|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
 |
Vulnerability Note VU#667502
XFree86 vulnerable to buffer overflow via error in 'ReadFontAlias()' function
OverviewXFree86 contains a vulnerability in the parsing of the 'fonts.alias' file, which could be exploited by a local user to execute arbitrary code with elevated privileges.
I. DescriptionXFree86 contains a flaw during the processing of the 'fonts.alias' file. XFree86 is an implementation of the X Window System. The 'fonts.alias' file is used to map new names to existing fonts and must be placed in any directory of the font-path. When reading user input from the file it stores the user supplied data for the font name in a fixed-length buffer. It fails to check the length of the user input, leading to a buffer overflow conditionII. ImpactA local authenticated user may craft a 'fonts.alias' file to exploit this buffer overflow vulnerability, leading to execution of arbitrary code with root privileges. The local user must have privileges to write to one of the directories in the font-path to exploit this vulnerability.III. SolutionUpgrade or Patch
This issue is resolved in XFree86 4.3.0.2. Upgrade or apply patches as specified by your vendor.
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
|---|
| Apple Computer, Inc. | Unknown | 7-Dec-2004 |
| Berkeley Software Design, Inc. | Unknown | 7-Dec-2004 |
| Cray Inc. | Unknown | 7-Dec-2004 |
| Debian Linux | Vulnerable | 17-Aug-2004 |
| eMC Corporation | Unknown | 7-Dec-2004 |
| Engarde | Unknown | 7-Dec-2004 |
| FreeBSD, Inc. | Unknown | 7-Dec-2004 |
| Fujitsu | Unknown | 7-Dec-2004 |
| Hewlett-Packard Company | Unknown | 7-Dec-2004 |
| Hitachi | Unknown | 7-Dec-2004 |
| IBM Corporation | Vulnerable | 7-Dec-2004 |
| Immunix | Vulnerable | 7-Dec-2004 |
| Ingrian Networks, Inc. | Unknown | 7-Dec-2004 |
| Juniper Networks, Inc. | Unknown | 7-Dec-2004 |
| Mandriva, Inc. | Vulnerable | 26-Aug-2004 |
| Mandriva, Inc. | Vulnerable | 7-Dec-2004 |
| MontaVista Software, Inc. | Unknown | 7-Dec-2004 |
| NEC Corporation | Unknown | 7-Dec-2004 |
| NETBSD | Unknown | 7-Dec-2004 |
| Nokia | Unknown | 7-Dec-2004 |
| Novell, Inc. | Unknown | 7-Dec-2004 |
| OpenBSD | Unknown | 7-Dec-2004 |
| Openwall GNU/*/Linux | Unknown | 7-Dec-2004 |
| Red Hat, Inc. | Vulnerable | 7-Dec-2004 |
| SCO | Vulnerable | 7-Dec-2004 |
| Sequent Computer Systems, Inc. | Unknown | 7-Dec-2004 |
| SGI | Vulnerable | 7-Dec-2004 |
| Sony Corporation | Unknown | 7-Dec-2004 |
| Sun Microsystems, Inc. | Vulnerable | 26-Oct-2005 |
| SUSE Linux | Unknown | 7-Dec-2004 |
| TurboLinux | Vulnerable | 7-Dec-2004 |
| Unisys | Unknown | 7-Dec-2004 |
| Wind River Systems, Inc. | Unknown | 7-Dec-2004 |
References
http://www.idefense.com/application/poi/display?id=73&type=vulnerabilities
http://xforce.iss.net/xforce/xfdb/15200
http://www.securityfocus.com/bid/9652
http://www.xfree86.org/cvs/changes_4_3.html
Credit
This vulnerability was reported by Greg MacManus.
This document was written by Will Dormann.
Other Information
| Date Public: | 2004-02-12 |
| Date First Published: | 2004-12-07 |
| Date Last Updated: | 2005-10-25 |
| CERT Advisory: | |
| CVE-ID(s): | CAN-2004-0084 |
| NVD-ID(s): | CAN-2004-0084 |
| US-CERT Technical Alerts: | |
| Metric: | 9.62 |
| Document Revision: | 15 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader