Vulnerabilities > CVE-2003-0625 - Off-by-one Error vulnerability in Hadrons Xfstt
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | xfstt 1.2/1.4 Unspecified Memory Disclosure Vulnerability. CVE-2003-0625 . Dos exploit for linux platform |
id | EDB-ID:22952 |
last seen | 2016-02-02 |
modified | 2003-07-23 |
published | 2003-07-23 |
reporter | V9 |
source | https://www.exploit-db.com/download/22952/ |
title | xfstt 1.2/1.4 Unspecified Memory Disclosure Vulnerability |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-360.NASL |
description | xfstt, a TrueType font server for the X window system was found to contain two classes of vulnerabilities : CAN-2003-0581: a remote attacker could send requests crafted to trigger any of several buffer overruns, causing a denial of service or possibly executing arbitrary code on the server with the privileges of the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 15197 |
published | 2004-09-29 |
reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/15197 |
title | Debian DSA-360-1 : xfstt - several vulnerabilities |
References
- http://developer.berlios.de/forum/forum.php?forum_id=2819
- http://developer.berlios.de/forum/forum.php?forum_id=2819
- http://marc.info/?l=bugtraq&m=105941103709264&w=2
- http://marc.info/?l=bugtraq&m=105941103709264&w=2
- http://www.debian.org/security/2003/dsa-360
- http://www.debian.org/security/2003/dsa-360
- http://www.securityfocus.com/bid/8255
- http://www.securityfocus.com/bid/8255