Vulnerabilities > CVE-2007-4568 - Numeric Errors vulnerability in X.Org X Font Server 1.0.1/1.0.2/1.0.4
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1385.NASL description Sean Larsson discovered that two code paths inside the X Font Server handle integer values insecurely, which may lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 26976 published 2007-10-12 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26976 title Debian DSA-1385-1 : xfs - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1385. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(26976); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2007-4568"); script_xref(name:"DSA", value:"1385"); script_name(english:"Debian DSA-1385-1 : xfs - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Sean Larsson discovered that two code paths inside the X Font Server handle integer values insecurely, which may lead to the execution of arbitrary code." ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2007/dsa-1385" ); script_set_attribute( attribute:"solution", value: "Upgrade the xfs packages. For the oldstable distribution (sarge) this problem has been fixed in version 4.3.0.dfsg.1-14sarge5 of xfree86. Packages for m68k are not yet available. They will be provided later. For the stable distribution (etch) this problem has been fixed in version 1.0.1-7." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"lbxproxy", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libdps-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libdps1", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libdps1-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libice-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libice6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libice6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libsm-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libsm6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libsm6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libx11-6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libx11-6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libx11-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxaw6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxaw6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxaw6-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxaw7", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxaw7-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxaw7-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxext-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxext6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxext6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxft1", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxft1-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxi-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxi6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxi6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxmu-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxmu6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxmu6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxmuu-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxmuu1", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxmuu1-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxp-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxp6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxp6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxpm-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxpm4", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxpm4-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxrandr-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxrandr2", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxrandr2-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxt-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxt6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxt6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxtrap-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxtrap6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxtrap6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxtst-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxtst6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxtst6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxv-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxv1", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxv1-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"pm-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"proxymngr", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"twm", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"x-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"x-window-system", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"x-window-system-core", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"x-window-system-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xbase-clients", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xdm", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfonts-100dpi", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfonts-100dpi-transcoded", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfonts-75dpi", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfonts-75dpi-transcoded", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfonts-base", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfonts-base-transcoded", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfonts-cyrillic", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfonts-scalable", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfree86-common", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfs", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfwp", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa-dri", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa-dri-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa-gl", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa-gl-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa-gl-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa-glu", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa-glu-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa-glu-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa3", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa3-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibosmesa-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibosmesa4", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibosmesa4-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibs", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibs-data", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibs-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibs-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibs-pic", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibs-static-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibs-static-pic", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xmh", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xnest", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xserver-common", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xserver-xfree86", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xserver-xfree86-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xspecs", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xterm", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xutils", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xvfb", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"4.0", prefix:"xfs", reference:"1.0.1-7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family MacOS X Local Security Checks NASL id MACOSX_10_5_2.NASL description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.2. Mac OS X 10.5.2 contains several security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 30255 published 2008-02-12 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30255 title Mac OS X 10.5.x < 10.5.2 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_XORG-X11-4485.NASL description This update fixes the following issues : X Font Server build_range() Integer Overflow Vulnerability [IDEF2708] (CVE-2007-4989), X Font Server swap_char2b() Heap Overflow Vulnerability [IDEF2709] (CVE-2007-4990), Composite extension buffer overflow. (CVE-2007-4730) last seen 2020-06-01 modified 2020-06-02 plugin id 29603 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29603 title SuSE 10 Security Update : X.org X11 (ZYPP Patch Number 4485) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0029.NASL description From Red Hat Security Advisory 2008:0029 : Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server last seen 2020-06-01 modified 2020-06-02 plugin id 67634 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67634 title Oracle Linux 3 : XFree86 (ELSA-2008-0029) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0029.NASL description Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server last seen 2020-06-01 modified 2020-06-02 plugin id 30022 published 2008-01-21 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30022 title CentOS 3 : XFree86 (CESA-2008:0029) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-002.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 31605 published 2008-03-19 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31605 title Mac OS X Multiple Vulnerabilities (Security Update 2008-002) NASL family Scientific Linux Local Security Checks NASL id SL_20080118_XFREE86_ON_SL3.NASL description Two integer overflow flaws were found in the XFree86 server last seen 2020-06-01 modified 2020-06-02 plugin id 60349 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60349 title Scientific Linux Security Update : XFree86 on SL3.x i386/x86_64 NASL family Scientific Linux Local Security Checks NASL id SL_20080117_XORG_X11_ON_SL4_X.NASL description Two integer overflow flaws were found in the X.Org server last seen 2020-06-01 modified 2020-06-02 plugin id 60347 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60347 title Scientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64 NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-210.NASL description Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow. (CVE-2007-4568) The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. (CVE-2007-4990) Updated package fixes these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27817 published 2007-11-07 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27817 title Mandrake Linux Security Advisory : xfs (MDKSA-2007:210) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0030.NASL description Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server last seen 2020-06-01 modified 2020-06-02 plugin id 30002 published 2008-01-18 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30002 title RHEL 4 : xorg-x11 (RHSA-2008:0030) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0030.NASL description From Red Hat Security Advisory 2008:0030 : Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server last seen 2020-06-01 modified 2020-06-02 plugin id 67635 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67635 title Oracle Linux 4 : xorg-x11 (ELSA-2008-0030) NASL family Fedora Local Security Checks NASL id FEDORA_2007-4263.NASL description - Bug #373261 - CVE-2007-4568 xfs integer overflow in the build_range function [f7] - Bug #373331 - CVE-2007-4990 xfs heap overflow in the swap_char2b function [f7] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 29278 published 2007-12-11 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29278 title Fedora 7 : xorg-x11-xfs-1.0.5-1.fc7 (2007-4263) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A5F667DB759611DC8B7A0019B944B34E.NASL description Matthieu Herrb reports : Problem Description : Several vulnerabilities have been identified in xfs, the X font server. The QueryXBitmaps and QueryXExtents protocol requests suffer from lack of validation of their last seen 2020-06-01 modified 2020-06-02 plugin id 26939 published 2007-10-09 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26939 title FreeBSD : xfs -- multiple vulnerabilities (a5f667db-7596-11dc-8b7a-0019b944b34e) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200710-11.NASL description The remote host is affected by the vulnerability described in GLSA-200710-11 (X Font Server: Multiple Vulnerabilities) iDefense reported that the xfs init script does not correctly handle a race condition when setting permissions of a temporary file (CVE-2007-3103). Sean Larsson discovered an integer overflow vulnerability in the build_range() function possibly leading to a heap-based buffer overflow when handling last seen 2020-06-01 modified 2020-06-02 plugin id 27046 published 2007-10-15 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27046 title GLSA-200710-11 : X Font Server: Multiple Vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0030.NASL description Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server last seen 2020-06-01 modified 2020-06-02 plugin id 43667 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43667 title CentOS 4 : xorg-x11 (CESA-2008:0030) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0029.NASL description Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server last seen 2020-06-01 modified 2020-06-02 plugin id 30001 published 2008-01-18 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30001 title RHEL 2.1 / 3 : XFree86 (RHSA-2008:0029) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-001.NASL description The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-001 applied. This update contains several security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 30254 published 2008-02-12 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30254 title Mac OS X Multiple Vulnerabilities (Security Update 2008-001)
Oval
accepted | 2013-04-29T04:09:39.211-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow. | ||||||||||||||||||||
family | unix | ||||||||||||||||||||
id | oval:org.mitre.oval:def:10882 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
title | Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow. | ||||||||||||||||||||
version | 26 |
Redhat
advisories |
| ||||||||
rpms |
|
Statements
contributor | Mark J Cox |
lastmodified | 2007-10-08 |
organization | Red Hat |
statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4568 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602
- http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html
- https://issues.rpath.com/browse/RPL-1756
- http://bugs.freedesktop.org/show_bug.cgi?id=12298
- http://bugs.gentoo.org/show_bug.cgi?id=194606
- http://www.debian.org/security/2007/dsa-1385
- http://security.gentoo.org/glsa/glsa-200710-11.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:210
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103114-1
- http://www.novell.com/linux/security/advisories/2007_54_xorg.html
- http://www.securityfocus.com/bid/25898
- http://www.securitytracker.com/id?1018763
- http://secunia.com/advisories/27040
- http://secunia.com/advisories/27052
- http://secunia.com/advisories/27060
- http://secunia.com/advisories/27168
- http://secunia.com/advisories/27176
- http://secunia.com/advisories/27240
- http://secunia.com/advisories/27560
- http://secunia.com/advisories/27228
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html
- http://secunia.com/advisories/28004
- http://www.redhat.com/support/errata/RHSA-2008-0029.html
- http://www.redhat.com/support/errata/RHSA-2008-0030.html
- http://secunia.com/advisories/28536
- http://secunia.com/advisories/28542
- http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html
- http://docs.info.apple.com/article.html?artnum=307430
- http://www.us-cert.gov/cas/techalerts/TA08-043B.html
- http://secunia.com/advisories/28891
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200642-1
- http://docs.info.apple.com/article.html?artnum=307562
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://secunia.com/advisories/29420
- http://www.vupen.com/english/advisories/2007/3338
- http://www.vupen.com/english/advisories/2007/3337
- http://www.vupen.com/english/advisories/2008/0924/references
- http://www.vupen.com/english/advisories/2008/0495/references
- http://www.vupen.com/english/advisories/2007/3467
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36919
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10882
- http://www.securityfocus.com/archive/1/481432/100/0/threaded