Vulnerabilities > CVE-2002-1317 - Remote Buffer Overrun vulnerability in Multiple Vendor X Font Server

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
xfree86-project
sgi
hp
sun
nessus

Summary

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

Nessus

NASL familyGain a shell remotely
NASL idXFS_OVERFLOW.NASL
descriptionThe remote X Font Service (xfs) is affected by a buffer overflow. An attacker may use this flaw to gain shell access on the remote host as
last seen2020-06-01
modified2020-06-02
plugin id11188
published2002-12-04
reporterThis script is Copyright (C) 2002-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/11188
titleX Font Service Crafted XFS Query Remote Overflow

Oval

  • accepted2010-09-20T04:00:12.919-04:00
    classvulnerability
    contributors
    • nameDavid Proulx
      organizationThe MITRE Corporation
    • nameTodd Dolinsky
      organizationOpsware, Inc.
    • nameJonathan Baker
      organizationThe MITRE Corporation
    descriptionBuffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
    familyunix
    idoval:org.mitre.oval:def:149
    statusaccepted
    submitted2003-09-08T12:00:00.000-04:00
    titleSolaris 8 X Font Server Remote Buffer Overrun
    version37
  • accepted2010-09-20T04:00:14.407-04:00
    classvulnerability
    contributors
    • nameDavid Proulx
      organizationThe MITRE Corporation
    • nameTodd Dolinsky
      organizationOpsware, Inc.
    • nameJonathan Baker
      organizationThe MITRE Corporation
    descriptionBuffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
    familyunix
    idoval:org.mitre.oval:def:152
    statusaccepted
    submitted2003-09-08T12:00:00.000-04:00
    titleSolaris 7 X Font Server Remote Buffer Overrun
    version37
  • accepted2010-09-20T04:00:21.086-04:00
    classvulnerability
    contributors
    • nameBrian Soby
      organizationThe MITRE Corporation
    • nameTodd Dolinsky
      organizationOpsware, Inc.
    • nameJonathan Baker
      organizationThe MITRE Corporation
    descriptionBuffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
    familyunix
    idoval:org.mitre.oval:def:2816
    statusaccepted
    submitted2005-01-19T12:00:00.000-04:00
    titleXFS Dispatch() Buffer Overflow
    version38