fkie_cve-2007-6429
Vulnerability from fkie_nvd
Published
2008-01-18 23:00
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x.org:evi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03108EF9-17AB-4260-823B-DF2BB34691F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x.org:mit-shm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0283B878-7F07-44F5-ABC8-4B7F0FABDBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:x.org:xserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC8352E-BBB6-4B41-AD07-447D8D71CE7D",
"versionEndIncluding": "1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en X.Org Xserver versiones anteriores a 1.4.1 permiten a atacantes locales o remotos dependientes del contexto ejecutar c\u00f3digo de su elecci\u00f3n mediante (1) una petici\u00f3n GetVisualInfo conteniendo un valor de 32 bits que se utiliza inapropiadamente para calcular una cantidad de memoria para alojamiento por la extensi\u00f3n EVI, \u00f3 (2) una petici\u00f3n conteniendo valores relativos al tama\u00f1o de pixmap que es inapropiadamente utilizado en la gesti\u00f3n de memoria compartida por la extensi\u00f3n MIT-SHM."
}
],
"id": "CVE-2007-6429",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-18T23:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=204362"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
},
{
"source": "cve@mitre.org",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
},
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=645"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.freedesktop.org/archives/xorg/2008-January/031918.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28273"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28532"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28535"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28536"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28539"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28540"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28542"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28543"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28550"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28584"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28592"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28616"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28693"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28718"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28838"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28843"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28885"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28941"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29139"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29622"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29707"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30161"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32545"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200801-09.xml"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200804-05.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019232"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-039.htm"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1466"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:021"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:022"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:023"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:025"
},
{
"source": "cve@mitre.org",
"url": "http://www.openbsd.org/errata41.html#012_xorg"
},
{
"source": "cve@mitre.org",
"url": "http://www.openbsd.org/errata42.html#006_xorg"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0029.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0030.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0031.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487335/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27336"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27350"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27353"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0179"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0184"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0497/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0703"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3000"
},
{
"source": "cve@mitre.org",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7\u0026heading=AIX61\u0026path=/200802/SECURITY/20080227/datafile112539\u0026label=AIX%20X%20server%20multiple%20vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39763"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39764"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-2010"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11045"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/571-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=204362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.freedesktop.org/archives/xorg/2008-January/031918.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28693"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200801-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200804-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-039.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openbsd.org/errata41.html#012_xorg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openbsd.org/errata42.html#006_xorg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487335/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0497/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7\u0026heading=AIX61\u0026path=/200802/SECURITY/20080227/datafile112539\u0026label=AIX%20X%20server%20multiple%20vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/571-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
},
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…