Executive Summary
Summary | |
---|---|
Title | X.Org PCF font parser buffer overflow |
Informations | |||
---|---|---|---|
Name | VU#203220 | First vendor Publication | 2008-03-19 |
Vendor | VU-CERT | Last vendor Modification | 2008-03-19 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#203220X.Org PCF font parser buffer overflowOverviewA vulnerability in the X.Org server could allow a remote attacker to execute arbitrary code on an affected system.I. DescriptionThe X.Org project provides an open source implementation of the X Window System. The server supports bitmapped fonts in various formats, including Portable Compiled Font (PCF) format. A flaw exists in the handling of PCF fonts where the difference between lastCol and firstCol in the PCF_BDF_ENCODINGS table is greater than 255. An attacker with the ability to cause the X server to open a specially crafted PCF font file could cause a buffer overflow in the X server.II. ImpactA remote attacker with an established, authenticated connection to the X server could execute arbitrary code with the privileges of the X server or cause the server to crash.III. SolutionUpgrade or apply a patch from the vendorPatches and updated versions of the software have been released to address this issue. Please see the Systems Affected section of this document for more information.
References
Thanks to Takuya Shiozaki working through JPCERT/CC for reporting this vulnerability. This document was written by Chad R Dougherty.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/203220 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17702 | |||
Oval ID: | oval:org.mitre.oval:def:17702 | ||
Title: | USN-571-2 -- xorg-server regression | ||
Description: | USN-571-1 fixed vulnerabilities in X.org. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-571-2 CVE-2007-5760 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2007-5958 CVE-2008-0006 | Version: | 5 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | xorg-server |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17768 | |||
Oval ID: | oval:org.mitre.oval:def:17768 | ||
Title: | USN-571-1 -- libxfont, xorg-server vulnerabilities | ||
Description: | Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-571-1 CVE-2007-5760 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2007-5958 CVE-2008-0006 | Version: | 5 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | libxfont xorg-server |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19166 | |||
Oval ID: | oval:org.mitre.oval:def:19166 | ||
Title: | HP-UX Running Xserver, Remote Execution of Arbitrary Code | ||
Description: | Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0006 | Version: | 13 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20244 | |||
Oval ID: | oval:org.mitre.oval:def:20244 | ||
Title: | DSA-1466-2 libxfont xfree86 xorg-server - several vulnerabilities | ||
Description: | The X.org fix for <a href="http://security-tracker.debian.org/tracker/CVE-2007-6429">CVE-2007-6429</a> introduced a regression in the MIT-SHM extension, which prevented the start of a few applications. This update provides updated packages for the xfree86 version included in Debian old stable (sarge) in addition to the fixed packages for Debian stable (etch), which were provided in DSA 1466-2. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1466-2 CVE-2007-5760 CVE-2007-5958 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xorg-server |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22643 | |||
Oval ID: | oval:org.mitre.oval:def:22643 | ||
Title: | ELSA-2008:0064: libXfont security update (Important) | ||
Description: | Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0064-01 CVE-2008-0006 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | libXfont |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-05-05 | Name : HP-UX Update for Xserver HPSBUX02381 File : nvt/gb_hp_ux_HPSBUX02381.nasl |
2009-04-09 | Name : Mandriva Update for libxfont MDVSA-2008:024 (libxfont) File : nvt/gb_mandriva_MDVSA_2008_024.nasl |
2009-03-23 | Name : Ubuntu Update for xorg-server regression USN-571-2 File : nvt/gb_ubuntu_USN_571_2.nasl |
2009-03-23 | Name : Ubuntu Update for libxfont, xorg-server vulnerabilities USN-571-1 File : nvt/gb_ubuntu_USN_571_1.nasl |
2009-03-06 | Name : RedHat Update for XFree86 RHSA-2008:0029-01 File : nvt/gb_RHSA-2008_0029-01_XFree86.nasl |
2009-03-06 | Name : RedHat Update for xorg-x11 RHSA-2008:0030-01 File : nvt/gb_RHSA-2008_0030-01_xorg-x11.nasl |
2009-03-06 | Name : RedHat Update for libXfont RHSA-2008:0064-01 File : nvt/gb_RHSA-2008_0064-01_libXfont.nasl |
2009-02-27 | Name : CentOS Update for XFree86 CESA-2008:0029-01 centos2 i386 File : nvt/gb_CESA-2008_0029-01_XFree86_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for XFree86-100dpi-fonts CESA-2008:0029 centos3 i386 File : nvt/gb_CESA-2008_0029_XFree86-100dpi-fonts_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for XFree86-100dpi-fonts CESA-2008:0029 centos3 x86_64 File : nvt/gb_CESA-2008_0029_XFree86-100dpi-fonts_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for xorg-x11 CESA-2008:0030 centos4 i386 File : nvt/gb_CESA-2008_0030_xorg-x11_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for xorg-x11 CESA-2008:0030 centos4 x86_64 File : nvt/gb_CESA-2008_0030_xorg-x11_centos4_x86_64.nasl |
2009-02-17 | Name : Fedora Update for libXfont FEDORA-2008-0794 File : nvt/gb_fedora_2008_0794_libXfont_fc8.nasl |
2009-02-17 | Name : Fedora Update for libXfont FEDORA-2008-0891 File : nvt/gb_fedora_2008_0891_libXfont_fc7.nasl |
2009-02-17 | Name : Fedora Update for xorg-x11-server FEDORA-2008-0831 File : nvt/gb_fedora_2008_0831_xorg-x11-server_fc7.nasl |
2009-02-17 | Name : Fedora Update for xorg-x11-server FEDORA-2008-0760 File : nvt/gb_fedora_2008_0760_xorg-x11-server_fc8.nasl |
2009-01-23 | Name : SuSE Update for Xorg and XFree SUSE-SA:2008:003 File : nvt/gb_suse_2008_003.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200801-09 (xorg-server libXfont) File : nvt/glsa_200801_09.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-05 (nx, nxnode) File : nvt/glsa_200804_05.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200805-07 (ltsp) File : nvt/glsa_200805_07.nasl |
2008-09-04 | Name : FreeBSD Ports: xorg-server File : nvt/freebsd_xorg-server0.nasl |
2008-01-31 | Name : Debian Security Advisory DSA 1466-2 (xorg-server, libxfont, xfree86) File : nvt/deb_1466_2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
40938 | X.Org Xserver PCF Font Handling Arbitrary Code Execution |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | X.org PCF parsing buffer overflow attempt RuleID : 16070 - Revision : 9 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0064.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0030.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0029.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080118_XFree86_on_SL3.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080117_xorg_x11_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080117_libXfont_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0030.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0064.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-024.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-023.nasl - Type : ACT_GATHER_INFO |
2008-11-11 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_37972.nasl - Type : ACT_GATHER_INFO |
2008-11-11 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_38840.nasl - Type : ACT_GATHER_INFO |
2008-11-11 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34392.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xgl-5100.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_xgl-5099.nasl - Type : ACT_GATHER_INFO |
2008-03-19 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_fe2b6597c9a411dc8da80008a18a9961.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote Fedora host is missing a security update. File : fedora_2008-0891.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote Fedora host is missing a security update. File : fedora_2008-0831.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1466.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote Fedora host is missing a security update. File : fedora_2008-0760.nasl - Type : ACT_GATHER_INFO |
2008-01-27 | Name : The remote Fedora host is missing a security update. File : fedora_2008-0794.nasl - Type : ACT_GATHER_INFO |
2008-01-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-571-2.nasl - Type : ACT_GATHER_INFO |
2008-01-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0029.nasl - Type : ACT_GATHER_INFO |
2008-01-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200801-09.nasl - Type : ACT_GATHER_INFO |
2008-01-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0064.nasl - Type : ACT_GATHER_INFO |
2008-01-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0030.nasl - Type : ACT_GATHER_INFO |
2008-01-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0029.nasl - Type : ACT_GATHER_INFO |
2008-01-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-571-1.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote host is missing Sun Security Patch number 125719-58 File : solaris10_125719.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 118908-06 File : solaris9_x86_118908.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 00:56:55 |
|