SecurityTracker: (HP Issues Fix) X Memory Corruption Error in SProcSecurity Functions Lets Local Users and Remote Authenticated Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > X

(HP Issues Fix) X Memory Corruption Error in SProcSecurity Functions Lets Local Users and Remote Authenticated Users Execute Arbitrary Code

SecurityTracker Alert ID: 1021135

SecurityTracker URL: http://securitytracker.com/id/1021135

CVE Reference: CVE-2008-1377 (Links to External Site)

Date: Nov 4 2008

Impact: Execution of arbitrary code via network, Root access via local system, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): X11R7.3

Description: A vulnerability was reported in the X Windows System. A remote authenticated user can execute arbitrary code on the target system. A local user can obtain elevated privileges on the target system.

A remote authenticated user can send specially crafted data to trigger a memory corruption error in the SProcSecurityGenerateAuthorization(), SProcRecordCreateContext(), and SProcRecordRegisterClients() functions and execute arbitrary code on the target X server. The code will run with the privileges of the target server (which may be root privileges on many systems).

A local user can execute arbitrary commands on the target system with elevated privileges.

The RECORD and Security Extensions are affected.

The vendor was notified on March 26, 2008.

regenrecht reported this vulnerability via iDefense.

Impact: A remote authenticated user can execute arbitrary code on the target system.

A local user can obtain elevated privileges on the target system.

Solution: HP has issued a fix for HP-UX.

The HP advisory is available at:

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321

Vendor URL: x.org/ (Links to External Site)

Cause: Access control error

Underlying OS: UNIX (HP/UX)

Message History: This archive entry is a follow-up to the message listed below.

X Memory Corruption Error in SProcSecurity Functions Lets Local Users and Remote Authenticated Users Execute Arbitrary Code

Source Message Contents

Date: Tue, 4 Nov 2008 08:28:28 -0500
Subject: HPSBUX02381 SSRT080083 rev.1 - HP-UX Running Xserver, Remote Execution of Arbitrary Code



http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321

CVE-2007-5958, CVE-2007-6427, CVE-2007-6429, CVE-2008-0006, CVE-2008-1377, CVE-2008-1379

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC