CVE-2007-6429 – xfree86: integer overflow in EVI extension
https://notcve.org/view.php?id=CVE-2007-6429
Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension. Múltiples desbordamientos de búfer en X.Org Xserver versiones anteriores a 1.4.1 permiten a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante (1) una petición GetVisualInfo conteniendo un valor de 32 bits que se utiliza inapropiadamente para calcular una cantidad de memoria para alojamiento por la extensión EVI, ó (2) una petición conteniendo valores relativos al tamaño de pixmap que es inapropiadamente utilizado en la gestión de memoria compartida por la extensión MIT-SHM. • http://bugs.gentoo.org/show_bug.cgi?id=204362 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=645 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.freedesktop.org/archives/xorg/2008-January/031918.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html http://lists.opensuse.org/ope • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2007-5958 – X.Org xorg-server 1.1.1-48.13 - Probe for Files (PoC)
https://notcve.org/view.php?id=CVE-2007-5958
X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists. X.Org Xserver versiones anteriores a 1.4.1 permite a usuarios locales determinar la existencia de ficheros de su elección mediante un argumento nombre de fichero en la opción -sp en el programa X, lo cual produce diferentes mensajes de error dependientes de si el fichero existe. • https://www.exploit-db.com/exploits/5152 http://bugs.gentoo.org/show_bug.cgi?id=204362 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.freedesktop.org/archives/xorg/2008-January/031918.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2008- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-5760 – xorg: invalid array indexing in XFree86-Misc extension
https://notcve.org/view.php?id=CVE-2007-5760
Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index. Error de índice de Array en la extensión XFree86-Misc de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante una petición PassMessage conteniendo un índice de array largo. • http://bugs.gentoo.org/show_bug.cgi?id=204362 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=646 http://lists.freedesktop.org/archives/xorg/2008-January/031918.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html http://secunia.com/advisories/28273 http://secunia.com/advisories/28532 http://secunia.com/advisories/28535 http://secunia.com/advisories/28536 http://secunia.com/advisories/28539 http://secunia.com/advisories/28540 http:/ •
CVE-2007-6428 – xfree86: information disclosure via TOG-CUP extension
https://notcve.org/view.php?id=CVE-2007-6428
The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index. La función ProcGetReservedColormapEntries de la extensión TOG-CUP de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto leer el contenido de ubicaciones de memoria de su elección mediante peticiones conteniendo un valor de 32 bits que se utiliza inapropiadamente como un índice de array. • http://bugs.gentoo.org/show_bug.cgi?id=204362 http://docs.info.apple.com/article.html?artnum=307562 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=644 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.freedesktop.org/archives/xorg/2008-January/031918.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://lists.opensuse.org/opensuse& •
CVE-2008-0006 – Xorg / XFree86 PCF font parser buffer overflow
https://notcve.org/view.php?id=CVE-2008-0006
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table. Un desbordamiento del búfer en (1) X.Org Xserver versiones anteriores a 1.4.1, y (2) las bibliotecas libfont y libXfont en algunas plataformas, incluyendo Sun Solaris, permite a atacantes dependiendo del contexto ejecutar código arbitrario por medio de una fuente PCF con una diferencia considerable entre los últimos y primeros valores col en la tabla PCF_BDF_ENCODINGS. • http://bugs.gentoo.org/show_bug.cgi?id=204362 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 http://jvn.jp/en/jp/JVN88935101/index.html http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.freedesktop.org/archives/xorg/2008-January/031918.html http://lists.opensuse.org/opensuse-security-announce/2008-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •