FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xorg -- multiple vulnerabilities

Affected packages
xorg-server < 1.4.2,1

Details

VuXML ID 800e8bd5-3acb-11dd-8842-001302a18722
Discovery 2008-06-11
Entry 2008-06-15

Matthieu Herrb of X.Org reports:

Several vulnerabilities have been found in the server-side code of some extensions in the X Window System. Improper validation of client-provided data can cause data corruption.

Exploiting these overflows will crash the X server or, under certain circumstances allow the execution of arbitray machine code.

When the X server is running with root privileges (which is the case for the Xorg server and for most kdrive based servers), these vulnerabilities can thus also be used to raise privileges.

All these vulnerabilities, to be exploited successfully, require either an already established connection to a running X server (and normally running X servers are only accepting authenticated connections), or a shell access with a valid user on the machine where the vulnerable server is installed.

References

CVE Name CVE-2008-1377
CVE Name CVE-2008-1379
CVE Name CVE-2008-2360
CVE Name CVE-2008-2361
CVE Name CVE-2008-2362
URL http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
URL http://secunia.com/advisories/30627/