CVE-2007-6428

xfree86: information disclosure via TOG-CUP extension

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.

La función ProcGetReservedColormapEntries de la extensión TOG-CUP de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto leer el contenido de ubicaciones de memoria de su elección mediante peticiones conteniendo un valor de 32 bits que se utiliza inapropiadamente como un índice de array.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-12-18 CVE Reserved
2008-01-18 CVE Published
2024-08-07 CVE Updated
2024-11-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (66)

URL	Tag	Source
http://bugs.gentoo.org/show_bug.cgi?id=204362	X_refsource_confirm
http://docs.info.apple.com/article.html?artnum=307562	X_refsource_confirm
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=644	Third Party Advisory
http://secunia.com/advisories/28273	Third Party Advisory
http://secunia.com/advisories/28532	Third Party Advisory
http://secunia.com/advisories/28535	Third Party Advisory
http://secunia.com/advisories/28536	Third Party Advisory
http://secunia.com/advisories/28539	Third Party Advisory
http://secunia.com/advisories/28540	Third Party Advisory
http://secunia.com/advisories/28542	Third Party Advisory
http://secunia.com/advisories/28543	Third Party Advisory
http://secunia.com/advisories/28550	Third Party Advisory
http://secunia.com/advisories/28584	Third Party Advisory
http://secunia.com/advisories/28592	Third Party Advisory
http://secunia.com/advisories/28616	Third Party Advisory
http://secunia.com/advisories/28693	Third Party Advisory
http://secunia.com/advisories/28718	Third Party Advisory
http://secunia.com/advisories/28838	Third Party Advisory
http://secunia.com/advisories/28843	Third Party Advisory
http://secunia.com/advisories/28885	Third Party Advisory
http://secunia.com/advisories/28941	Third Party Advisory
http://secunia.com/advisories/29139	Third Party Advisory
http://secunia.com/advisories/29420	Third Party Advisory
http://secunia.com/advisories/29622	Third Party Advisory
http://secunia.com/advisories/29707	Third Party Advisory
http://secunia.com/advisories/30161	Third Party Advisory
http://securitytracker.com/id?1019232	Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2008-039.htm	X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm	X_refsource_confirm
http://www.securityfocus.com/archive/1/487335/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/27355	Vdb Entry
http://www.vupen.com/english/advisories/2008/0179	Vdb Entry
http://www.vupen.com/english/advisories/2008/0184	Vdb Entry
http://www.vupen.com/english/advisories/2008/0497/references	Vdb Entry
http://www.vupen.com/english/advisories/2008/0703	Vdb Entry
http://www.vupen.com/english/advisories/2008/0924/references	Vdb Entry
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/39761	Vdb Entry
https://issues.rpath.com/browse/RPL-2010	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11754	Signature

URL	Date	SRC

URL	Date	SRC
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html	2018-10-15
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1	2018-10-15
http://www.securityfocus.com/bid/27336	2018-10-15

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	2018-10-15
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html	2018-10-15
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html	2018-10-15
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html	2018-10-15
http://security.gentoo.org/glsa/glsa-200801-09.xml	2018-10-15
http://security.gentoo.org/glsa/glsa-200804-05.xml	2018-10-15
http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1	2018-10-15
http://www.debian.org/security/2008/dsa-1466	2018-10-15
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml	2018-10-15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:021	2018-10-15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:022	2018-10-15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:023	2018-10-15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:025	2018-10-15
http://www.openbsd.org/errata41.html#012_xorg	2018-10-15
http://www.openbsd.org/errata42.html#006_xorg	2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0029.html	2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0030.html	2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0031.html	2018-10-15
https://usn.ubuntu.com/571-1	2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html	2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html	2018-10-15
https://access.redhat.com/security/cve/CVE-2007-6428	2008-01-17
https://bugzilla.redhat.com/show_bug.cgi?id=413791	2008-01-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
X.org Search vendor "X.org"		Tog-cup Search vendor "X.org" for product "Tog-cup"				*		-		Affected
X.org Search vendor "X.org"		Xserver Search vendor "X.org" for product "Xserver"				<= 1.4 Search vendor "X.org" for product "Xserver" and version " <= 1.4"		-		Affected