Vulnerabilities > CVE-2014-0209 - Numeric Errors vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2015-3964.NASL description Update to 3.5.0.29 : - further reduction of code size by Mike Gabriel - ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101, CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo - other (build) bug fixes Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs last seen 2020-06-05 modified 2015-03-27 plugin id 82279 published 2015-03-27 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82279 title Fedora 20 : nx-libs-3.5.0.29-1.fc20 (2015-3964) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-3964. # include("compat.inc"); if (description) { script_id(82279); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_xref(name:"FEDORA", value:"2015-3964"); script_name(english:"Fedora 20 : nx-libs-3.5.0.29-1.fc20 (2015-3964)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to 3.5.0.29 : - further reduction of code size by Mike Gabriel - ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101, CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo - other (build) bug fixes Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs's four-digit version string. Thanks to Nito Martinez from TheQVD project! - Fix unowned directories - Minor cleanup Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152878.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?98af766f" ); script_set_attribute( attribute:"solution", value:"Update the affected nx-libs package." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nx-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"nx-libs-3.5.0.29-1.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nx-libs"); }
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-404.NASL description Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata. last seen 2020-06-01 modified 2020-06-02 plugin id 78347 published 2014-10-12 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78347 title Amazon Linux AMI : libXfont (ALAS-2014-404) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2014-404. # include("compat.inc"); if (description) { script_id(78347); script_version("1.3"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211"); script_xref(name:"ALAS", value:"2014-404"); script_name(english:"Amazon Linux AMI : libXfont (ALAS-2014-404)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2014-404.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update libXfont' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libXfont"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libXfont-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libXfont-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"libXfont-1.4.5-3.9.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libXfont-debuginfo-1.4.5-3.9.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libXfont-devel-1.4.5-3.9.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libXfont / libXfont-debuginfo / libXfont-devel"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-391.NASL description libxfont was updated to fix multiple vulnerabilities : - Integer overflow of allocations in font metadata file parsing (CVE-2014-0209). - Unvalidated length fields when parsing xfs protocol replies (CVE-2014-0210). - Integer overflows calculating memory needs for xfs replies (CVE-2014-0211). These vulnerabilities could be used by a local, authenticated user to raise privileges or by a remote attacker with control of the font server to execute code with the privileges of the X server. last seen 2020-06-05 modified 2014-06-13 plugin id 75371 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75371 title openSUSE Security Update : libXfont (openSUSE-SU-2014:0711-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-391. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75371); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211"); script_bugtraq_id(67382); script_name(english:"openSUSE Security Update : libXfont (openSUSE-SU-2014:0711-1)"); script_summary(english:"Check for the openSUSE-2014-391 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "libxfont was updated to fix multiple vulnerabilities : - Integer overflow of allocations in font metadata file parsing (CVE-2014-0209). - Unvalidated length fields when parsing xfs protocol replies (CVE-2014-0210). - Integer overflows calculating memory needs for xfs replies (CVE-2014-0211). These vulnerabilities could be used by a local, authenticated user to raise privileges or by a remote attacker with control of the font server to execute code with the privileges of the X server." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=857544" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libXfont packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont1-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"libXfont-debugsource-1.4.5-4.8.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libXfont-devel-1.4.5-4.8.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libXfont1-1.4.5-4.8.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libXfont1-debuginfo-1.4.5-4.8.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libXfont-devel-32bit-1.4.5-4.8.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libXfont1-32bit-1.4.5-4.8.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libXfont1-debuginfo-32bit-1.4.5-4.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libXfont-debugsource-1.4.6-2.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libXfont-devel-1.4.6-2.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libXfont1-1.4.6-2.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libXfont1-debuginfo-1.4.6-2.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libXfont-devel-32bit-1.4.6-2.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libXfont1-32bit-1.4.6-2.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libXfont1-debuginfo-32bit-1.4.6-2.8.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libXfont"); }
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-132.NASL description Updated libxfont packages fix security vulnerabilities : Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges (CVE-2014-0209). Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially crafted data that could cause libXfont to crash, or possibly execute arbitrary code (CVE-2014-0210, CVE-2014-0211). last seen 2020-06-01 modified 2020-06-02 plugin id 76440 published 2014-07-10 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76440 title Mandriva Linux Security Advisory : libxfont (MDVSA-2014:132) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2014:132. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(76440); script_version("1.4"); script_cvs_date("Date: 2019/08/02 13:32:56"); script_cve_id("CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211"); script_bugtraq_id(67382); script_xref(name:"MDVSA", value:"2014:132"); script_name(english:"Mandriva Linux Security Advisory : libxfont (MDVSA-2014:132)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated libxfont packages fix security vulnerabilities : Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges (CVE-2014-0209). Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially crafted data that could cause libXfont to crash, or possibly execute arbitrary code (CVE-2014-0210, CVE-2014-0211)." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0278.html" ); script_set_attribute( attribute:"solution", value: "Update the affected lib64xfont1, lib64xfont1-devel and / or lib64xfont1-static-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xfont1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xfont1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xfont1-static-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64xfont1-1.4.5-2.2.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64xfont1-devel-1.4.5-2.2.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64xfont1-static-devel-1.4.5-2.2.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_11_XORG-X11-DEVEL-140515.NASL description xorg-x11-libs was patched to fix the following security issues : - Integer overflow of allocations in font metadata file parsing. (CVE-2014-0209) - libxfont not validating length fields when parsing xfs protocol replies. (CVE-2014-0210) - Integer overflows causing miscalculating memory needs for xfs replies. (CVE-2014-0211) Further information is available at http://lists.x.org/archives/xorg-announce/2014-May/00243 1.html . last seen 2020-06-05 modified 2014-06-11 plugin id 74463 published 2014-06-11 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74463 title SuSE 11.3 Security Update : xorg-x11-libs (SAT Patch Number 9272) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(74463); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211"); script_name(english:"SuSE 11.3 Security Update : xorg-x11-libs (SAT Patch Number 9272)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "xorg-x11-libs was patched to fix the following security issues : - Integer overflow of allocations in font metadata file parsing. (CVE-2014-0209) - libxfont not validating length fields when parsing xfs protocol replies. (CVE-2014-0210) - Integer overflows causing miscalculating memory needs for xfs replies. (CVE-2014-0211) Further information is available at http://lists.x.org/archives/xorg-announce/2014-May/00243 1.html ." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=857544" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0209.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0210.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2014-0211.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9272."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xorg-x11-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xorg-x11-libs-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xorg-x11-libs-7.4-8.26.42.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xorg-x11-libs-7.4-8.26.42.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xorg-x11-libs-32bit-7.4-8.26.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"xorg-x11-libs-7.4-8.26.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"xorg-x11-libs-32bit-7.4-8.26.42.1")) flag++; if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xorg-x11-libs-32bit-7.4-8.26.42.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2211-1.NASL description Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. (CVE-2014-0209) Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially crafted data that could cause libXfont to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 74022 published 2014-05-15 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74022 title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : libxfont vulnerabilities (USN-2211-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2211-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(74022); script_version("1.10"); script_cvs_date("Date: 2019/09/19 12:54:30"); script_cve_id("CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211"); script_bugtraq_id(67382); script_xref(name:"USN", value:"2211-1"); script_name(english:"Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : libxfont vulnerabilities (USN-2211-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. (CVE-2014-0209) Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially crafted data that could cause libXfont to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2211-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libxfont1 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxfont1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:13.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/15"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04|12\.04|12\.10|13\.10|14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 12.04 / 12.10 / 13.10 / 14.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"libxfont1", pkgver:"1:1.4.1-1ubuntu0.3")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libxfont1", pkgver:"1:1.4.4-1ubuntu0.2")) flag++; if (ubuntu_check(osver:"12.10", pkgname:"libxfont1", pkgver:"1:1.4.5-2ubuntu0.12.10.2")) flag++; if (ubuntu_check(osver:"13.10", pkgname:"libxfont1", pkgver:"1:1.4.6-1ubuntu0.2")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libxfont1", pkgver:"1:1.4.7-1ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxfont1"); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B060EE50DABA11E399F2BCAEC565249C.NASL description Alan Coopersmith reports : Ilja van Sprundel, a security researcher with IOActive, has discovered several issues in the way the libXfont library handles the responses it receives from xfs servers, and has worked with X.Org last seen 2020-06-01 modified 2020-06-02 plugin id 74004 published 2014-05-14 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74004 title FreeBSD : libXfont -- X Font Service Protocol and Font metadata file handling issues (b060ee50-daba-11e3-99f2-bcaec565249c) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2014-0080.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2014-0209: integer overflow of allocations in font metadata file parsing (bug 1163602, bug 1163601) - CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies (bug 1163602, bug 1163601) - CVE-2014-0211: integer overflows calculating memory needs for xfs replies (bug 1163602, bug 1163601) - CVE-2013-6462.patch: sscanf overflow (bug 1049684) - sscanf-hardening.patch: Some other sscanf hardening fixes (1049684) last seen 2020-06-01 modified 2020-06-02 plugin id 79557 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79557 title OracleVM 3.3 : libXfont (OVMSA-2014-0080) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1870.NASL description From Red Hat Security Advisory 2014:1870 : Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79371 published 2014-11-21 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79371 title Oracle Linux 6 / 7 : libXfont (ELSA-2014-1870) NASL family Fedora Local Security Checks NASL id FEDORA_2015-3948.NASL description Update to 3.5.0.29 : - further reduction of code size by Mike Gabriel - ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101, CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo - other (build) bug fixes Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs last seen 2020-06-05 modified 2015-03-27 plugin id 82278 published 2015-03-27 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82278 title Fedora 21 : nx-libs-3.5.0.29-1.fc21 (2015-3948) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1893.NASL description From Red Hat Security Advisory 2014:1893 : Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79424 published 2014-11-25 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79424 title Oracle Linux 5 : libXfont (ELSA-2014-1893) NASL family Fedora Local Security Checks NASL id FEDORA_2014-8208.NASL description - libXfont 1.4.8 (rhbz#1100441) - Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (rhbz#1097397) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-07-16 plugin id 76514 published 2014-07-16 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76514 title Fedora 20 : libXfont-1.4.8-1.fc20 (2014-8208) NASL family Scientific Linux Local Security Checks NASL id SL_20141124_LIBXFONT_ON_SL5_X.NASL description A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) All running X.Org server instances must be restarted for the update to take effect. last seen 2020-03-18 modified 2014-11-25 plugin id 79427 published 2014-11-25 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79427 title Scientific Linux Security Update : libXfont on SL5.x i386/x86_64 (20141124) NASL family Fedora Local Security Checks NASL id FEDORA_2014-8223.NASL description - libXfont 1.4.8 (rhbz#1100441) - Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (rhbz#1097397) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-07-23 plugin id 76693 published 2014-07-23 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76693 title Fedora 19 : libXfont-1.4.8-1.fc19 (2014-8223) NASL family Fedora Local Security Checks NASL id FEDORA_2015-3953.NASL description Update to 3.5.0.29 : - further reduction of code size by Mike Gabriel - ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101, CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo - other (build) bug fixes Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs last seen 2020-06-05 modified 2015-03-23 plugin id 81988 published 2015-03-23 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81988 title Fedora 22 : nx-libs-3.5.0.29-1.fc22 (2015-3953) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-145.NASL description Updated libxfont packages fix security vulnerabilities : Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges (CVE-2014-0209). Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially crafted data that could cause libXfont to crash, or possibly execute arbitrary code (CVE-2014-0210, CVE-2014-0211). The bdf parser reads a count for the number of properties defined in a font from the font file, and allocates arrays with entries for each property based on that count. It never checked to see if that count was negative, or large enough to overflow when multiplied by the size of the structures being allocated, and could thus allocate the wrong buffer size, leading to out of bounds writes (CVE-2015-1802). If the bdf parser failed to parse the data for the bitmap for any character, it would proceed with an invalid pointer to the bitmap data and later crash when trying to read the bitmap from that pointer (CVE-2015-1803). The bdf parser read metrics values as 32-bit integers, but stored them into 16-bit integers. Overflows could occur in various operations leading to out-of-bounds memory access (CVE-2015-1804). last seen 2020-06-01 modified 2020-06-02 plugin id 82398 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82398 title Mandriva Linux Security Advisory : libxfont (MDVSA-2015:145-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1893.NASL description Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79563 published 2014-11-26 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79563 title CentOS 5 : libXfont (CESA-2014:1893) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1893.NASL description Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79425 published 2014-11-25 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79425 title RHEL 5 : libXfont (RHSA-2014:1893) NASL family Scientific Linux Local Security Checks NASL id SL_20141118_LIBXFONT_ON_SL6_X.NASL description A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) All running X.Org server instances must be restarted for the update to take effect. last seen 2020-03-18 modified 2014-11-19 plugin id 79330 published 2014-11-19 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79330 title Scientific Linux Security Update : libXfont on SL6.x, SL7.x i386/srpm/x86_64 (20141118) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1870.NASL description Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79313 published 2014-11-19 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79313 title CentOS 6 / 7 : libXfont (CESA-2014:1870) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201406-11.NASL description The remote host is affected by the vulnerability described in GLSA-201406-11 (libXfont: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libXfont. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could use a specially crafted file to gain privileges, cause a Denial of Service condition or possibly execute arbitrary code with the privileges of the process. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 82003 published 2015-03-24 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82003 title GLSA-201406-11 : libXfont: Multiple vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS11_XORG_20141107_2.NASL description The remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata. (CVE-2014-0209) - Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. (CVE-2014-0210) - Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. (CVE-2014-0211) last seen 2020-06-01 modified 2020-06-02 plugin id 80823 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80823 title Oracle Solaris Third-Party Patch Update : xorg (multiple_vulnerabilities_in_x_org2) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1870.NASL description Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79327 published 2014-11-19 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79327 title RHEL 6 / 7 : libXfont (RHSA-2014:1870) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2927.NASL description Ilja van Sprundel of IOActive discovered several security issues in the X.Org libXfont library, which may allow a local, authenticated user to attempt to raise privileges; or a remote attacker who can control the font server to attempt to execute code with the privileges of the X server. - CVE-2014-0209 Integer overflow of allocations in font metadata file parsing could allow a local user who is already authenticated to the X server to overwrite other memory in the heap. - CVE-2014-0210 libxfont does not validate length fields when parsing xfs protocol replies allowing to write past the bounds of allocated memory when storing the returned data from the font server. - CVE-2014-0211 Integer overflows calculating memory needs for xfs replies could result in allocating too little memory and then writing the returned data from the font server past the end of the allocated buffer. last seen 2020-03-17 modified 2014-05-14 plugin id 73997 published 2014-05-14 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73997 title Debian DSA-2927-1 : libxfont - security update
Redhat
advisories |
| ||||
rpms |
|
References
- http://advisories.mageia.org/MGASA-2014-0278.html
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html
- http://lists.x.org/archives/xorg-announce/2014-May/002431.html
- http://rhn.redhat.com/errata/RHSA-2014-1893.html
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/59154
- http://www.debian.org/security/2014/dsa-2927
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:145
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/bid/67382
- http://www.ubuntu.com/usn/USN-2211-1
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html