Vulnerabilities > CVE-2012-1699 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

CVSS 3.6 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

PARTIAL

local

low complexity

xfree86

CWE-119

nessus

NVD

Published: 2012-12-21

Updated: 2017-09-19

Summary

The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference.

Vulnerable Configurations

Part	Description	Count
Application	X X X.Org X11 6.0 X X.Org X11 6.1 X X.Org X11 6.3 X X.Org X11 6.4 X X.Org X11 6.5.1 X X.Org X11 6.6	6
Application	Xfree86 Xfree86 Xfree86 3.3.2	1

Common Weakness Enumeration (CWE)

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Overflow Buffers
Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHSS_43202.NASL
description	s700_800 11.23 X Font Server Patch : A potential security vulnerability has been identified with HP-UX running the X Font Server (xfs). The vulnerability could be exploited locally to create a Denial of Service (DoS), or allow unauthorized access.
last seen	2020-06-01
modified	2020-06-02
plugin id	63443
published	2013-01-09
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/63443
title	HP-UX PHSS_43202 : s700_800 11.23 X Font Server Patch
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_43202. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(63443); script_version("1.5"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2012-1699"); script_bugtraq_id(57047); script_xref(name:"HP", value:"emr_na-c03557425"); script_name(english:"HP-UX PHSS_43202 : s700_800 11.23 X Font Server Patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.23 X Font Server Patch : A potential security vulnerability has been identified with HP-UX running the X Font Server (xfs). The vulnerability could be exploited locally to create a Denial of Service (DoS), or allow unauthorized access." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03557425 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ebdcfc14" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_43202 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.23")) { exit(0, "The host is not affected since PHSS_43202 applies to a different OS release."); } patches = make_list("PHSS_43202"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"X11.X11-FONTSRV", version:"B.11.23")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:hpux_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHSS_43355.NASL
description	s700_800 11.11 X Font Server Patch : A potential security vulnerability has been identified with HP-UX running the X Font Server (xfs). The vulnerability could be exploited locally to create a Denial of Service (DoS), or allow unauthorized access.
last seen	2020-06-01
modified	2020-06-02
plugin id	63444
published	2013-01-09
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/63444
title	HP-UX PHSS_43355 : s700_800 11.11 X Font Server Patch
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_43355. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(63444); script_version("1.5"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2012-1699"); script_bugtraq_id(57047); script_xref(name:"HP", value:"emr_na-c03557425"); script_name(english:"HP-UX PHSS_43355 : s700_800 11.11 X Font Server Patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.11 X Font Server Patch : A potential security vulnerability has been identified with HP-UX running the X Font Server (xfs). The vulnerability could be exploited locally to create a Denial of Service (DoS), or allow unauthorized access." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03557425 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ebdcfc14" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_43355 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/12/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.11")) { exit(0, "The host is not affected since PHSS_43355 applies to a different OS release."); } patches = make_list("PHSS_43355"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"X11.X11-FONTSRV", version:"B.11.11")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:hpux_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	HP-UX Local Security Checks
NASL id	HPUX_PHSS_43134.NASL
description	s700_800 11.31 X Font Server Patch : A potential security vulnerability has been identified with HP-UX running the X Font Server (xfs). The vulnerability could be exploited locally to create a Denial of Service (DoS), or allow unauthorized access.
last seen	2020-06-01
modified	2020-06-02
plugin id	63442
published	2013-01-09
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/63442
title	HP-UX PHSS_43134 : s700_800 11.31 X Font Server Patch
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_43134. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(63442); script_version("1.5"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2012-1699"); script_bugtraq_id(57047); script_xref(name:"HP", value:"emr_na-c03557425"); script_name(english:"HP-UX PHSS_43134 : s700_800 11.31 X Font Server Patch"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.31 X Font Server Patch : A potential security vulnerability has been identified with HP-UX running the X Font Server (xfs). The vulnerability could be exploited locally to create a Denial of Service (DoS), or allow unauthorized access." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03557425 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ebdcfc14" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_43134 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.31")) { exit(0, "The host is not affected since PHSS_43134 applies to a different OS release."); } patches = make_list("PHSS_43134"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"X11.X11-FONTSRV", version:"B.11.31")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:hpux_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Oval

accepted

2015-04-20T04:01:11.504-04:00

class

vulnerability

contributors

name Ganesh Manal
organization Hewlett-Packard
name Ganesh Manal
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard
name Prashant Kumar
organization Hewlett-Packard
name Mike Cokus
organization The MITRE Corporation

description

family

unix

oval:org.mitre.oval:def:19369

status

accepted

submitted

2013-11-22T11:43:28.000-05:00

title

HP-UX Running X Font Server (xfs) Software, Local Denial of Service (DoS), Unauthorized Access

version