Vulnerabilities > CVE-2015-1803 - Local Denial of Service vulnerability in X.Org libXfont 'bitmap/bdfread.c'
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file. <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 4 | |
| OS | 1 | |
| Application | X
| 25 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2015-4199.NASL description libXfont 1.5.1 (CVE-2015-1802, CVE-2015-1803, CVE-2015-1804) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-03-23 plugin id 81994 published 2015-03-23 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81994 title Fedora 22 : libXfont-1.5.1-1.fc22 (2015-4199) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-4199. # include("compat.inc"); if (description) { script_id(81994); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-1802", "CVE-2015-1803", "CVE-2015-1804"); script_bugtraq_id(73277, 73279, 73280); script_xref(name:"FEDORA", value:"2015-4199"); script_name(english:"Fedora 22 : libXfont-1.5.1-1.fc22 (2015-4199)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "libXfont 1.5.1 (CVE-2015-1802, CVE-2015-1803, CVE-2015-1804) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3750b299" ); script_set_attribute( attribute:"solution", value:"Update the affected libXfont package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libXfont"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC22", reference:"libXfont-1.5.1-1.fc22")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libXfont"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2536-1.NASL description Ilja van Sprundel, Alan Coopersmith, and William Robinet discovered that libXfont incorrectly handled malformed bdf fonts. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 81951 published 2015-03-19 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81951 title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : libxfont vulnerabilities (USN-2536-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2536-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(81951); script_version("1.11"); script_cvs_date("Date: 2019/09/18 12:31:44"); script_cve_id("CVE-2015-1802", "CVE-2015-1803", "CVE-2015-1804"); script_bugtraq_id(73277); script_xref(name:"USN", value:"2536-1"); script_name(english:"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : libxfont vulnerabilities (USN-2536-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Ilja van Sprundel, Alan Coopersmith, and William Robinet discovered that libXfont incorrectly handled malformed bdf fonts. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2536-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libxfont1 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxfont1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/20"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(10\.04|12\.04|14\.04|14\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 12.04 / 14.04 / 14.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"10.04", pkgname:"libxfont1", pkgver:"1:1.4.1-1ubuntu0.4")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libxfont1", pkgver:"1:1.4.4-1ubuntu0.3")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libxfont1", pkgver:"1:1.4.7-1ubuntu0.2")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"libxfont1", pkgver:"1:1.4.99.901-1ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxfont1"); }NASL family Debian Local Security Checks NASL id DEBIAN_DLA-183.NASL description Ilja van Sprundel, Alan Coopersmith and William Robinet discovered multiple issues in libxfont last seen 2020-03-17 modified 2015-03-30 plugin id 82300 published 2015-03-30 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82300 title Debian DLA-183-1 : libxfont security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-183-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(82300); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2015-1802", "CVE-2015-1803", "CVE-2015-1804"); script_bugtraq_id(73277, 73279, 73280); script_name(english:"Debian DLA-183-1 : libxfont security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Ilja van Sprundel, Alan Coopersmith and William Robinet discovered multiple issues in libxfont's code to process BDF fonts, which might result in privilege escalation. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2015/03/msg00020.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/libxfont" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxfont-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxfont1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxfont1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxfont1-udeb"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"libxfont-dev", reference:"1:1.4.1-5+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libxfont1", reference:"1:1.4.1-5+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libxfont1-dbg", reference:"1:1.4.1-5+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libxfont1-udeb", reference:"1:1.4.1-5+deb6u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3194.NASL description Ilja van Sprundel, Alan Coopersmith and William Robinet discovered multiple issues in libxfont last seen 2020-03-17 modified 2015-03-18 plugin id 81900 published 2015-03-18 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81900 title Debian DSA-3194-1 : libxfont - security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3194. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(81900); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2015-1802", "CVE-2015-1803", "CVE-2015-1804"); script_bugtraq_id(73277, 73279, 73280); script_xref(name:"DSA", value:"3194"); script_name(english:"Debian DSA-3194-1 : libxfont - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Ilja van Sprundel, Alan Coopersmith and William Robinet discovered multiple issues in libxfont's code to process BDF fonts, which might result in privilege escalation." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/libxfont" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2015/dsa-3194" ); script_set_attribute( attribute:"solution", value: "Upgrade the libxfont packages. For the stable distribution (wheezy), these problems have been fixed in version 1.4.5-5." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libxfont"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libxfont-dev", reference:"1.4.5-5")) flag++; if (deb_check(release:"7.0", prefix:"libxfont1", reference:"1.4.5-5")) flag++; if (deb_check(release:"7.0", prefix:"libxfont1-dbg", reference:"1.4.5-5")) flag++; if (deb_check(release:"7.0", prefix:"libxfont1-udeb", reference:"1.4.5-5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-597.NASL description An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. (CVE-2015-1802) An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. (CVE-2015-1804) A NULL pointer dereference flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server. (CVE-2015-1803) last seen 2020-06-01 modified 2020-06-02 plugin id 86075 published 2015-09-23 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86075 title Amazon Linux AMI : libXfont (ALAS-2015-597) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2015-597. # include("compat.inc"); if (description) { script_id(86075); script_version("2.2"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2015-1802", "CVE-2015-1803", "CVE-2015-1804"); script_xref(name:"ALAS", value:"2015-597"); script_xref(name:"RHSA", value:"2015:1708"); script_name(english:"Amazon Linux AMI : libXfont (ALAS-2015-597)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. (CVE-2015-1802) An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. (CVE-2015-1804) A NULL pointer dereference flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server. (CVE-2015-1803)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2015-597.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update libXfont' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libXfont"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libXfont-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libXfont-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2015/09/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"libXfont-1.4.5-5.12.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libXfont-debuginfo-1.4.5-5.12.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"libXfont-devel-1.4.5-5.12.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libXfont / libXfont-debuginfo / libXfont-devel"); }NASL family Misc. NASL id ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2015_CPU.NASL description The Oracle Secure Global Desktop installed on the remote host is version 4.63 / 4.71 / 5.1 / 5.2. It is, therefore, affected by the following vulnerabilities : - A security bypass vulnerability exists in Kerberos 5 due to a failure to properly determine the acceptability of checksums. A remote attacker can exploit this to forge tokens or gain privileges by using an unkeyed checksum. (CVE-2010-1324) - A NULL pointer deference flaw exists in the function bdfReadCharacters() in file bdfread.c of the X.Org libXfont module due to improper handling of non-readable character bitmaps. An authenticated, remote attacker, using a crafted BDF font file, can exploit this to cause a denial of service or execute arbitrary code. (CVE-2015-1803) - An out-of-bounds read/write error exists in the SProcXFixesSelectSelectionInput() function in the XFixes extension. A remote, authenticated attacker, using a crafted length value, can exploit this to cause a denial of service or execute arbitrary code. (CVE-2014-8102) - A remote attacker, by using a crafted string length value in an XkbSetGeometry request, can gain access to sensitive information from process memory or cause a denial of service. (CVE-2015-0255) - An invalid read error exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286) - A denial of service vulnerability exists in Apache Tomcat due to improper handling of HTTP responses that occurs before finishing reading an entire request body. A remote attacker can exploit this by using a crafted series of aborted upload attempts. (CVE-2014-0230) - A denial of service vulnerability exists in Apache Tomcat in ChunkedInputFilter.java due to improper handling of attempts to read data after an error has occurred. A remote attacker can exploit this by streaming data with malformed chunked-transfer encoding. (CVE-2014-0227) - A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages. A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571) - An unspecified flaw exists that is related to the JServer subcomponent. A remote attacker can exploit this to impact confidentiality and integrity. No further details have been provided. (CVE-2015-2581) last seen 2020-06-01 modified 2020-06-02 plugin id 84795 published 2015-07-16 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84795 title Oracle Secure Global Desktop Multiple Vulnerabilities (July 2015 CPU) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-266.NASL description libXFont was updated to fix three vulnerabilities when parsing BDF files (bnc#921978) As libXfont is used by the X server to read font files, and an unprivileged user with access to the X server can tell the X server to read a given font file from a path of their choosing, these vulnerabilities have the potential to allow unprivileged users to run code with the privileges of the X server. The following vulnerabilities were fixed : - The BDF parser could allocate the a wrong buffer size, leading to out of bound writes (CVE-2015-1802) - The BDF parser could crash when trying to read an invalid pointer (CVE-2015-1803) - The BDF parser could read 32 bit metrics values into 16 bit integers, causing an out-of-bound memory access though integer overflow (CVE-2015-1804) last seen 2020-06-05 modified 2015-03-30 plugin id 82424 published 2015-03-30 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82424 title openSUSE Security Update : libXfont (openSUSE-2015-266) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1708.NASL description From Red Hat Security Advisory 2015:1708 : An updated libXfont package that fixes three security issues is now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont package provides the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. (CVE-2015-1802) An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. (CVE-2015-1804) A NULL pointer dereference flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server. (CVE-2015-1803) All libXfont users are advised to upgrade to this updated package, which contains backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85780 published 2015-09-04 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85780 title Oracle Linux 6 / 7 : libXfont (ELSA-2015-1708) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_F7D79FACCD4911E4898FBCAEC565249C.NASL description Alan Coopersmith reports : Ilja van Sprundel, a security researcher with IOActive, has discovered an issue in the parsing of BDF font files by libXfont. Additional testing by Alan Coopersmith and William Robinet with the American Fuzzy Lop (afl) tool uncovered two more issues in the parsing of BDF font files. As libXfont is used by the X server to read font files, and an unprivileged user with access to the X server can tell the X server to read a given font file from a path of their choosing, these vulnerabilities have the potential to allow unprivileged users to run code with the privileges of the X server (often root access). last seen 2020-06-01 modified 2020-06-02 plugin id 81901 published 2015-03-18 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81901 title FreeBSD : libXfont -- BDF parsing issues (f7d79fac-cd49-11e4-898f-bcaec565249c) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201507-21.NASL description The remote host is affected by the vulnerability described in GLSA-201507-21 (libXfont: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libXfont. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 84935 published 2015-07-23 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84935 title GLSA-201507-21 : libXfont: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1708.NASL description An updated libXfont package that fixes three security issues is now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont package provides the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. (CVE-2015-1802) An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. (CVE-2015-1804) A NULL pointer dereference flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server. (CVE-2015-1803) All libXfont users are advised to upgrade to this updated package, which contains backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 85973 published 2015-09-17 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85973 title RHEL 6 / 7 : libXfont (RHSA-2015:1708) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0120.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2015-1802: missing range check in bdfReadProperties (bug 1258892) - CVE-2015-1803: crash on invalid read in bdfReadCharacters (bug 1258892) - CVE-2015-1804: out-of-bounds memory access in bdfReadCharacters (bug 1258892) last seen 2020-06-01 modified 2020-06-02 plugin id 85784 published 2015-09-04 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85784 title OracleVM 3.3 : libXfont (OVMSA-2015-0120) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-145.NASL description Updated libxfont packages fix security vulnerabilities : Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges (CVE-2014-0209). Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially crafted data that could cause libXfont to crash, or possibly execute arbitrary code (CVE-2014-0210, CVE-2014-0211). The bdf parser reads a count for the number of properties defined in a font from the font file, and allocates arrays with entries for each property based on that count. It never checked to see if that count was negative, or large enough to overflow when multiplied by the size of the structures being allocated, and could thus allocate the wrong buffer size, leading to out of bounds writes (CVE-2015-1802). If the bdf parser failed to parse the data for the bitmap for any character, it would proceed with an invalid pointer to the bitmap data and later crash when trying to read the bitmap from that pointer (CVE-2015-1803). The bdf parser read metrics values as 32-bit integers, but stored them into 16-bit integers. Overflows could occur in various operations leading to out-of-bounds memory access (CVE-2015-1804). last seen 2020-06-01 modified 2020-06-02 plugin id 82398 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82398 title Mandriva Linux Security Advisory : libxfont (MDVSA-2015:145-1) NASL family Fedora Local Security Checks NASL id FEDORA_2015-4230.NASL description Security fix for CVE-2015-1802, CVE-2015-1803, CVE-2015-1804 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-03-25 plugin id 82057 published 2015-03-25 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82057 title Fedora 21 : libXfont-1.5.1-1.fc21 (2015-4230) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1708.NASL description An updated libXfont package that fixes three security issues is now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libXfont package provides the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. (CVE-2015-1802) An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. (CVE-2015-1804) A NULL pointer dereference flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server. (CVE-2015-1803) All libXfont users are advised to upgrade to this updated package, which contains backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 86506 published 2015-10-22 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86506 title CentOS 6 / 7 : libXfont (CESA-2015:1708) NASL family Scientific Linux Local Security Checks NASL id SL_20150903_LIBXFONT_ON_SL6_X.NASL description An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. (CVE-2015-1802) An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. (CVE-2015-1804) A NULL pointer dereference flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server. (CVE-2015-1803) last seen 2020-03-18 modified 2015-09-04 plugin id 85788 published 2015-09-04 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85788 title Scientific Linux Security Update : libXfont on SL6.x, SL7.x i386/x86_64 (20150903) NASL family SuSE Local Security Checks NASL id SUSE_11_XORG-X11-DEVEL-150317.NASL description LibXFont was updated to fix security problems that could be used by local attackers to gain X server privileges (root). The following security issues have been fixed : - The bdf parser reads a count for the number of properties defined in a font from the font file, and allocates arrays with entries for each property based on that count. It never checked to see if that count was negative, or large enough to overflow when multiplied by the size of the structures being allocated, and could thus allocate the wrong buffer size, leading to out of bounds writes. (CVE-2015-1802) - If the bdf parser failed to parse the data for the bitmap for any character, it would proceed with an invalid pointer to the bitmap data and later crash when trying to read the bitmap from that pointer. (CVE-2015-1803) - The bdf parser read metrics values as 32-bit integers, but stored them into 16-bit integers. Overflows could occur in various operations leading to out-of-bounds memory access. (CVE-2015-1804) last seen 2020-06-01 modified 2020-06-02 plugin id 82641 published 2015-04-08 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82641 title SuSE 11.3 Security Update : xorg-x11-libs (SAT Patch Number 10487)
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://advisories.mageia.org/MGASA-2015-0113.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152497.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152838.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00005.html
- http://rhn.redhat.com/errata/RHSA-2015-1708.html
- http://www.debian.org/security/2015/dsa-3194
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:145
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.securityfocus.com/bid/73280
- http://www.securitytracker.com/id/1031935
- http://www.ubuntu.com/usn/USN-2536-1
- http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/
- https://security.gentoo.org/glsa/201507-21