CVE-2007-6429

xfree86: integer overflow in EVI extension

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.

Múltiples desbordamientos de búfer en X.Org Xserver versiones anteriores a 1.4.1 permiten a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante (1) una petición GetVisualInfo conteniendo un valor de 32 bits que se utiliza inapropiadamente para calcular una cantidad de memoria para alojamiento por la extensión EVI, ó (2) una petición conteniendo valores relativos al tamaño de pixmap que es inapropiadamente utilizado en la gestión de memoria compartida por la extensión MIT-SHM.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-12-18 CVE Reserved
2008-01-18 CVE Published
2024-08-07 CVE Updated
2024-10-14 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-189: Numeric Errors
CWE-190: Integer Overflow or Wraparound
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (71)

URL	Tag	Source
http://bugs.gentoo.org/show_bug.cgi?id=204362	X_refsource_confirm
http://docs.info.apple.com/article.html?artnum=307562	X_refsource_confirm
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=645	Third Party Advisory
http://secunia.com/advisories/28273	Third Party Advisory
http://secunia.com/advisories/28532	Third Party Advisory
http://secunia.com/advisories/28535	Third Party Advisory
http://secunia.com/advisories/28536	Third Party Advisory
http://secunia.com/advisories/28539	Third Party Advisory
http://secunia.com/advisories/28540	Third Party Advisory
http://secunia.com/advisories/28542	Third Party Advisory
http://secunia.com/advisories/28543	Third Party Advisory
http://secunia.com/advisories/28550	Third Party Advisory
http://secunia.com/advisories/28584	Third Party Advisory
http://secunia.com/advisories/28592	Third Party Advisory
http://secunia.com/advisories/28616	Third Party Advisory
http://secunia.com/advisories/28693	Third Party Advisory
http://secunia.com/advisories/28718	Third Party Advisory
http://secunia.com/advisories/28838	Third Party Advisory
http://secunia.com/advisories/28843	Third Party Advisory
http://secunia.com/advisories/28885	Third Party Advisory
http://secunia.com/advisories/28941	Third Party Advisory
http://secunia.com/advisories/29139	Third Party Advisory
http://secunia.com/advisories/29420	Third Party Advisory
http://secunia.com/advisories/29622	Third Party Advisory
http://secunia.com/advisories/29707	Third Party Advisory
http://secunia.com/advisories/30161	Third Party Advisory
http://secunia.com/advisories/32545	Third Party Advisory
http://securitytracker.com/id?1019232	Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2008-039.htm	X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm	X_refsource_confirm
http://www.securityfocus.com/archive/1/487335/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/27350	Vdb Entry
http://www.securityfocus.com/bid/27353	Vdb Entry
http://www.vupen.com/english/advisories/2008/0179	Vdb Entry
http://www.vupen.com/english/advisories/2008/0184	Vdb Entry
http://www.vupen.com/english/advisories/2008/0497/references	Vdb Entry
http://www.vupen.com/english/advisories/2008/0703	Vdb Entry
http://www.vupen.com/english/advisories/2008/0924/references	Vdb Entry
http://www.vupen.com/english/advisories/2008/3000	Vdb Entry
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities	X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/39763	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/39764	Vdb Entry
https://issues.rpath.com/browse/RPL-2010	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11045	Signature

URL	Date	SRC

URL	Date	SRC
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html	2018-10-15
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1	2018-10-15
http://www.securityfocus.com/bid/27336	2018-10-15

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321	2018-10-15
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	2018-10-15
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html	2018-10-15
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html	2018-10-15
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html	2018-10-15
http://security.gentoo.org/glsa/glsa-200801-09.xml	2018-10-15
http://security.gentoo.org/glsa/glsa-200804-05.xml	2018-10-15
http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1	2018-10-15
http://www.debian.org/security/2008/dsa-1466	2018-10-15
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml	2018-10-15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:021	2018-10-15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:022	2018-10-15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:023	2018-10-15
http://www.mandriva.com/security/advisories?name=MDVSA-2008:025	2018-10-15
http://www.openbsd.org/errata41.html#012_xorg	2018-10-15
http://www.openbsd.org/errata42.html#006_xorg	2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0029.html	2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0030.html	2018-10-15
http://www.redhat.com/support/errata/RHSA-2008-0031.html	2018-10-15
https://usn.ubuntu.com/571-1	2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html	2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html	2018-10-15
https://access.redhat.com/security/cve/CVE-2007-6429	2008-01-17
https://bugzilla.redhat.com/show_bug.cgi?id=413721	2008-01-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
X.org Search vendor "X.org"		Evi Search vendor "X.org" for product "Evi"				*		-		Affected
X.org Search vendor "X.org"		Mit-shm Search vendor "X.org" for product "Mit-shm"				*		-		Affected
X.org Search vendor "X.org"		Xserver Search vendor "X.org" for product "Xserver"				<= 1.4 Search vendor "X.org" for product "Xserver" and version " <= 1.4"		-		Affected