Launchpad.net

CVE 2007-6429

Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.

Related bugs and status

CVE-2007-6429 (Candidate) is related to these bugs:

Bug #141118: [gutsy] cursor endian problem

Summary				In	Importance	Status
	141118	[gutsy] cursor endian problem		xorg-server (Ubuntu)	Low	Fix Released
	141118	[gutsy] cursor endian problem		X.Org X server	Medium	Fix Released

Bug #158709: [gutsy] x picks "i810" on my macbook

Summary				In	Importance	Status
	158709	[gutsy] x picks "i810" on my macbook		xorg-server (Ubuntu)	Low	Fix Released

Bug #184651: Crash when starting gnome-settings-daemon, in SrvXkbFreeGeomRows()

		In	Importance	Status
184651	Crash when starting gnome-settings-daemon, in SrvXkbFreeGeomRows()	xorg-server (Ubuntu)	High	Fix Released
184651	Crash when starting gnome-settings-daemon, in SrvXkbFreeGeomRows()	X.Org X server	Medium	Fix Released
184651	Crash when starting gnome-settings-daemon, in SrvXkbFreeGeomRows()	xorg-server (Debian)	Unknown	Fix Released
184651	Crash when starting gnome-settings-daemon, in SrvXkbFreeGeomRows()	xorg-server (Ubuntu Hardy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

IDEFENSE: 20080117 Multiple Vend...
MLIST: [xorg] 20080117 X.Org ...
DEBIAN: DSA-1466
REDHAT: RHSA-2008:0029
REDHAT: RHSA-2008:0030
REDHAT: RHSA-2008:0031
SUNALERT: 103200
SUSE: SUSE-SA:2008:003
BID: 27336
BID: 27350
BID: 27353
SECTRACK: 1019232
SECUNIA: 28532
SECUNIA: 28535
SECUNIA: 28536
SECUNIA: 28539
SECUNIA: 28540
SECUNIA: 28542
SECUNIA: 28543
SECUNIA: 28550
CONFIRM: http://bugs.gentoo.org...
CONFIRM: http://support.avaya.c...
FEDORA: FEDORA-2008-0760
FEDORA: FEDORA-2008-0831
GENTOO: GLSA-200801-09
MANDRIVA: MDVSA-2008:021
MANDRIVA: MDVSA-2008:022
MANDRIVA: MDVSA-2008:023
MANDRIVA: MDVSA-2008:025
SECUNIA: 28273
SECUNIA: 28592
SECUNIA: 28616
SECUNIA: 28584
SECUNIA: 28693
CONFIRM: https://issues.rpath.c...
SECUNIA: 28718
OPENBSD: [4.1] 20080208 012: SE...
OPENBSD: [4.2] 20080208 006: SE...
SUSE: SUSE-SR:2008:003
SECUNIA: 28838
SECUNIA: 28843
SECUNIA: 28885
CONFIRM: http://support.avaya.c...
SUNALERT: 200153
SECUNIA: 28941
SECUNIA: 29139
CONFIRM: http://docs.info.apple...
APPLE: APPLE-SA-2008-03-18
SECUNIA: 29420
SUSE: SUSE-SR:2008:008
SECUNIA: 29622
GENTOO: GLSA-200804-05
SECUNIA: 29707
GENTOO: GLSA-200805-07
SECUNIA: 30161
HP: HPSBUX02381
HP: SSRT080083
SECUNIA: 32545
VUPEN: ADV-2008-3000
VUPEN: ADV-2008-0179
VUPEN: ADV-2008-0184
VUPEN: ADV-2008-0497
VUPEN: ADV-2008-0703
VUPEN: ADV-2008-0924
CONFIRM: http://www14.software....
XF: xorg-evi-bo(39763)
XF: xorg-mitshm-overflow(3...
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-571-1
BUGTRAQ: 20080130 rPSA-2008-003...