<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1377" target="_blank">CVE</a>)</em> : The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

Upgrade to version 1.4 or higher, as it has been reported to fix this vulnerability. It is also possible to temporarily work around the flaw by implementing the following workaround: Access to the vulnerable code in the SECURITY extension can be prevented by preventing the X server from loading the extension. However, doing so may seriously impair the functionality of the server. Adding the following lines to the X configuration file will disable the SECURITY extension:
Section "Extensions"
Option "SECURITY" "disable"
EndSection

• Security Tracker: 1020247
• CVE ID: 2008-1377 (see also: NVD)
• Secunia Advisory ID: 30627 30628 30629 30630 30637 30659 30664 30666 30671 30715 30772 30809 30843 31025 31109 32099 32545 33937 40060
• Related OSVDB ID: 46188 46189 46190 46191
• VUPEN Advisory: ADV-2008-1803 ADV-2008-1833
• Vendor Specific News/Changelog Entry: ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-1377.diff
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2008-06/0115.html
  http://archives.neohapsis.com/archives/bugtraq/2008-11/0024.html
  http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
  http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html
• Vendor Specific Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
  http://lists.freedesktop.org/archives/xorg-announce/2008-June/000578.html
  http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
• Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721
  http://lists.debian.org/debian-security-announce/2008/msg00176.html
  http://lists.rpath.com/pipermail/security-announce/2008-June/000361.html
  http://rhn.redhat.com/errata/RHSA-2008-0502.html
  http://rhn.redhat.com/errata/RHSA-2008-0512.html
  http://sunsolve.sun.com/search/document.do?assetkey=1-66-238686-1
  http://support.apple.com/kb/HT3438
  http://support.attachmate.com/techdocs/1708.html
  http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm
  http://www.debian.org/security/2008/dsa-1595
  http://www.gentoo.org/security/en/glsa/glsa-200806-07.xml
  http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml
  http://www.mandriva.com/security/advisories?name=MDVSA-2008:116
  http://www.novell.com/linux/security/advisories/2008_27_xorg.html
  http://www.openbsd.org/errata42.html
  http://www.ubuntu.com/usn/usn-616-1
  https://rhn.redhat.com/errata/RHSA-2008-0504.html
  https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00556.html
  https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00600.html
  https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00646.html
• RedHat RHSA: RHSA-2008:0502 RHSA-2008:0504 RHSA-2008:0512

• regenrecht - iDefense Labs VCP