Oval Definition:oval:org.mitre.oval:def:19727
Revision Date:2015-04-20Version:30
Title:HP-UX Running Xserver, Remote Execution of Arbitrary Code
Description:The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-1377
Platform(s):HP-UX 11
Product(s):
Definition Synopsis
  • Criteria meets HP Security Bulletin HPSBUX02381
  • HP-UX B.11.31
  • AND Xserver.X11-SERV is installed
  • AND NOT Patch PHSS_38840 is installed
  • OR Criteria meets HP Security Bulletin HPSBUX02381
  • HP-UX B.11.23
  • AND filesets tests
  • URL: is installed
  • OR Xserver.X11-SERV is installed
  • AND NOT Patch PHSS_37972 is installed
  • OR Criteria meets HP Security Bulletin HPSBUX02381
  • HP-UX B.11.11
  • AND filesets tests
  • URL: is installed
  • OR Xserver.X11-SERV is installed
  • AND NOT Patch PHSS_34392 is installed
    • BACK