exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2008-0006

Status Candidate

Overview

Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.

Related Files

HP Security Bulletin 2008-00.83
Posted Nov 5, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Xserver. The vulnerabilities could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | hpux
advisories | CVE-2007-5958, CVE-2007-6427, CVE-2007-6429, CVE-2008-0006, CVE-2008-1377, CVE-2008-1379
SHA-256 | ced5c6740042c0cd094d009d362b7d7685ebb91d5fe0e017b9aab934a40f69b1
Gentoo Linux Security Advisory 200801-9
Posted Mar 12, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory [ERRATA UPDATE] GLSA 200801-09:03 - The previous version of the X.Org X server (1.3.0.0-r4) did not properly address the integer overflow vulnerability in the MIT-SHM extension (CVE-2007-6429). It failed to check on Pixmaps of certain bit depths. Versions less than 1.3.0.0-r5 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | ec9718e4bc7cbfde57e6fbae71ba194bdc3199ce1bdd7c9822705ba14c88559b
Mandriva Linux Security Advisory 2008-024
Posted Jan 25, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A heap-based buffer overflow flaw was found in how the X.org server handled malformed font files that could allow a malicious local user to potentially execute arbitrary code with the privileges of the X.org server.

tags | advisory, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2008-0006
SHA-256 | 1189a55a8aecdeb393eec235b55875de88aa353539a88bdfa0670cc6e24545d2
Mandriva Linux Security Advisory 2008-022
Posted Jan 25, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities including file verification, memory corruption, information disclosure, integer overflows, and heap overflows were discovered in xorg-X11.

tags | advisory, overflow, vulnerability, info disclosure
systems | linux, mandriva
advisories | CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006, CVE-2007-4730, CVE-2007-5760
SHA-256 | 2690245c14cccd070bbdc7a657598d08fbe2f618754259f55d88d7477ba76ece
Mandriva Linux Security Advisory 2008-021
Posted Jan 25, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities including file verification, memory corruption, information disclosure, integer overflows, and heap overflows were discovered in XFree86.

tags | advisory, overflow, vulnerability, info disclosure
systems | linux, mandriva
advisories | CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | 361ca5c5a576c2dead010393dc88fc0b7518b65926bef03bec670799801efe06
Debian Linux Security Advisory 1466-3
Posted Jan 22, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1466-3 - The X.org fix for CVE-2007-6429 introduced a regression in the MIT-SHM extension, which prevented the start of a few applications. This update provides updated packages for the xfree86 version included in Debian old stable (Sarge) in addition to the fixed packages for Debian stable (Etch), which were provided in DSA 1466-2.

tags | advisory
systems | linux, debian
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | 7cf5d67192897942775250970ee137f0418d36a2330262b64f97e3001e0038ef
Gentoo Linux Security Advisory 200801-9
Posted Jan 22, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200801-09 - Multiple vulnerabilities have been discovered in the X.Org X server and Xfont library, allowing for a local privilege escalation and arbitrary code execution. Versions less than 1.3.0.0-r4 are affected.

tags | advisory, arbitrary, local, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | 7d28a99b610fcc02ab4b414215a56c997828db0b9753eaf6810776b58b6c869f
Ubuntu Security Notice 571-2
Posted Jan 22, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 571-2 - USN-571-1 fixed vulnerabilities in X.org. The upstream fixes were incomplete, and under certain situations, applications using the MIT-SHM extension (e.g. Java, wxWidgets) would crash with BadAlloc X errors. This update fixes the problem.

tags | advisory, java, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | fbf38ace466f8679c27a645bf67eedb816d28d94e4c9f155caed68a4b00432cb
Ubuntu Security Notice 571-1
Posted Jan 18, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 571-1 - Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges.

tags | advisory, overflow, local, root
systems | linux, ubuntu
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | ed802d7374761fc7f216b15cd6a5443aef8801fd64dc5cd436bba1141cfd5934
SUSE-SA-2008-003.txt
Posted Jan 18, 2008
Site suse.com

SUSE Security Announcement - The X windows system is vulnerable to several kinds of vulnerabilities that are caused due to insufficient input validation.

tags | advisory, vulnerability
systems | linux, windows, suse
advisories | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
SHA-256 | db2211cc4f2a6baa5e2ef0ab490f4d619771e3e98a80aaa7ce517e872678b0f7
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close