Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2007-4990 | First vendor Publication | 2007-10-05 |
Vendor | Cve | Last vendor Modification | 2018-10-15 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4990 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2009-05-05 | Name : HP-UX Update for X Font Server (xfs) Software HPSBUX02303 File : nvt/gb_hp_ux_HPSBUX02303.nasl |
2009-04-09 | Name : Mandriva Update for xfs MDKSA-2007:210 (xfs) File : nvt/gb_mandriva_MDKSA_2007_210.nasl |
2009-03-06 | Name : RedHat Update for XFree86 RHSA-2008:0029-01 File : nvt/gb_RHSA-2008_0029-01_XFree86.nasl |
2009-03-06 | Name : RedHat Update for xorg-x11 RHSA-2008:0030-01 File : nvt/gb_RHSA-2008_0030-01_xorg-x11.nasl |
2009-02-27 | Name : CentOS Update for XFree86 CESA-2008:0029-01 centos2 i386 File : nvt/gb_CESA-2008_0029-01_XFree86_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for XFree86-100dpi-fonts CESA-2008:0029 centos3 i386 File : nvt/gb_CESA-2008_0029_XFree86-100dpi-fonts_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for XFree86-100dpi-fonts CESA-2008:0029 centos3 x86_64 File : nvt/gb_CESA-2008_0029_XFree86-100dpi-fonts_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for xorg-x11 CESA-2008:0030 centos4 i386 File : nvt/gb_CESA-2008_0030_xorg-x11_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for xorg-x11 CESA-2008:0030 centos4 x86_64 File : nvt/gb_CESA-2008_0030_xorg-x11_centos4_x86_64.nasl |
2009-02-27 | Name : Fedora Update for xorg-x11-xfs FEDORA-2007-4263 File : nvt/gb_fedora_2007_4263_xorg-x11-xfs_fc7.nasl |
2009-01-28 | Name : SuSE Update for XOrg SUSE-SA:2007:054 File : nvt/gb_suse_2007_054.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200710-11 (xfs) File : nvt/glsa_200710_11.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
37722 | X.Org X Font Server (xfs) swap_char2b Function Arbitrary Code Execution |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0029.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0030.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080117_xorg_x11_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080118_XFree86_on_SL3.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0030.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO |
2008-01-22 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_37224.nasl - Type : ACT_GATHER_INFO |
2008-01-22 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_37225.nasl - Type : ACT_GATHER_INFO |
2008-01-22 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_37226.nasl - Type : ACT_GATHER_INFO |
2008-01-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0029.nasl - Type : ACT_GATHER_INFO |
2008-01-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0029.nasl - Type : ACT_GATHER_INFO |
2008-01-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0030.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xorg-x11-4485.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Fedora host is missing a security update. File : fedora_2007-4263.nasl - Type : ACT_GATHER_INFO |
2007-11-07 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2007-210.nasl - Type : ACT_GATHER_INFO |
2007-10-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-11.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:06:25 |
|
2021-04-22 01:06:57 |
|
2020-05-23 01:38:47 |
|
2020-05-23 00:20:28 |
|
2018-10-16 00:19:15 |
|
2017-09-29 09:23:13 |
|
2017-07-29 12:02:33 |
|
2016-04-26 16:36:58 |
|
2014-02-17 10:41:49 |
|
2013-05-11 10:36:55 |
|