Vulnerabilities > CVE-2014-0210 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
x
canonical
CWE-119
nessus

Summary

Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-3964.NASL
    descriptionUpdate to 3.5.0.29 : - further reduction of code size by Mike Gabriel - ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101, CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo - other (build) bug fixes Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs
    last seen2020-06-05
    modified2015-03-27
    plugin id82279
    published2015-03-27
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82279
    titleFedora 20 : nx-libs-3.5.0.29-1.fc20 (2015-3964)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2015-3964.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82279);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_xref(name:"FEDORA", value:"2015-3964");
    
      script_name(english:"Fedora 20 : nx-libs-3.5.0.29-1.fc20 (2015-3964)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 3.5.0.29 :
    
      - further reduction of code size by Mike Gabriel
    
        - ~/.x2go/config/keystrokes.cfg,
          /etc/x2go/keystrokes.cfg and
          /etc/nxagent/keystrokes.cfg are now respected thanks
          to Horst Schirmeier
    
      - security fixes for CVE-2011-2895, CVE-2011-4028,
        CVE-2013-4396, CVE-2013-6462, CVE-2014-0209,
        CVE-2014-0210, CVE-2014-0211, CVE-2014-8092,
        CVE-2014-8097, CVE-2014-8095, CVE-2014-8096,
        CVE-2014-8099, CVE-2014-8100, CVE-2014-8102,
        CVE-2014-8101, CVE-2014-8093, CVE-2014-8098,
        CVE-2015-0255 by Michael DePaulo
    
      - other (build) bug fixes
    
    Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt
    applications when Xfixes extension is enabled in NX. Thanks to Ulrich
    Sibiller! o Adapt X11 launchd socket path for recent Mac OS X
    versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on
    systems that had dpkg-dev installed) and all RPM based distros. o
    Partly make nxcomp aware of nx-libs's four-digit version string.
    Thanks to Nito Martinez from TheQVD project!
    
      - Fix unowned directories
    
        - Minor cleanup
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152878.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?98af766f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected nx-libs package."
      );
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nx-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/03/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC20", reference:"nx-libs-3.5.0.29-1.fc20")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nx-libs");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-404.NASL
    descriptionMultiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
    last seen2020-06-01
    modified2020-06-02
    plugin id78347
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78347
    titleAmazon Linux AMI : libXfont (ALAS-2014-404)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2014-404.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78347);
      script_version("1.3");
      script_cvs_date("Date: 2018/04/18 15:09:35");
    
      script_cve_id("CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211");
      script_xref(name:"ALAS", value:"2014-404");
    
      script_name(english:"Amazon Linux AMI : libXfont (ALAS-2014-404)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple integer overflows in the (1) fs_get_reply, (2)
    fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org
    libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font
    servers to execute arbitrary code via a crafted xfs reply, which
    triggers a buffer overflow.
    
    Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x
    before 1.4.99.901 allow remote font servers to execute arbitrary code
    via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2)
    fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info,
    (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info
    function.
    
    Multiple integer overflows in the (1) FontFileAddEntry and (2)
    lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before
    1.4.99.901 might allow local users to gain privileges by adding a
    directory with a large fonts.dir or fonts.alias file to the font path,
    which triggers a heap-based buffer overflow, related to metadata."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2014-404.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update libXfont' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libXfont");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libXfont-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libXfont-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/09/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"libXfont-1.4.5-3.9.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"libXfont-debuginfo-1.4.5-3.9.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"libXfont-devel-1.4.5-3.9.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libXfont / libXfont-debuginfo / libXfont-devel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-391.NASL
    descriptionlibxfont was updated to fix multiple vulnerabilities : - Integer overflow of allocations in font metadata file parsing (CVE-2014-0209). - Unvalidated length fields when parsing xfs protocol replies (CVE-2014-0210). - Integer overflows calculating memory needs for xfs replies (CVE-2014-0211). These vulnerabilities could be used by a local, authenticated user to raise privileges or by a remote attacker with control of the font server to execute code with the privileges of the X server.
    last seen2020-06-05
    modified2014-06-13
    plugin id75371
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75371
    titleopenSUSE Security Update : libXfont (openSUSE-SU-2014:0711-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2014-391.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75371);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211");
      script_bugtraq_id(67382);
    
      script_name(english:"openSUSE Security Update : libXfont (openSUSE-SU-2014:0711-1)");
      script_summary(english:"Check for the openSUSE-2014-391 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "libxfont was updated to fix multiple vulnerabilities :
    
      - Integer overflow of allocations in font metadata file
        parsing (CVE-2014-0209).
    
      - Unvalidated length fields when parsing xfs protocol
        replies (CVE-2014-0210).
    
      - Integer overflows calculating memory needs for xfs
        replies (CVE-2014-0211).
    
    These vulnerabilities could be used by a local, authenticated user to
    raise privileges or by a remote attacker with control of the font
    server to execute code with the privileges of the X server."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=857544"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libXfont packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont1-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.3", reference:"libXfont-debugsource-1.4.5-4.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libXfont-devel-1.4.5-4.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libXfont1-1.4.5-4.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libXfont1-debuginfo-1.4.5-4.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libXfont-devel-32bit-1.4.5-4.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libXfont1-32bit-1.4.5-4.8.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libXfont1-debuginfo-32bit-1.4.5-4.8.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libXfont-debugsource-1.4.6-2.8.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libXfont-devel-1.4.6-2.8.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libXfont1-1.4.6-2.8.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libXfont1-debuginfo-1.4.6-2.8.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libXfont-devel-32bit-1.4.6-2.8.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libXfont1-32bit-1.4.6-2.8.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libXfont1-debuginfo-32bit-1.4.6-2.8.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libXfont");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-132.NASL
    descriptionUpdated libxfont packages fix security vulnerabilities : Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges (CVE-2014-0209). Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially crafted data that could cause libXfont to crash, or possibly execute arbitrary code (CVE-2014-0210, CVE-2014-0211).
    last seen2020-06-01
    modified2020-06-02
    plugin id76440
    published2014-07-10
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76440
    titleMandriva Linux Security Advisory : libxfont (MDVSA-2014:132)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2014:132. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76440);
      script_version("1.4");
      script_cvs_date("Date: 2019/08/02 13:32:56");
    
      script_cve_id("CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211");
      script_bugtraq_id(67382);
      script_xref(name:"MDVSA", value:"2014:132");
    
      script_name(english:"Mandriva Linux Security Advisory : libxfont (MDVSA-2014:132)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated libxfont packages fix security vulnerabilities :
    
    Ilja van Sprundel discovered that libXfont incorrectly handled font
    metadata file parsing. A local attacker could use this issue to cause
    libXfont to crash, or possibly execute arbitrary code in order to gain
    privileges (CVE-2014-0209).
    
    Ilja van Sprundel discovered that libXfont incorrectly handled X Font
    Server replies. A malicious font server could return specially crafted
    data that could cause libXfont to crash, or possibly execute arbitrary
    code (CVE-2014-0210, CVE-2014-0211)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2014-0278.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected lib64xfont1, lib64xfont1-devel and / or
    lib64xfont1-static-devel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xfont1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xfont1-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xfont1-static-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64xfont1-1.4.5-2.2.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64xfont1-devel-1.4.5-2.2.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64xfont1-static-devel-1.4.5-2.2.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_XORG-X11-DEVEL-140515.NASL
    descriptionxorg-x11-libs was patched to fix the following security issues : - Integer overflow of allocations in font metadata file parsing. (CVE-2014-0209) - libxfont not validating length fields when parsing xfs protocol replies. (CVE-2014-0210) - Integer overflows causing miscalculating memory needs for xfs replies. (CVE-2014-0211) Further information is available at http://lists.x.org/archives/xorg-announce/2014-May/00243 1.html .
    last seen2020-06-05
    modified2014-06-11
    plugin id74463
    published2014-06-11
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74463
    titleSuSE 11.3 Security Update : xorg-x11-libs (SAT Patch Number 9272)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74463);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211");
    
      script_name(english:"SuSE 11.3 Security Update : xorg-x11-libs (SAT Patch Number 9272)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "xorg-x11-libs was patched to fix the following security issues :
    
      - Integer overflow of allocations in font metadata file
        parsing. (CVE-2014-0209)
    
      - libxfont not validating length fields when parsing xfs
        protocol replies. (CVE-2014-0210)
    
      - Integer overflows causing miscalculating memory needs
        for xfs replies. (CVE-2014-0211) Further information is
        available at
        http://lists.x.org/archives/xorg-announce/2014-May/00243
        1.html ."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=857544"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-0209.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-0210.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-0211.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9272.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xorg-x11-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xorg-x11-libs-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xorg-x11-libs-7.4-8.26.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xorg-x11-libs-7.4-8.26.42.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xorg-x11-libs-32bit-7.4-8.26.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"xorg-x11-libs-7.4-8.26.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"xorg-x11-libs-32bit-7.4-8.26.42.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xorg-x11-libs-32bit-7.4-8.26.42.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2211-1.NASL
    descriptionIlja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. (CVE-2014-0209) Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially crafted data that could cause libXfont to crash, or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id74022
    published2014-05-15
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74022
    titleUbuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : libxfont vulnerabilities (USN-2211-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2211-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74022);
      script_version("1.10");
      script_cvs_date("Date: 2019/09/19 12:54:30");
    
      script_cve_id("CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211");
      script_bugtraq_id(67382);
      script_xref(name:"USN", value:"2211-1");
    
      script_name(english:"Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : libxfont vulnerabilities (USN-2211-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Ilja van Sprundel discovered that libXfont incorrectly handled font
    metadata file parsing. A local attacker could use this issue to cause
    libXfont to crash, or possibly execute arbitrary code in order to gain
    privileges. (CVE-2014-0209)
    
    Ilja van Sprundel discovered that libXfont incorrectly handled X Font
    Server replies. A malicious font server could return specially crafted
    data that could cause libXfont to crash, or possibly execute arbitrary
    code. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS,
    Ubuntu 12.10 and Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2211-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libxfont1 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxfont1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:13.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|12\.04|12\.10|13\.10|14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 12.04 / 12.10 / 13.10 / 14.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"libxfont1", pkgver:"1:1.4.1-1ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libxfont1", pkgver:"1:1.4.4-1ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"12.10", pkgname:"libxfont1", pkgver:"1:1.4.5-2ubuntu0.12.10.2")) flag++;
    if (ubuntu_check(osver:"13.10", pkgname:"libxfont1", pkgver:"1:1.4.6-1ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libxfont1", pkgver:"1:1.4.7-1ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxfont1");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_B060EE50DABA11E399F2BCAEC565249C.NASL
    descriptionAlan Coopersmith reports : Ilja van Sprundel, a security researcher with IOActive, has discovered several issues in the way the libXfont library handles the responses it receives from xfs servers, and has worked with X.Org
    last seen2020-06-01
    modified2020-06-02
    plugin id74004
    published2014-05-14
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74004
    titleFreeBSD : libXfont -- X Font Service Protocol and Font metadata file handling issues (b060ee50-daba-11e3-99f2-bcaec565249c)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2014-0080.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2014-0209: integer overflow of allocations in font metadata file parsing (bug 1163602, bug 1163601) - CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies (bug 1163602, bug 1163601) - CVE-2014-0211: integer overflows calculating memory needs for xfs replies (bug 1163602, bug 1163601) - CVE-2013-6462.patch: sscanf overflow (bug 1049684) - sscanf-hardening.patch: Some other sscanf hardening fixes (1049684)
    last seen2020-06-01
    modified2020-06-02
    plugin id79557
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79557
    titleOracleVM 3.3 : libXfont (OVMSA-2014-0080)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1870.NASL
    descriptionFrom Red Hat Security Advisory 2014:1870 : Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id79371
    published2014-11-21
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79371
    titleOracle Linux 6 / 7 : libXfont (ELSA-2014-1870)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-3948.NASL
    descriptionUpdate to 3.5.0.29 : - further reduction of code size by Mike Gabriel - ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101, CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo - other (build) bug fixes Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs
    last seen2020-06-05
    modified2015-03-27
    plugin id82278
    published2015-03-27
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82278
    titleFedora 21 : nx-libs-3.5.0.29-1.fc21 (2015-3948)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1893.NASL
    descriptionFrom Red Hat Security Advisory 2014:1893 : Updated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id79424
    published2014-11-25
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79424
    titleOracle Linux 5 : libXfont (ELSA-2014-1893)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-8208.NASL
    description - libXfont 1.4.8 (rhbz#1100441) - Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (rhbz#1097397) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-07-16
    plugin id76514
    published2014-07-16
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76514
    titleFedora 20 : libXfont-1.4.8-1.fc20 (2014-8208)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20141124_LIBXFONT_ON_SL5_X.NASL
    descriptionA use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) All running X.Org server instances must be restarted for the update to take effect.
    last seen2020-03-18
    modified2014-11-25
    plugin id79427
    published2014-11-25
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79427
    titleScientific Linux Security Update : libXfont on SL5.x i386/x86_64 (20141124)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-8223.NASL
    description - libXfont 1.4.8 (rhbz#1100441) - Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (rhbz#1097397) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-07-23
    plugin id76693
    published2014-07-23
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76693
    titleFedora 19 : libXfont-1.4.8-1.fc19 (2014-8223)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-3953.NASL
    descriptionUpdate to 3.5.0.29 : - further reduction of code size by Mike Gabriel - ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101, CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo - other (build) bug fixes Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs
    last seen2020-06-05
    modified2015-03-23
    plugin id81988
    published2015-03-23
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81988
    titleFedora 22 : nx-libs-3.5.0.29-1.fc22 (2015-3953)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-145.NASL
    descriptionUpdated libxfont packages fix security vulnerabilities : Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges (CVE-2014-0209). Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially crafted data that could cause libXfont to crash, or possibly execute arbitrary code (CVE-2014-0210, CVE-2014-0211). The bdf parser reads a count for the number of properties defined in a font from the font file, and allocates arrays with entries for each property based on that count. It never checked to see if that count was negative, or large enough to overflow when multiplied by the size of the structures being allocated, and could thus allocate the wrong buffer size, leading to out of bounds writes (CVE-2015-1802). If the bdf parser failed to parse the data for the bitmap for any character, it would proceed with an invalid pointer to the bitmap data and later crash when trying to read the bitmap from that pointer (CVE-2015-1803). The bdf parser read metrics values as 32-bit integers, but stored them into 16-bit integers. Overflows could occur in various operations leading to out-of-bounds memory access (CVE-2015-1804).
    last seen2020-06-01
    modified2020-06-02
    plugin id82398
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82398
    titleMandriva Linux Security Advisory : libxfont (MDVSA-2015:145-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1893.NASL
    descriptionUpdated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id79563
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79563
    titleCentOS 5 : libXfont (CESA-2014:1893)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1893.NASL
    descriptionUpdated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id79425
    published2014-11-25
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79425
    titleRHEL 5 : libXfont (RHSA-2014:1893)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20141118_LIBXFONT_ON_SL6_X.NASL
    descriptionA use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) All running X.Org server instances must be restarted for the update to take effect.
    last seen2020-03-18
    modified2014-11-19
    plugin id79330
    published2014-11-19
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79330
    titleScientific Linux Security Update : libXfont on SL6.x, SL7.x i386/srpm/x86_64 (20141118)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1870.NASL
    descriptionUpdated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id79313
    published2014-11-19
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79313
    titleCentOS 6 / 7 : libXfont (CESA-2014:1870)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201406-11.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201406-11 (libXfont: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libXfont. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could use a specially crafted file to gain privileges, cause a Denial of Service condition or possibly execute arbitrary code with the privileges of the process. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id82003
    published2015-03-24
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82003
    titleGLSA-201406-11 : libXfont: Multiple vulnerabilities
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_XORG_20141107_2.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata. (CVE-2014-0209) - Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. (CVE-2014-0210) - Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. (CVE-2014-0211)
    last seen2020-06-01
    modified2020-06-02
    plugin id80823
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80823
    titleOracle Solaris Third-Party Patch Update : xorg (multiple_vulnerabilities_in_x_org2)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1870.NASL
    descriptionUpdated libXfont packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id79327
    published2014-11-19
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79327
    titleRHEL 6 / 7 : libXfont (RHSA-2014:1870)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2927.NASL
    descriptionIlja van Sprundel of IOActive discovered several security issues in the X.Org libXfont library, which may allow a local, authenticated user to attempt to raise privileges; or a remote attacker who can control the font server to attempt to execute code with the privileges of the X server. - CVE-2014-0209 Integer overflow of allocations in font metadata file parsing could allow a local user who is already authenticated to the X server to overwrite other memory in the heap. - CVE-2014-0210 libxfont does not validate length fields when parsing xfs protocol replies allowing to write past the bounds of allocated memory when storing the returned data from the font server. - CVE-2014-0211 Integer overflows calculating memory needs for xfs replies could result in allocating too little memory and then writing the returned data from the font server past the end of the allocated buffer.
    last seen2020-03-17
    modified2014-05-14
    plugin id73997
    published2014-05-14
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73997
    titleDebian DSA-2927-1 : libxfont - security update

Redhat

advisories
rhsa
idRHSA-2014:1893
rpms
  • libXfont-0:1.4.5-4.el6_6
  • libXfont-0:1.4.7-2.el7_0
  • libXfont-debuginfo-0:1.4.5-4.el6_6
  • libXfont-debuginfo-0:1.4.7-2.el7_0
  • libXfont-devel-0:1.4.5-4.el6_6
  • libXfont-devel-0:1.4.7-2.el7_0
  • libXfont-0:1.2.2-1.0.6.el5_11
  • libXfont-debuginfo-0:1.2.2-1.0.6.el5_11
  • libXfont-devel-0:1.2.2-1.0.6.el5_11