
    {
      "name": "CVE-2008-5314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5314"
    },
    {
      "name": "CVE-2008-1807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1807"
    },
    {
      "name": "CVE-2008-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1887"
    },
    {
      "name": "CVE-2008-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1377"
    },
    {
      "name": "CVE-2007-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1351"
    },
    {
      "name": "CVE-2008-2315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2315"
    },
    {
      "name": "CVE-2009-0013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0013"
    },
    {
      "name": "CVE-2009-0017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0017"
    },
    {
      "name": "CVE-2006-3467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3467"
    },
    {
      "name": "CVE-2008-1806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1806"
    }
  ],
  "initial_release_date": "2009-02-13T00:00:00",
  "last_revision_date": "2009-02-13T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3438 du 12 f\u00e9vrier 2009 :",
      "url": "http://support.apple.com/kb/HT3438"
    }
  ],
  "reference": "CERTA-2009-AVI-068",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me Mac OS X\nd\u0027Apple. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet un grand nombre\nd\u0027actions, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2009-001 du 12 f\u00e9vrier 2009",
      "url": null
    }
  ]
}

CERTA-2008-AVI-352

Vulnerability from certfr_avis

Plusieurs vulnérabilités concernant Avaya CMS permettent à un utilisateur distant malintentionné de porter atteinte à la confidentialité des données, de provoquer un déni de service, d'exécuter du code arbitraire et/ou d'élever ses privilèges.

Description

Les vulnérabilités présentes dans Avaya CMS affectent le serveur graphique X.Org. Ces vulnérabilités ont été décrites dans l'avis CERTA-2008-AVI-317.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	AVAYA	N/A	Avaya Call Management System (CMS).

References

Title

Publication Time

Tags

Bulletin de sécurité Avaya ASA-2008-249 du 30 juin 2008	None	vendor-advisory
Référence à l'avis CERTA-2008-AVI-317 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Avaya Call Management System (CMS).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "AVAYA",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLes vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Avaya CMS affectent le serveur\ngraphique X.Org. Ces vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9crites dans l\u0027avis\nCERTA-2008-AVI-317.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2361"
    },
    {
      "name": "CVE-2008-2362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2362"
    },
    {
      "name": "CVE-2008-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1379"
    },
    {
      "name": "CVE-2008-2360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2360"
    },
    {
      "name": "CVE-2008-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1377"
    }
  ],
  "initial_release_date": "2008-07-04T00:00:00",
  "last_revision_date": "2008-07-04T00:00:00",
  "links": [
    {
      "title": "R\u00e9f\u00e9rence \u00e0 l\u0027avis CERTA-2008-AVI-317 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-317/CERTA-2008-AVI-317.html"
    }
  ],
  "reference": "CERTA-2008-AVI-352",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-07-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s concernant Avaya CMS permettent \u00e0 un\nutilisateur distant malintentionn\u00e9 de porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, de provoquer un d\u00e9ni de service, d\u0027ex\u00e9cuter\ndu code arbitraire et/ou d\u0027\u00e9lever ses privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Avaya Call Management System",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2008-249 du 30 juin 2008",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
    }
  ]
}

CERTA-2008-AVI-317

Vulnerability from certfr_avis

Plusieurs vulnérabilités découvertes dans le serveur graphique X.Org permettent à un utilisateur distant authentifié de provoquer un déni de service ou d'exécuter du code arbitraire.

Description

Plusieurs vulnérabilités de type débordement d'entier permettent à un utilisateur local ou authentifié à distance de provoquer un déni de service, ou d'exécuter du code arbitraire avec les privilèges du compte administrateur.

D'autres vulnérabilités causées par un manque de contrôle des données fournies par l'utilisateur permettent de réaliser les mêmes actions sur un système vulnérable.

Solution

Se référer aux bulletins de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	X Window System 11 (X11) 6.x ;
	N/A	N/A	X Window System 11 (X11) 7.x.

References

Title

Publication Time

Tags

Bulletin de sécurité FreeDesktop du 11 juin 2008	None	vendor-advisory
Bulletin de sécurité Novell SUSE-SA:2008:027 du 13 juin 2008 :	-	other
Bulletin de sécurité X.Org du 11 juin 2008 :	-	other
Bulletin de sécurité Red Hat RHSA-2008:0502 du 11 juin 2008 :	-	other
Bulletin de sécurité Debian DSA-1595 du 11 juin 2008 :	-	other
Bulletin de sécurité HP-UX c01543321 du 3 novembre 2008:	-	other
Bulletin de sécurité Red Hat RHSA-2008:0504 du 11 juin 2008 :	-	other
Bulletin de sécurité Red Hat RHSA-2008:0512 du 11 juin 2008 :	-	other
Bulletin de sécurité Sun #238686 du 19 juin 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "X Window System 11 (X11) 6.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "X Window System 11 (X11) 7.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s de type d\u00e9bordement d\u0027entier permettent \u00e0 un\nutilisateur local ou authentifi\u00e9 \u00e0 distance de provoquer un d\u00e9ni de\nservice, ou d\u0027ex\u00e9cuter du code arbitraire avec les privil\u00e8ges du compte\nadministrateur.\n\nD\u0027autres vuln\u00e9rabilit\u00e9s caus\u00e9es par un manque de contr\u00f4le des donn\u00e9es\nfournies par l\u0027utilisateur permettent de r\u00e9aliser les m\u00eames actions sur\nun syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2361"
    },
    {
      "name": "CVE-2008-2362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2362"
    },
    {
      "name": "CVE-2008-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1379"
    },
    {
      "name": "CVE-2008-2360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2360"
    },
    {
      "name": "CVE-2008-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1377"
    }
  ],
  "initial_release_date": "2008-06-13T00:00:00",
  "last_revision_date": "2008-11-05T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Novell SUSE-SA:2008:027 du 13 juin    2008 :",
      "url": "http://www.novell.com/linux/security/advisories/2008_27_xorg.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 X.Org du 11 juin 2008 :",
      "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2008:0502 du 11 juin 2008    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1595 du 11 juin 2008 :",
      "url": "http://www.debian.org/security/2008/dsa-1595"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP-UX c01543321 du 3 novembre 2008:",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2008:0504 du 11 juin 2008    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2008:0512 du 11 juin 2008    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun #238686 du 19 juin 2008 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-6-238686-1"
    }
  ],
  "reference": "CERTA-2008-AVI-317",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-06-13T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rence aux bulletins de s\u00e9curit\u00e9 Suse et Sun.",
      "revision_date": "2008-06-25T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 HP-UX.",
      "revision_date": "2008-11-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans le serveur graphique X.Org\npermettent \u00e0 un utilisateur distant authentifi\u00e9 de provoquer un d\u00e9ni de\nservice ou d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans X.Org",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 FreeDesktop du 11 juin 2008",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-1377 (GCVE-0-2008-1377)

Vulnerability from cvelistv5

CERTA-2009-AVI-068

Vulnerability from certfr_avis

Description

Solution

CERTA-2008-AVI-352

Vulnerability from certfr_avis

Description

Solution

CERTA-2008-AVI-317

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature