Overview
XFree86 contains a vulnerability in the parsing of the 'fonts.alias' file, which could be exploited by a local user to execute arbitrary code with elevated privileges.
Description
XFree86 contains a flaw during the processing of the 'fonts.alias' file. XFree86 is an implementation of the X Window System. The 'fonts.alias' file is used to map new names to existing fonts and must be placed in any directory of the font-path. When reading user input from the file it stores the user supplied data for the font directory in a fixed-length buffer. It fails to check the length of the user input, leading to a buffer overflow condition. |
Impact
A local authenticated user may craft a 'fonts.alias' file to exploit this buffer overflow vulnerability, leading to execution of arbitrary code with root privileges. The local user must have privileges to write to one of the directories in the font-path to exploit this vulnerability. |
Solution
Upgrade or Patch This issue is resolved in XFree86 4.3.0.2. Upgrade or apply patches as specified by your vendor. |
Vendor Information
Gentoo
Updated: December 07, 2004
Status
Vulnerable
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see GLSA 200402-02
If you have feedback, comments, or additional information about this vulnerability, please send us email.
IBM Corporation
Updated: December 07, 2004
Status
Vulnerable
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see IBM Support Document IY53508
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Mandriva, Inc.
Updated: December 07, 2004
Status
Vulnerable
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see CLSA-2004:821
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Mandriva, Inc.
Notified: August 23, 2004 Updated: December 07, 2004
Status
Vulnerable
Vendor Statement
MDKSA-2004:012 fixes both of these vulnerabilities.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The MDKSA-2004:012 advisory refers to both this vulnerability and VU#667502
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Red Hat, Inc.
Updated: December 07, 2004
Status
Vulnerable
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see RHSA-2004-059, RHSA-2004-060, and RHSA-2004-061
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SCO
Updated: December 07, 2004
Status
Vulnerable
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see SCOSA-2004.2
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SGI
Updated: December 07, 2004
Status
Vulnerable
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see SGI Advanced Linux Environment security update #12
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SUSE Linux
Updated: December 07, 2004
Status
Vulnerable
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see SuSE-SA:2004-006
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Slackware
Updated: December 07, 2004
Status
Vulnerable
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see SSA:2004-043
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sun Microsystems, Inc.
Updated: October 26, 2005
Status
Vulnerable
Vendor Statement
Sun confirms that the XFree86 vulnerabilities described in CERT Vulnerability Notes VU#667502 and VU#820006 affect the following versions of Solaris:
Solaris 7, 8, and 9
Solaris 10 is not impacted by these vulnerabilities. Sun has released Sun Alert 57768 which describes the Solaris specific impact, contributing factors, workaround options, and resolution. The Sun Alert is available here:
http://sunsolve.Sun.COM/search/document.do?assetkey=1-26-57768-1
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
TurboLinux
Updated: December 07, 2004
Status
Vulnerable
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see TLSA-2004-5
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Apple Computer, Inc.
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Avaya
Updated: June 06, 2005
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Berkeley Software Design, Inc.
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Cray Inc.
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Debian Linux
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
EMC Corporation
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Engarde
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
FreeBSD, Inc.
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Fujitsu
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Hewlett-Packard Company
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Hitachi
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Immunix
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Ingrian Networks, Inc.
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Juniper Networks, Inc.
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
MontaVista Software, Inc.
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NEC Corporation
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NETBSD
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Nokia
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Novell, Inc.
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
OpenBSD
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Openwall GNU/*/Linux
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sequent Computer Systems, Inc.
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sony Corporation
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Unisys
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Wind River Systems, Inc.
Updated: December 07, 2004
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A |
References
Credit
This vulnerability was reported by Greg MacManus.
This document was written by Will Dormann.
Other Information
| CVE IDs: | CVE-2004-0083 |
| Severity Metric: | 9.62 |
| Date Public: | 2004-02-10 |
| Date First Published: | 2004-12-07 |
| Date Last Updated: | 2005-10-26 17:22 UTC |
| Document Revision: | 24 |