SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#820006

XFree86 vulnerable to buffer overflow via crafted font directory in 'fonts.alias' file

Overview

XFree86 contains a vulnerability in the parsing of the 'fonts.alias' file, which could be exploited by a local user to execute arbitrary code with elevated privileges.

I. Description

XFree86 contains a flaw during the processing of the 'fonts.alias' file. XFree86 is an implementation of the X Window System. The 'fonts.alias' file is used to map new names to existing fonts and must be placed in any directory of the font-path. When reading user input from the file it stores the user supplied data for the font directory in a fixed-length buffer. It fails to check the length of the user input, leading to a buffer overflow condition.

II. Impact

A local authenticated user may craft a 'fonts.alias' file to exploit this buffer overflow vulnerability, leading to execution of arbitrary code with root privileges. The local user must have privileges to write to one of the directories in the font-path to exploit this vulnerability.

III. Solution

Upgrade or Patch

This issue is resolved in XFree86 4.3.0.2. Upgrade or apply patches as specified by your vendor.

Systems Affected

VendorStatusDate NotifiedDate Updated
Apple Computer, Inc.Unknown7-Dec-2004
AvayaUnknown6-Jun-2005
Berkeley Software Design, Inc.Unknown7-Dec-2004
Cray Inc.Unknown7-Dec-2004
Debian LinuxUnknown7-Dec-2004
EMC CorporationUnknown7-Dec-2004
EngardeUnknown7-Dec-2004
FreeBSD, Inc.Unknown7-Dec-2004
FujitsuUnknown7-Dec-2004
GentooVulnerable7-Dec-2004
Hewlett-Packard CompanyUnknown7-Dec-2004
HitachiUnknown7-Dec-2004
IBM CorporationVulnerable7-Dec-2004
ImmunixUnknown7-Dec-2004
Ingrian Networks, Inc.Unknown7-Dec-2004
Juniper Networks, Inc.Unknown7-Dec-2004
Mandriva, Inc.Vulnerable7-Dec-2004
Mandriva, Inc.Vulnerable7-Dec-2004
MontaVista Software, Inc.Unknown7-Dec-2004
NEC CorporationUnknown7-Dec-2004
NETBSDUnknown7-Dec-2004
NokiaUnknown7-Dec-2004
Novell, Inc.Unknown7-Dec-2004
OpenBSDUnknown7-Dec-2004
Openwall GNU/*/LinuxUnknown7-Dec-2004
Red Hat, Inc.Vulnerable7-Dec-2004
SCOVulnerable7-Dec-2004
Sequent Computer Systems, Inc.Unknown7-Dec-2004
SGIVulnerable7-Dec-2004
SlackwareVulnerable7-Dec-2004
Sony CorporationUnknown7-Dec-2004
Sun Microsystems, Inc.Vulnerable26-Oct-2005
SUSE LinuxVulnerable7-Dec-2004
TurboLinuxVulnerable7-Dec-2004
UnisysUnknown7-Dec-2004
Wind River Systems, Inc.Unknown7-Dec-2004

References


http://www.idefense.com/application/poi/display?id=72&type=vulnerabilities
http://xforce.iss.net/xforce/xfdb/15130
http://www.securityfocus.com/bid/9636
http://www.osvdb.org/displayvuln.php?osvdb_id=3905
http://www.xfree86.org/cvs/changes_4_3.html

Credit

This vulnerability was reported by Greg MacManus.

This document was written by Will Dormann.

Other Information

Date Public:2004-02-10
Date First Published:2004-12-07
Date Last Updated:2005-10-26
CERT Advisory: 
CVE-ID(s):CAN-2004-0083
NVD-ID(s):CAN-2004-0083
US-CERT Technical Alerts: 
Metric:9.62
Document Revision:24

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2004 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader