diff options
| author | flz <flz@FreeBSD.org> | 2008-06-15 20:26:18 +0800 |
|---|---|---|
| committer | flz <flz@FreeBSD.org> | 2008-06-15 20:26:18 +0800 |
| commit | b2cef976c5a23fe25e8674bd831b263f3375159f (patch) | |
| tree | 9474e2f1fdf503fb70e955fa469bd16b5ef6abfe /security | |
| parent | b5f1e4fdca55fd981eba5e3f560fb22651e06374 (diff) | |
| download | freebsd-ports-gnome-b2cef976c5a23fe25e8674bd831b263f3375159f.tar.gz freebsd-ports-gnome-b2cef976c5a23fe25e8674bd831b263f3375159f.tar.zst freebsd-ports-gnome-b2cef976c5a23fe25e8674bd831b263f3375159f.zip | |
Document xorg -- multiple vulnerabilities.
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 345f06b71b23..26a2b7082370 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,50 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="800e8bd5-3acb-11dd-8842-001302a18722"> + <topic>xorg -- multiple vulnerabilities</topic> + <affects> + <package> + <name>xorg-server</name> + <range><lt>1.4.2,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Matthieu Herrb of X.Org reports:</p> + <blockquote cite="http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"> + <p>Several vulnerabilities have been found in the server-side code + of some extensions in the X Window System. Improper validation of + client-provided data can cause data corruption.</p> + <p>Exploiting these overflows will crash the X server or, + under certain circumstances allow the execution of arbitray machine + code.</p> + <p>When the X server is running with root privileges (which is the case + for the Xorg server and for most kdrive based servers), these + vulnerabilities can thus also be used to raise privileges.</p> + <p>All these vulnerabilities, to be exploited successfully, require either + an already established connection to a running X server (and normally + running X servers are only accepting authenticated connections), or a + shell access with a valid user on the machine where the vulnerable + server is installed.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-1377</cvename> + <cvename>CVE-2008-1379</cvename> + <cvename>CVE-2008-2360</cvename> + <cvename>CVE-2008-2361</cvename> + <cvename>CVE-2008-2362</cvename> + <url>http://lists.freedesktop.org/archives/xorg/2008-June/036026.html</url> + <url>http://secunia.com/advisories/30627/</url> + </references> + <dates> + <discovery>2008-06-11</discovery> + <entry>2008-06-15</entry> + </dates> + </vuln> + <vuln vid="c4ba95b2-39ce-11dd-98c9-00163e000016"> <topic>moinmoin -- superuser privilege escalation</topic> <affects> |