search menu icon-carat-right cmu-wordmark

CERT Coordination Center

XFree86 vulnerable to buffer overflow via error in 'ReadFontAlias()' function

Vulnerability Note VU#667502

Original Release Date: 2004-12-07 | Last Revised: 2005-10-25

Overview

XFree86 contains a vulnerability in the parsing of the 'fonts.alias' file, which could be exploited by a local user to execute arbitrary code with elevated privileges.

Description

XFree86 contains a flaw during the processing of the 'fonts.alias' file. XFree86 is an implementation of the X Window System. The 'fonts.alias' file is used to map new names to existing fonts and must be placed in any directory of the font-path. When reading user input from the file it stores the user supplied data for the font name in a fixed-length buffer. It fails to check the length of the user input, leading to a buffer overflow condition

Impact

A local authenticated user may craft a 'fonts.alias' file to exploit this buffer overflow vulnerability, leading to execution of arbitrary code with root privileges. The local user must have privileges to write to one of the directories in the font-path to exploit this vulnerability.

Solution

Upgrade or Patch

This issue is resolved in XFree86 4.3.0.2. Upgrade or apply patches as specified by your vendor.

Vendor Information

667502
 

Debian Linux Affected

Updated:  August 17, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

IBM Corporation Affected

Updated:  December 07, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see IBM Support Document IY53508

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Immunix Affected

Updated:  December 07, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mandriva, Inc. Affected

Updated:  December 07, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see CLSA-2004:821

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Mandriva, Inc. Affected

Notified:  August 23, 2004 Updated: August 26, 2004

Status

Affected

Vendor Statement

MDKSA-2004:012 fixes both of these vulnerabilities.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The MDKSA-2004:012 advisory refers to both this vulnerability and VU#820006

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Red Hat, Inc. Affected

Updated:  December 07, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see RHSA-2004-059, RHSA-2004-060, and RHSA-2004-061

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SCO Affected

Updated:  December 07, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see SCOSA-2004.2

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SGI Affected

Updated:  December 07, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see SGI Advanced Linux Environment security update #12

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sun Microsystems, Inc. Affected

Updated:  October 26, 2005

Status

Affected

Vendor Statement

Sun confirms that the XFree86 vulnerabilities described in CERT Vulnerability Notes VU#667502 and VU#820006 affect the following versions of Solaris:

Solaris 7, 8, and 9

Solaris 10 is not impacted by these vulnerabilities. Sun has released Sun Alert 57768 which describes the Solaris specific impact, contributing factors, workaround options, and resolution. The Sun Alert is available here:

http://sunsolve.Sun.COM/search/document.do?assetkey=1-26-57768-1

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

TurboLinux Affected

Updated:  December 07, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Please see TLSA-2004-5

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Apple Computer, Inc. Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Berkeley Software Design, Inc. Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Cray Inc. Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Engarde Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

FreeBSD, Inc. Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Fujitsu Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hewlett-Packard Company Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Hitachi Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Ingrian Networks, Inc. Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Juniper Networks, Inc. Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

MontaVista Software, Inc. Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NEC Corporation Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

NETBSD Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Nokia Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Novell, Inc. Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

OpenBSD Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Openwall GNU/*/Linux Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

SUSE Linux Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sequent Computer Systems, Inc. Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sony Corporation Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Unisys Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Wind River Systems, Inc. Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

eMC Corporation Unknown

Updated:  December 07, 2004

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We have no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

View all 33 vendors View less vendors


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported by Greg MacManus.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2004-0084
Severity Metric: 9.62
Date Public: 2004-02-12
Date First Published: 2004-12-07
Date Last Updated: 2005-10-25 15:08 UTC
Document Revision: 15

Sponsored by CISA.