CVE-2008-1377 — xorg-server - multiple vulnerabilities

Description

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

How to fix CVE-2008-1377

To remediate CVE-2008-1377, upgrade the affected package to a fixed version below.

Debian/xorg-server—upgrade to 2:1.4.1~git20080517-2 or later
—upgrade to 2:1.1.1-21etch5 or later
—upgrade to 2:1.4.1~git20080517-2~lenny1 or later

Is CVE-2008-1377 being exploited?

Low — EPSS is 2.4%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 2:1.4.1~git20080517-2
from 0, < 2:1.1.1-21etch5
from 0, < 2:1.4.1~git20080517-2~lenny1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-1377