Vulnerability Note VU#820006

XFree86 vulnerable to buffer overflow via crafted font directory in 'fonts.alias' file

Original Release date: 07 Dec 2004 | Last revised: 26 Oct 2005

Overview

XFree86 contains a vulnerability in the parsing of the 'fonts.alias' file, which could be exploited by a local user to execute arbitrary code with elevated privileges.

Description

XFree86 contains a flaw during the processing of the 'fonts.alias' file. XFree86 is an implementation of the X Window System. The 'fonts.alias' file is used to map new names to existing fonts and must be placed in any directory of the font-path. When reading user input from the file it stores the user supplied data for the font directory in a fixed-length buffer. It fails to check the length of the user input, leading to a buffer overflow condition.

Impact

A local authenticated user may craft a 'fonts.alias' file to exploit this buffer overflow vulnerability, leading to execution of arbitrary code with root privileges. The local user must have privileges to write to one of the directories in the font-path to exploit this vulnerability.

Solution

Upgrade or Patch

This issue is resolved in XFree86 4.3.0.2. Upgrade or apply patches as specified by your vendor.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
GentooAffected-07 Dec 2004
IBM CorporationAffected-07 Dec 2004
Mandriva, Inc.Affected-07 Dec 2004
Mandriva, Inc.Affected23 Aug 200407 Dec 2004
Red Hat, Inc.Affected-07 Dec 2004
SCOAffected-07 Dec 2004
SGIAffected-07 Dec 2004
SlackwareAffected-07 Dec 2004
Sun Microsystems, Inc.Affected-26 Oct 2005
SUSE LinuxAffected-07 Dec 2004
TurboLinuxAffected-07 Dec 2004
Apple Computer, Inc.Unknown-07 Dec 2004
AvayaUnknown-06 Jun 2005
Berkeley Software Design, Inc.Unknown-07 Dec 2004
Cray Inc.Unknown-07 Dec 2004
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by Greg MacManus.

This document was written by Will Dormann.

Other Information

  • CVE IDs: CAN-2004-0083
  • Date Public: 10 Feb 2004
  • Date First Published: 07 Dec 2004
  • Date Last Updated: 26 Oct 2005
  • Severity Metric: 9.62
  • Document Revision: 24

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.