what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2007-1352

Status Candidate

Overview

Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

Related Files

Debian Linux Security Advisory 1294-1
Posted May 21, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1294-1 - Several vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667
SHA-256 | 041774f5d08c1a2248f7f5bfafc8394a37277b57085add582ddcb8a761ddaf62
Gentoo Linux Security Advisory 200705-10
Posted May 10, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200705-10 - The libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable(). TightVNC contains a local copy of this code and is also affected. Versions less than 1.2.9-r4 are affected.

tags | advisory, overflow, local
systems | linux, gentoo
advisories | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352
SHA-256 | 2fc25a79b7ffa81e21e6c4c5e2b22c388fa4a3033e765361858a4ee48158de8a
Mandriva Linux Security Advisory 2007.080
Posted Apr 11, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server.

tags | advisory, overflow, arbitrary, local, root
systems | linux, mandriva
advisories | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352
SHA-256 | 3b1c1631f20743de09f36c1b9347ec5d750ad65a0831fd14b5f97665d3ee9d84
Mandriva Linux Security Advisory 2007.080
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. TightVNC uses some of the same code base as Xorg, and has the same vulnerable code.

tags | advisory, overflow, arbitrary, local, root, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352
SHA-256 | 330fcb42f22893aed5d9dc72a5e4c07dd0445ff1c5c94024359d87760efc0e63
Mandriva Linux Security Advisory 2007.079
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. Multiple integer overflows in the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow.

tags | advisory, remote, denial of service, overflow, arbitrary, local, root, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667
SHA-256 | c68398453cdd0da008a82f8abe40ea08649a33cada1190cb14fbbabea9298e8f
iDEFENSE Security Advisory 2007-04-03.4
Posted Apr 5, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 04.03.07 - Local exploitation of an integer overflow vulnerability in multiple vendors' implementations of the X Window System font information file parsing component could allow execution of arbitrary commands with elevated privileges. The vulnerability specifically exists in the parsing of the "fonts.dir" font information file. When the element count on the first line of the file specifies it contains more than 1,073,741,824 (2 to the power of 30) elements, a potentially exploitable heap overflow condition occurs. iDefense has confirmed the existence of this vulnerability in X.Org X11R7.1. Older versions are suspected to be vulnerable.

tags | advisory, overflow, arbitrary, local
advisories | CVE-2007-1352
SHA-256 | d95f5eb5f4a2fafa2a559d05262d2b4aad07530980018d5f6c4989c5110b0426
Ubuntu Security Notice 448-1
Posted Apr 5, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 448-1 - Sean Larsson of iDefense Labs discovered that the MISC-XC extension of Xorg did not correctly verify the size of allocated memory. An authenticated user could send a specially crafted X11 request and execute arbitrary code with root privileges. Greg MacManus of iDefense Labs discovered that the BDF font handling code in Xorg and FreeType did not correctly verify the size of allocated memory. If a user were tricked into using a specially crafted font, a remote attacker could execute arbitrary code with root privileges.

tags | advisory, remote, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352
SHA-256 | db2d0709dc9ce1e0901c0f8411756dd6f54fb3dd1dd76b940a08a73e2da41185
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close