Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Производитель ПО
Наименование ПО
xorg-x11
(Unknown)
Описание
Ошибка в индексе массива в расширении XFree86-Misc в X.Org Xserver позволяет злоумышленникам выполнить произвольный код, используя запрос PassMessage, который содержит большой индекс массива.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
http://xorg.freedesktop.org/wiki/
http://xorg.freedesktop.org/wiki/
Ссылки
BID (27336): http://www.securityfocus.com/bid/27336
SUNALERT (103200): http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1
MLIST ([xorg] 20080117 X.Org security advisory: multiple vulnerabilities in the X server): http://lists.freedesktop.org/archives/xorg/2008-January/031918.html
IDEFENSE (20080117 Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability): http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=646
FEDORA (FEDORA-2008-0831): https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html
FEDORA (FEDORA-2008-0760): https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html
CONFIRM (https://issues.rpath.com/browse/RPL-2010): https://issues.rpath.com/browse/RPL-2010
XF (xorg-xfree86misc-code-execution(39766)): http://xforce.iss.net/xforce/xfdb/39766
UBUNTU (USN-571-1): http://www.ubuntulinux.org/support/documentation/usn/usn-571-1
BID (27354): http://www.securityfocus.com/bid/27354
BUGTRAQ (20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs): http://www.securityfocus.com/archive/1/archive/1/487335/100/0/threaded
REDHAT (RHSA-2008:0031): http://www.redhat.com/support/errata/RHSA-2008-0031.html
REDHAT (RHSA-2008:0030): http://www.redhat.com/support/errata/RHSA-2008-0030.html
OPENBSD ([4.2] 20080208 006: SECURITY FIX: February 8, 2008): http://www.openbsd.org/errata42.html#006_xorg
OPENBSD ([4.1] 20080208 012: SECURITY FIX: February 8, 2008): http://www.openbsd.org/errata41.html#012_xorg
MANDRIVA (MDVSA-2008:025): http://www.mandriva.com/security/advisories?name=MDVSA-2008:025
MANDRIVA (MDVSA-2008:023): http://www.mandriva.com/security/advisories?name=MDVSA-2008:023
MANDRIVA (MDVSA-2008:022): http://www.mandriva.com/security/advisories?name=MDVSA-2008:022
GENTOO (GLSA-200805-07): http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
VUPEN (ADV-2008-0497): http://www.frsirt.com/english/advisories/2008/0497/references
VUPEN (ADV-2008-0184): http://www.frsirt.com/english/advisories/2008/0184
VUPEN (ADV-2008-0179): http://www.frsirt.com/english/advisories/2008/0179
DEBIAN (DSA-1466): http://www.debian.org/security/2008/dsa-1466
CONFIRM (http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm): http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm
CONFIRM (http://support.avaya.com/elmodocs2/security/ASA-2008-039.htm): http://support.avaya.com/elmodocs2/security/ASA-2008-039.htm
SUNALERT (200153): http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1
SECTRACK (1019232): http://securitytracker.com/id?1019232
GENTOO (GLSA-200804-05): http://security.gentoo.org/glsa/glsa-200804-05.xml
GENTOO (GLSA-200801-09): http://security.gentoo.org/glsa/glsa-200801-09.xml
SUSE (SUSE-SA:2008:003): http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html
CONFIRM (http://bugs.gentoo.org/show_bug.cgi?id=204362): http://bugs.gentoo.org/show_bug.cgi?id=204362
SUNALERT (103200): http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1
MLIST ([xorg] 20080117 X.Org security advisory: multiple vulnerabilities in the X server): http://lists.freedesktop.org/archives/xorg/2008-January/031918.html
IDEFENSE (20080117 Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability): http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=646
FEDORA (FEDORA-2008-0831): https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html
FEDORA (FEDORA-2008-0760): https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html
CONFIRM (https://issues.rpath.com/browse/RPL-2010): https://issues.rpath.com/browse/RPL-2010
XF (xorg-xfree86misc-code-execution(39766)): http://xforce.iss.net/xforce/xfdb/39766
UBUNTU (USN-571-1): http://www.ubuntulinux.org/support/documentation/usn/usn-571-1
BID (27354): http://www.securityfocus.com/bid/27354
BUGTRAQ (20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs): http://www.securityfocus.com/archive/1/archive/1/487335/100/0/threaded
REDHAT (RHSA-2008:0031): http://www.redhat.com/support/errata/RHSA-2008-0031.html
REDHAT (RHSA-2008:0030): http://www.redhat.com/support/errata/RHSA-2008-0030.html
OPENBSD ([4.2] 20080208 006: SECURITY FIX: February 8, 2008): http://www.openbsd.org/errata42.html#006_xorg
OPENBSD ([4.1] 20080208 012: SECURITY FIX: February 8, 2008): http://www.openbsd.org/errata41.html#012_xorg
MANDRIVA (MDVSA-2008:025): http://www.mandriva.com/security/advisories?name=MDVSA-2008:025
MANDRIVA (MDVSA-2008:023): http://www.mandriva.com/security/advisories?name=MDVSA-2008:023
MANDRIVA (MDVSA-2008:022): http://www.mandriva.com/security/advisories?name=MDVSA-2008:022
GENTOO (GLSA-200805-07): http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
VUPEN (ADV-2008-0497): http://www.frsirt.com/english/advisories/2008/0497/references
VUPEN (ADV-2008-0184): http://www.frsirt.com/english/advisories/2008/0184
VUPEN (ADV-2008-0179): http://www.frsirt.com/english/advisories/2008/0179
DEBIAN (DSA-1466): http://www.debian.org/security/2008/dsa-1466
CONFIRM (http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm): http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm
CONFIRM (http://support.avaya.com/elmodocs2/security/ASA-2008-039.htm): http://support.avaya.com/elmodocs2/security/ASA-2008-039.htm
SUNALERT (200153): http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1
SECTRACK (1019232): http://securitytracker.com/id?1019232
GENTOO (GLSA-200804-05): http://security.gentoo.org/glsa/glsa-200804-05.xml
GENTOO (GLSA-200801-09): http://security.gentoo.org/glsa/glsa-200801-09.xml
SUSE (SUSE-SA:2008:003): http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html
CONFIRM (http://bugs.gentoo.org/show_bug.cgi?id=204362): http://bugs.gentoo.org/show_bug.cgi?id=204362