Upstream information

CVE-2007-6428 at MITRE

Description

The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
SUSE Bugzilla entry: 345128 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • xorg-x11-Xvnc >= 7.4-27.19.19
  • xorg-x11-server >= 7.4-27.19.19
  • xorg-x11-server-extra >= 7.4-27.19.19
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA xorg-x11-Xvnc
SUSE Linux Enterprise Server 11 SP2
  • xorg-x11-Xvnc >= 7.4-27.60.5
  • xorg-x11-server >= 7.4-27.60.5
  • xorg-x11-server-extra >= 7.4-27.60.5
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA xorg-x11-Xvnc
SUSE Linux Enterprise Server 11 SP3
  • xorg-x11-Xvnc >= 7.4-27.81.7
  • xorg-x11-server >= 7.4-27.81.7
  • xorg-x11-server-extra >= 7.4-27.81.7
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA xorg-x11-Xvnc
SUSE Linux Enterprise Server 11 SP4
  • xorg-x11-Xvnc >= 7.4-27.105.1
  • xorg-x11-server >= 7.4-27.105.1
  • xorg-x11-server-extra >= 7.4-27.105.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA xorg-x11-Xvnc
SUSE Linux Enterprise Software Development Kit 11 SP4
  • xorg-x11-server-sdk >= 7.4-27.105.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA xorg-x11-server-sdk
SUSE LINUX 10.1
  • NX >= 1.5.0-41.5
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • XFree86-libs >= 4.3.99.902-43.94
  • XFree86-server >= 4.3.99.902-43.94
sles9-oes.x86
YOU Patch Nr: 12040
Novell Linux Desktop 9 for x86_64
  • XFree86-libs >= 4.3.99.902-43.94
  • XFree86-libs-32bit >= 9-200801062003
  • XFree86-server >= 4.3.99.902-43.94
sles9-oes.x86
YOU Patch Nr: 12040
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Open Enterprise Server
  • XFree86-Xnest >= 4.3.99.902-43.94
  • XFree86-Xvfb >= 4.3.99.902-43.94
core9.s390
sles9-oes.x86
YOU Patch Nr: 12043
SUSE LINUX 10.1
  • xorg-x11-Xnest >= 6.9.0-50.54.5
  • xorg-x11-Xvfb >= 6.9.0-50.54.5
  • xorg-x11-devel >= 6.9.0-50.54.5
  • xorg-x11-devel-32bit >= 6.9.0-50.54.5
  • xorg-x11-devel-64bit >= 6.9.0-50.54.5
  • xorg-x11-libs >= 6.9.0-50.54.5
  • xorg-x11-libs-32bit >= 6.9.0-50.54.5
  • xorg-x11-libs-64bit >= 6.9.0-50.54.5
  • xorg-x11-server >= 6.9.0-50.54.5
SUSE LINUX 10.1
  • xgl >= cvs_060522-0.37.5