Computer Security
[EN] securityvulns.ru no-pyccku


XFree86 / X.Org / NX multiple security vulnerabilities
updated since 20.01.2008
Published:08.04.2008
Source:
SecurityVulns ID:8583
Type:local
Threat Level:
7/10
Description:XInput and TOG-CUP extensions memory corruption, EVI and MIT-SHM extensions integer overflows, multiple extensions array index overflows. libxfont PCF fonts parsing buffer overflow.
Affected:NX : nx 3.1
CVE:CVE-2008-0006
 CVE-2007-6429
 CVE-2007-6428 (The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.)
 CVE-2007-6427
 CVE-2007-5958
 CVE-2007-5760
Original documentdocumentGENTOO, [ GLSA 200804-05 ] NX: User-assisted execution of arbitrary code (08.04.2008)
 documentUBUNTU, [USN-571-1] X.org vulnerabilities (20.01.2008)
 documentIDEFENSE, iDefense Security Advisory 01.17.08: Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability (20.01.2008)
 documentIDEFENSE, iDefense Security Advisory 01.17.08: Multiple Vendor X Server EVI and MIT-SHM Extensions Integer Overflow Vulnerabilities (20.01.2008)
 documentIDEFENSE, iDefense Security Advisory 01.17.08: Multiple Vendor X Server TOG-CUP Extension Information Disclosure Vulnerability (20.01.2008)
 documentIDEFENSE, iDefense Security Advisory 01.17.08: Multiple Vendor X Server XInput Extension Multiple Memory Corruption Vulnerabilities (20.01.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod