Vulnerabilities > CVE-2002-1317 - Remote Buffer Overrun vulnerability in Multiple Vendor X Font Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 | |
| OS | 14 | |
| OS | 7 | |
| OS | 11 |
Nessus
| NASL family | Gain a shell remotely |
| NASL id | XFS_OVERFLOW.NASL |
| description | The remote X Font Service (xfs) is affected by a buffer overflow. An attacker may use this flaw to gain shell access on the remote host as |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11188 |
| published | 2002-12-04 |
| reporter | This script is Copyright (C) 2002-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/11188 |
| title | X Font Service Crafted XFS Query Remote Overflow |
Oval
accepted 2010-09-20T04:00:12.919-04:00 class vulnerability contributors name David Proulx organization The MITRE Corporation name Todd Dolinsky organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
description Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query. family unix id oval:org.mitre.oval:def:149 status accepted submitted 2003-09-08T12:00:00.000-04:00 title Solaris 8 X Font Server Remote Buffer Overrun version 37 accepted 2010-09-20T04:00:14.407-04:00 class vulnerability contributors name David Proulx organization The MITRE Corporation name Todd Dolinsky organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
description Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query. family unix id oval:org.mitre.oval:def:152 status accepted submitted 2003-09-08T12:00:00.000-04:00 title Solaris 7 X Font Server Remote Buffer Overrun version 37 accepted 2010-09-20T04:00:21.086-04:00 class vulnerability contributors name Brian Soby organization The MITRE Corporation name Todd Dolinsky organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
description Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query. family unix id oval:org.mitre.oval:def:2816 status accepted submitted 2005-01-19T12:00:00.000-04:00 title XFS Dispatch() Buffer Overflow version 38
References
- ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I
- http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541
- http://marc.info/?l=bugtraq&m=103825150527843&w=2
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879
- http://www.cert.org/advisories/CA-2002-34.html
- http://www.ciac.org/ciac/bulletins/n-024.shtml
- http://www.iss.net/security_center/static/10375.php
- http://www.kb.cert.org/vuls/id/312313
- http://www.securityfocus.com/advisories/4988
- http://www.securityfocus.com/bid/6241
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816