Debian DSA-1595-1 : xorg-server - several vulnerabilities

critical Nessus Plugin ID 33176

Synopsis

The remote Debian host is missing a security-related update.

Description

Several local vulnerabilities have been discovered in the X Window system. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2008-1377 Lack of validation of the parameters of the SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions makes it possible for a specially crafted request to trigger the swapping of bytes outside the parameter of these requests, causing memory corruption.

- CVE-2008-1379 An integer overflow in the validation of the parameters of the ShmPutImage() request makes it possible to trigger the copy of arbitrary server memory to a pixmap that can subsequently be read by the client, to read arbitrary parts of the X server memory space.

- CVE-2008-2360 An integer overflow may occur in the computation of the size of the glyph to be allocated by the AllocateGlyph() function which will cause less memory to be allocated than expected, leading to later heap overflow.

- CVE-2008-2361 An integer overflow may occur in the computation of the size of the glyph to be allocated by the ProcRenderCreateCursor() function which will cause less memory to be allocated than expected, leading later to dereferencing un-mapped memory, causing a crash of the X server.

- CVE-2008-2362 Integer overflows can also occur in the code validating the parameters for the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient and SProcRenderCreateConicalGradient functions, leading to memory corruption by swapping bytes outside of the intended request parameters.

Solution

Upgrade the xorg-server package.

For the stable distribution (etch), these problems have been fixed in version 2:1.1.1-21etch5.

See Also

https://security-tracker.debian.org/tracker/CVE-2008-1377

https://security-tracker.debian.org/tracker/CVE-2008-1379

https://security-tracker.debian.org/tracker/CVE-2008-2360

https://security-tracker.debian.org/tracker/CVE-2008-2361

https://security-tracker.debian.org/tracker/CVE-2008-2362

https://www.debian.org/security/2008/dsa-1595

Plugin Details

Severity: Critical

ID: 33176

File Name: debian_DSA-1595.nasl

Version: 1.18

Type: local

Agent: unix

Published: 6/16/2008

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:xorg-server, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 6/11/2008

Reference Information

CVE: CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362

BID: 29665, 29666, 29668, 29669, 29670

CWE: 189

DSA: 1595