ID CVE-2006-3739
Summary Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:x.org:x.org:6.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:x.org:x.org:6.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:xfree86_project:xfree86_x:*:*:*:*:*:*:*:*
    cpe:2.3:a:xfree86_project:xfree86_x:*:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 17-10-2018 - 21:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:04:27.296-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.
family unix
id oval:org.mitre.oval:def:10305
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.
version 29
redhat via4
advisories
  • rhsa
    id RHSA-2006:0665
  • rhsa
    id RHSA-2006:0666
rpms
  • xorg-x11-0:6.8.2-1.EL.13.37.2
  • xorg-x11-Mesa-libGL-0:6.8.2-1.EL.13.37.2
  • xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.13.37.2
  • xorg-x11-Xdmx-0:6.8.2-1.EL.13.37.2
  • xorg-x11-Xnest-0:6.8.2-1.EL.13.37.2
  • xorg-x11-Xvfb-0:6.8.2-1.EL.13.37.2
  • xorg-x11-deprecated-libs-0:6.8.2-1.EL.13.37.2
  • xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.13.37.2
  • xorg-x11-devel-0:6.8.2-1.EL.13.37.2
  • xorg-x11-doc-0:6.8.2-1.EL.13.37.2
  • xorg-x11-font-utils-0:6.8.2-1.EL.13.37.2
  • xorg-x11-libs-0:6.8.2-1.EL.13.37.2
  • xorg-x11-sdk-0:6.8.2-1.EL.13.37.2
  • xorg-x11-tools-0:6.8.2-1.EL.13.37.2
  • xorg-x11-twm-0:6.8.2-1.EL.13.37.2
  • xorg-x11-xauth-0:6.8.2-1.EL.13.37.2
  • xorg-x11-xdm-0:6.8.2-1.EL.13.37.2
  • xorg-x11-xfs-0:6.8.2-1.EL.13.37.2
  • XFree86-0:4.3.0-113.EL
  • XFree86-100dpi-fonts-0:4.3.0-113.EL
  • XFree86-75dpi-fonts-0:4.3.0-113.EL
  • XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-113.EL
  • XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-113.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-113.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-113.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-113.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-113.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-113.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-113.EL
  • XFree86-Mesa-libGL-0:4.3.0-113.EL
  • XFree86-Mesa-libGLU-0:4.3.0-113.EL
  • XFree86-Xnest-0:4.3.0-113.EL
  • XFree86-Xvfb-0:4.3.0-113.EL
  • XFree86-base-fonts-0:4.3.0-113.EL
  • XFree86-cyrillic-fonts-0:4.3.0-113.EL
  • XFree86-devel-0:4.3.0-113.EL
  • XFree86-doc-0:4.3.0-113.EL
  • XFree86-font-utils-0:4.3.0-113.EL
  • XFree86-libs-0:4.3.0-113.EL
  • XFree86-libs-data-0:4.3.0-113.EL
  • XFree86-sdk-0:4.3.0-113.EL
  • XFree86-syriac-fonts-0:4.3.0-113.EL
  • XFree86-tools-0:4.3.0-113.EL
  • XFree86-truetype-fonts-0:4.3.0-113.EL
  • XFree86-twm-0:4.3.0-113.EL
  • XFree86-xauth-0:4.3.0-113.EL
  • XFree86-xdm-0:4.3.0-113.EL
  • XFree86-xfs-0:4.3.0-113.EL
refmap via4
bid 19974
bugtraq
  • 20060912 rPSA-2006-0167-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
  • 20070330 VMSA-2007-0002 VMware ESX security updates
confirm
debian DSA-1193
gentoo GLSA-200609-07
idefense 20060912 Multiple Vendor X Server CID-keyed Fonts 'CIDAFM()' Integer Overflow Vulnerability
mandriva MDKSA-2006:164
sectrack 1016828
secunia
  • 21864
  • 21889
  • 21890
  • 21894
  • 21900
  • 21904
  • 21908
  • 21924
  • 22080
  • 22141
  • 22332
  • 22560
  • 23033
  • 23899
  • 24636
sunalert
  • 102714
  • 102780
suse SUSE-SR:2006:023
ubuntu USN-344-1
vupen
  • ADV-2006-3581
  • ADV-2006-3582
  • ADV-2007-0322
  • ADV-2007-1171
xf xorg-server-cidafm-overflow(28899)
Last major update 17-10-2018 - 21:29
Published 13-09-2006 - 01:07
Last modified 17-10-2018 - 21:29
Back to Top