漏洞信息详情
X.Org X Server RENDER扩展整数溢出漏洞
- CNNVD编号:CNNVD-200806-215
- 危害等级: 超危
![图片[1]-X.Org X Server RENDER扩展整数溢出漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-09-08/c4e67a37c54aee8c0e1983d8333a9158.png)
- CVE编号:
CVE-2008-2362
- 漏洞类型:
数字错误
- 发布时间:
2008-06-16
- 威胁类型:
远程
- 更新时间:
2009-02-20
- 厂 商:
x - 漏洞来源:
Matthieu Herrb xo… -
漏洞简介
Xorg X Server是多个厂商操作系统中所捆绑的X窗口系统显示服务器。
X.Org X Server的RENDER扩展在解析客户端请求时没有正确的验证以下函数的参数:
SProcRenderCreateLinearGradient
SProcRenderCreateRadialGradient
SProcRenderCreateConicalGradient
客户端请求中的值被直接用于计算所要交换的客户端请求数据的字节数。由于没有正取的验证字节交换范围,可能导致堆溢出。
如果攻击者能够访问控制台的话,就可以通过向受影响的X服务器发送命令触发这些溢出,导致以root权限执行任意代码。如果将X服务器配置为监听基于TCP的客户端连接,且允许客户端通过xhosts文件创建会话,就可以远程利用这些漏洞。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://www.debian.org/security/2008/dsa-1595
Source archives:
http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1.orig.tar.gz
Size/MD5 checksum: 8388609 15852049050e49f380f953d8715500b9
http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch5.diff.gz
Size/MD5 checksum: 632764 c982d4e00ede14d7627297a457d0320b
http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch5.dsc
Size/MD5 checksum: 2024 fc534ccff948c702a4ef0cf531deaccf
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_alpha.deb
Size/MD5 checksum: 353656 2706862a69138ee94fcbb31211e0c4a5
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_alpha.deb
Size/MD5 checksum: 4455548 ff3a26b71c5e317258df73baa97ab7e2
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_alpha.deb
Size/MD5 checksum: 1030886 44ff2d44fcfaf0473e7bdc43180f0beb
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_alpha.deb
Size/MD5 checksum: 1767104 79c0289e2d897f6173240887459a6bd4
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_alpha.deb
Size/MD5 checksum: 1930704 c6ef24273a6f88b77088e2cd8cd8db1e
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_alpha.deb
Size/MD5 checksum: 140478 286561a4926171499be367df85bc7146
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_alpha.deb
Size/MD5 checksum: 1964526 22a6658d46f631e0a60c618dd4fb723d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_amd64.deb
Size/MD5 checksum: 134018 08d9419fdbff4f1e163122fa5112e336
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_amd64.deb
Size/MD5 checksum: 1654086 37abd310608a1204a95e90878fd0e1d1
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_amd64.deb
Size/MD5 checksum: 859948 37099efb5371cb17f6689e3c90dd0038
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_amd64.deb
Size/MD5 checksum: 1472576 c0e587f113cc6fd656587ed08959bff2
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_amd64.deb
Size/MD5 checksum: 1622812 ccb434f8e7dc1908c61652f71a4512cd
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_amd64.deb
Size/MD5 checksum: 350956 5cf742aa111b5e006d015e85bb7afdfb
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_amd64.deb
Size/MD5 checksum: 3919134 e1befedf8342c06a50ea3dd84ac5da5f
arm architecture (ARM)
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_arm.deb
Size/MD5 checksum: 125572 4f0f268985c0596e0f5b059459308abd
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_arm.deb
Size/MD5 checksum: 3778010 e716984d0990375c62a0d5a4a5cbabc0
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_arm.deb
Size/MD5 checksum: 352298 462cb5ee2ccfb0d220a94413b4fa0e77
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_arm.deb
Size/MD5 checksum: 1446028 cd0fca4306ea72641d82bcf8751fc418
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_arm.deb
Size/MD5 checksum: 1598864 db43f26ed6a6f1b3125e0af7920b3f89
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_arm.deb
Size/MD5 checksum: 854518 16a33b692e5ca981e6a7e71a15e650bb
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-
参考网址
来源: BID
名称: 29670
链接:http://www.securityfocus.com/bid/29670
来源: tp.freedesktop.org
链接:ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2362.diff
来源: issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-2619
来源: issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-2607
来源: UBUNTU
名称: USN-616-1
链接:http://www.ubuntu.com/usn/usn-616-1
来源: BUGTRAQ
名称: 20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
链接:http://www.securityfocus.com/archive/1/archive/1/493550/100/0/threaded
来源: BUGTRAQ
名称: 20080620 rPSA-2008-0200-1 xorg-server
链接:http://www.securityfocus.com/archive/1/archive/1/493548/100/0/threaded
来源: MANDRIVA
名称: MDVSA-2008:179
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:179
来源: MANDRIVA
名称: MDVSA-2008:116
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:116
来源: GENTOO
名称: GLSA-200807-07
链接:http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml
来源: VUPEN
名称: ADV-2008-1983
链接:http://www.frsirt.com/english/advisories/2008/1983/references
来源: VUPEN
名称: ADV-2008-1833
链接:http://www.frsirt.com/english/advisories/2008/1833
来源: VUPEN
名称: ADV-2008-1803
链接:http://www.frsirt.com/english/advisories/2008/1803
来源: DEBIAN
名称: DSA-1595
链接:http://www.debian.org/security/2008/dsa-1595
来源: wiki.rpath.com
链接:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201
来源: support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm
来源: support.apple.com
链接:http://support.apple.com/kb/HT3438
来源: SUNALERT
名称: 238686
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1
来源: SECTRACK
名称: 1020245
链接:http://securitytracker.com/id?1020245
来源: GENTOO
名称: GLSA-200806-07
链接:http://security.gentoo.org/glsa/glsa-200806-07.xml
来源: SECUNIA
名称: 33937
链接:http://secunia.com/advisories/33937
来源: SECUNIA
名称: 32099
链接:http://secunia.com/advisories/32099
来源: SECUNIA
名称: 31109
链接:http://secunia.com/advisories/31109
来源: SECUNIA
名称: 31025
链接:http://secunia.com/advisories/31025
来源: SECUNIA
名称: 30843
链接:http://secunia.com/advisories/30843
来源: SECUNIA
名称: 30809
链接:http://secunia.com/advisories/30809
来源: SECUNIA
名称: 30772
链接:http://secunia.com/advisories/30772
来源: SECUNIA
名称: 30715
链接:http://secunia.com/advisories/30715
来源: SECUNIA
名称: 30671
链接:http://secunia.com/advisories/30671
来源: SECUNIA
名称: 30666
链接:http://secunia.com/advisories/30666
来源: SECUNIA
名称: 30664
链接:http://secunia.com/advisories/30664
来源: SECUNIA
名称: 30659
链接:http://secunia.com/advisories/30659
来源: SECUNIA
名称: 30637
链接:http://secunia.com/advisories/30637
来源: SECUNIA
名称: 30630
链接:http://secunia.com/advisories/30630
来源: SECUNIA
名称: 30627
链接:http://secunia.com/advisories/30627
来源: REDHAT
名称: RHSA-2008:0504
链接:http://rhn.redhat.com/errata/RHSA-2008-0504.html
来源: SUSE
名称: SUSE-SR:2008:019
链接:http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
来源: SUSE
名称: SUSE-SA:2008:027
链接:http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html
来源: MLIST
名称: [xorg] 20080611 X.Org security advisory june 2008 – Multiple vulnerabilities in X server extensions
链接:http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
来源: APPLE
名称: APPLE-SA-2009-02-12
链接:http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
来源: IDEFENSE
名称: 20080611 Multiple Vendor X Server Render Extension Gradient Creation Integer Overflow Vulnerability
链接:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=720
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
