Vulnerabilities > CVE-2006-3739 - Integer Overflow vulnerability in X.Org LibXfont CID Font File
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119060.NASL description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Jun/15/17 This plugin has been deprecated and either replaced with individual 119060 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 22985 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22985 title Solaris 10 (x86) : 119060-72 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(22985); script_version("1.54"); script_cvs_date("Date: 2018/07/30 13:40:15"); script_cve_id("CVE-2005-2495", "CVE-2005-3099", "CVE-2006-3467", "CVE-2006-3739", "CVE-2007-1667", "CVE-2007-4070", "CVE-2008-5684"); script_name(english:"Solaris 10 (x86) : 119060-72 (deprecated)"); script_summary(english:"Check for patch 119060-72"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Jun/15/17 This plugin has been deprecated and either replaced with individual 119060 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119060-72" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2017/06/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 119060 instead.");
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119060-70.NASL description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Nov/12/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107805 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107805 title Solaris 10 (x86) : 119060-70 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107805); script_version("1.4"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2005-2495", "CVE-2005-3099", "CVE-2006-3467", "CVE-2006-3739", "CVE-2007-1667", "CVE-2007-4070", "CVE-2008-5684"); script_name(english:"Solaris 10 (x86) : 119060-70"); script_summary(english:"Check for patch 119060-70"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 119060-70" ); script_set_attribute( attribute:"description", value: "X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Nov/12/15" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119060-70" ); script_set_attribute(attribute:"solution", value:"Install patch 119060-70 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2007-1667"); script_cwe_id(189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:119060"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:121869"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/15"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxorg-client-docs", version:"6.8.2.5.10.0110,REV=0.2005.06.21") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwacx", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwfnt", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwfs", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwice", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwinc", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwman", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwopt", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwplr", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwplt", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwpmn", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwrtl", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwsrv", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwxst", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWxorg-client-docs / SUNWxwacx / SUNWxwfnt / SUNWxwfs / SUNWxwice / etc"); }
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119060_45.NASL description X11 6.6.2_x86: Xsun patch. This patch addresses IAVT 2009-T-0001. last seen 2020-06-01 modified 2020-06-02 plugin id 82537 published 2015-04-02 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82537 title Solaris 10 (x86) : 119060-45 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(82537); script_version("1.9"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id( "CVE-2005-2495", "CVE-2005-3099", "CVE-2006-3467", "CVE-2006-3739", "CVE-2007-1667", "CVE-2007-4070", "CVE-2008-5684" ); script_bugtraq_id( 14807, 18034, 19974, 23300, 32807 ); script_name(english:"Solaris 10 (x86) : 119060-45"); script_summary(english:"Checks for patch 119060-45"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun security patch number 119060-45." ); script_set_attribute( attribute:"description", value: "X11 6.6.2_x86: Xsun patch. This patch addresses IAVT 2009-T-0001." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119060-45" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/15"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwsrv", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwplr", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwrtl", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwice", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwfs", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwxst", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwinc", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwfnt", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwpmn", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxorg-client-docs", version:"6.8.2.5.10.0110,REV=0.2005.06.21") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwplt", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwopt", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwacx", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwman", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_XORG-X11-SERVER-2062.NASL description This update fixes an integer overflow vulnerability when rendering CID-keyed fonts. (CVE-2006-3739 / CVE-2006-3740) last seen 2020-06-01 modified 2020-06-02 plugin id 29605 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29605 title SuSE 10 Security Update : xorg-x11-server (ZYPP Patch Number 2062) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(29605); script_version ("1.13"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2006-3739", "CVE-2006-3740"); script_name(english:"SuSE 10 Security Update : xorg-x11-server (ZYPP Patch Number 2062)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update fixes an integer overflow vulnerability when rendering CID-keyed fonts. (CVE-2006-3739 / CVE-2006-3740)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3739.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3740.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 2062."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:0, reference:"xorg-x11-server-6.9.0-50.24")) flag++; if (rpm_check(release:"SLES10", sp:0, reference:"xorg-x11-server-6.9.0-50.24")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");
NASL family Solaris Local Security Checks NASL id SOLARIS10_119059-74.NASL description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Nov/04/19 last seen 2020-06-01 modified 2020-06-02 plugin id 130508 published 2019-11-05 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130508 title Solaris 10 (sparc) : 119059-74 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119060-64.NASL description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Sep/12/13 last seen 2020-06-01 modified 2020-06-02 plugin id 107801 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107801 title Solaris 10 (x86) : 119060-64 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_124833.NASL description X11 6.6.1_x86: font patch. Date this patch was last updated by Sun : May/03/07 last seen 2020-06-01 modified 2020-06-02 plugin id 24862 published 2007-03-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24862 title Solaris 9 (x86) : 124833-02 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200609-07.NASL description The remote host is affected by the vulnerability described in GLSA-200609-07 (LibXfont, monolithic X.org: Multiple integer overflows) Several integer overflows have been found in the CID font parser. Impact : A remote attacker could exploit this vulnerability by enticing a user to load a malicious font file resulting in the execution of arbitrary code with the permissions of the user running the X server which typically is the root user. A local user could exploit this vulnerability to gain elevated privileges. Workaround : Disable CID-encoded Type 1 fonts by removing the last seen 2020-06-01 modified 2020-06-02 plugin id 22352 published 2006-09-15 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22352 title GLSA-200609-07 : LibXfont, monolithic X.org: Multiple integer overflows NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-164.NASL description Local exploitation of an integer overflow vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 23908 published 2006-12-16 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23908 title Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:164-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0665.NASL description Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported two integer overflow flaws in the way the X.org server processed CID font files. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-3739, CVE-2006-3740) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22346 published 2006-09-14 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22346 title RHEL 4 : xorg-x11 (RHSA-2006:0665) NASL family Solaris Local Security Checks NASL id SOLARIS10_119059-65.NASL description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Sep/12/13 last seen 2020-06-01 modified 2020-06-02 plugin id 107299 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107299 title Solaris 10 (sparc) : 119059-65 NASL family Solaris Local Security Checks NASL id SOLARIS10_119059-66.NASL description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Mar/15/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107300 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107300 title Solaris 10 (sparc) : 119059-66 NASL family Solaris Local Security Checks NASL id SOLARIS10_119059-72.NASL description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Mar/09/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107304 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107304 title Solaris 10 (sparc) : 119059-72 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119060-73.NASL description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Nov/04/19 last seen 2020-06-01 modified 2020-06-02 plugin id 130510 published 2019-11-05 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130510 title Solaris 10 (x86) : 119060-73 NASL family SuSE Local Security Checks NASL id SUSE_XORG-X11-SERVER-2056.NASL description This update fixes an integer overflow vulnerability when rendering CID-keyed fonts (CVE-2006-3739/CVE-2006-3740). last seen 2020-06-01 modified 2020-06-02 plugin id 27494 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27494 title openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-2056) NASL family Solaris Local Security Checks NASL id SOLARIS10_119059_46.NASL description X11 6.6.2: Xsun patch. This patch addresses IAVT 2009-T-0001. last seen 2020-06-01 modified 2020-06-02 plugin id 82536 published 2015-04-02 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82536 title Solaris 10 (sparc) : 119059-46 NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-259-01.NASL description New x11 (X.Org) packages are available for Slackware 10.2, and -current to fix security issues due to overflows in font parsing. last seen 2020-06-01 modified 2020-06-02 plugin id 22420 published 2006-09-22 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22420 title Slackware 10.2 / current : x11 (SSA:2006-259-01) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0666.NASL description Updated XFree86 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported two integer overflow flaws in the way the XFree86 server processed CID font files. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2006-3739, CVE-2006-3740) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22347 published 2006-09-14 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22347 title RHEL 2.1 / 3 : XFree86 (RHSA-2006:0666) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-344-1.NASL description iDefense security researchers found several integer overflows in X.org last seen 2020-06-01 modified 2020-06-02 plugin id 27923 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27923 title Ubuntu 5.04 / 5.10 / 6.06 LTS : libxfont, xorg vulnerabilities (USN-344-1) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119060-69.NASL description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Jul/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107804 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107804 title Solaris 10 (x86) : 119060-69 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0665.NASL description Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported two integer overflow flaws in the way the X.org server processed CID font files. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-3739, CVE-2006-3740) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22339 published 2006-09-14 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22339 title CentOS 4 : xorg-x11 (CESA-2006:0665) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119060-68.NASL description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Nov/15/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107803 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107803 title Solaris 10 (x86) : 119060-68 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119060-65.NASL description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Mar/15/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107802 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107802 title Solaris 10 (x86) : 119060-65 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0665.NASL description From Red Hat Security Advisory 2006:0665 : Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported two integer overflow flaws in the way the X.org server processed CID font files. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-3739, CVE-2006-3740) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67407 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67407 title Oracle Linux 4 : xorg-x11 (ELSA-2006-0665) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1193.NASL description Several vulnerabilities have been discovered in the X Window System, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-3467 Chris Evan discovered an integer overflow in the code to handle PCF fonts, which might lead to denial of service if a malformed font is opened. - CVE-2006-3739 It was discovered that an integer overflow in the code to handle Adobe Font Metrics might lead to the execution of arbitrary code. - CVE-2006-3740 It was discovered that an integer overflow in the code to handle CMap and CIDFont font data might lead to the execution of arbitrary code. - CVE-2006-4447 The XFree86 initialization code performs insufficient checking of the return value of setuid() when dropping privileges, which might lead to local privilege escalation. last seen 2020-06-01 modified 2020-06-02 plugin id 22734 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22734 title Debian DSA-1193-1 : xfree86 - several vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS10_119059.NASL description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Jun/15/17 This plugin has been deprecated and either replaced with individual 119059 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 22952 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22952 title Solaris 10 (sparc) : 119059-73 (deprecated) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0666.NASL description Updated XFree86 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported two integer overflow flaws in the way the XFree86 server processed CID font files. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2006-3739, CVE-2006-3740) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22340 published 2006-09-14 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22340 title CentOS 3 : XFree86 (CESA-2006:0666) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119060-71.NASL description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Mar/09/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107806 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107806 title Solaris 10 (x86) : 119060-71 NASL family Solaris Local Security Checks NASL id SOLARIS10_119059-69.NASL description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Nov/15/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107301 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107301 title Solaris 10 (sparc) : 119059-69 NASL family Solaris Local Security Checks NASL id SOLARIS10_119059-71.NASL description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Nov/12/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107303 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107303 title Solaris 10 (sparc) : 119059-71 NASL family Solaris Local Security Checks NASL id SOLARIS10_119059-70.NASL description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Jul/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107302 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107302 title Solaris 10 (sparc) : 119059-70
Oval
accepted | 2013-04-29T04:04:27.296-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow. | ||||||||||||||||||||
family | unix | ||||||||||||||||||||
id | oval:org.mitre.oval:def:10305 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
title | Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow. | ||||||||||||||||||||
version | 26 |
Redhat
advisories |
| ||||||||
rpms |
|
References
- http://secunia.com/advisories/21864
- http://secunia.com/advisories/21889
- http://secunia.com/advisories/21890
- http://secunia.com/advisories/21894
- http://secunia.com/advisories/21900
- http://secunia.com/advisories/21904
- http://secunia.com/advisories/21908
- http://secunia.com/advisories/21924
- http://secunia.com/advisories/22080
- http://secunia.com/advisories/22141
- http://secunia.com/advisories/22332
- http://secunia.com/advisories/22560
- http://secunia.com/advisories/23033
- http://secunia.com/advisories/23899
- http://secunia.com/advisories/24636
- http://security.gentoo.org/glsa/glsa-200609-07.xml
- http://securitytracker.com/id?1016828
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102714-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1
- http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm
- http://www.debian.org/security/2006/dsa-1193
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=412
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:164
- http://www.novell.com/linux/security/advisories/2006_23_sr.html
- http://www.redhat.com/support/errata/RHSA-2006-0665.html
- http://www.redhat.com/support/errata/RHSA-2006-0666.html
- http://www.securityfocus.com/archive/1/445812/100/0/threaded
- http://www.securityfocus.com/archive/1/464268/100/0/threaded
- http://www.securityfocus.com/bid/19974
- http://www.ubuntu.com/usn/usn-344-1
- http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html
- http://www.vupen.com/english/advisories/2006/3581
- http://www.vupen.com/english/advisories/2006/3582
- http://www.vupen.com/english/advisories/2007/0322
- http://www.vupen.com/english/advisories/2007/1171
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28899
- https://issues.rpath.com/browse/RPL-614
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10305