CVE-2007-6429

{"id": "CVE-2007-6429", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-01-18T23:00:00.000", "references": [{"url": "http://bugs.gentoo.org/show_bug.cgi?id=204362", "source": "cve@mitre.org"}, {"url": "http://docs.info.apple.com/article.html?artnum=307562", "source": "cve@mitre.org"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321", "source": "cve@mitre.org"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=645", "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html", "source": "cve@mitre.org"}, {"url": "http://lists.freedesktop.org/archives/xorg/2008-January/031918.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28273", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28532", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28535", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28536", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28539", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28540", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28542", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28543", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28550", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28584", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28592", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28616", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28693", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28718", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28838", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28843", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28885", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28941", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29139", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29420", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29622", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29707", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30161", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32545", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200801-09.xml", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200804-05.xml", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1019232", "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1", "source": "cve@mitre.org"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-039.htm", "source": "cve@mitre.org"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-078.htm", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2008/dsa-1466", "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:021", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:022", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:023", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:025", "source": "cve@mitre.org"}, {"url": "http://www.openbsd.org/errata41.html#012_xorg", "source": "cve@mitre.org"}, {"url": "http://www.openbsd.org/errata42.html#006_xorg", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0029.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0030.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0031.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/487335/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27336", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27350", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27353", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0179", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0184", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0497/references", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0703", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0924/references", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/3000", "source": "cve@mitre.org"}, {"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39763", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39764", "source": "cve@mitre.org"}, {"url": "https://issues.rpath.com/browse/RPL-2010", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11045", "source": "cve@mitre.org"}, {"url": "https://usn.ubuntu.com/571-1/", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}, {"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en X.Org Xserver versiones anteriores a 1.4.1 permiten a atacantes locales o remotos dependientes del contexto ejecutar c\u00f3digo de su elecci\u00f3n mediante (1) una petici\u00f3n GetVisualInfo conteniendo un valor de 32 bits que se utiliza inapropiadamente para calcular una cantidad de memoria para alojamiento por la extensi\u00f3n EVI, \u00f3 (2) una petici\u00f3n conteniendo valores relativos al tama\u00f1o de pixmap que es inapropiadamente utilizado en la gesti\u00f3n de memoria compartida por la extensi\u00f3n MIT-SHM."}], "lastModified": "2018-10-15T21:53:47.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:x.org:evi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03108EF9-17AB-4260-823B-DF2BB34691F4"}, {"criteria": "cpe:2.3:a:x.org:mit-shm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0283B878-7F07-44F5-ABC8-4B7F0FABDBFE"}, {"criteria": "cpe:2.3:a:x.org:xserver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBC8352E-BBB6-4B41-AD07-447D8D71CE7D", "versionEndIncluding": "1.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}