CVE-2007-4568 - Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows contex

CVE-2007-4568

Summary

Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow.

References

Vulnerable Configurations

cpe:2.3:a:x.org:x_font_server:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x_font_server:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x_font_server:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x_font_server:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x_font_server:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x_font_server:1.0.4:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 13-02-2023 - 02:18)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

oval via4

accepted

2013-04-29T04:09:39.211-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:10882

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa
id RHSA-2008:0029
rhsa
id RHSA-2008:0030

rpms

XFree86-0:4.1.0-86.EL
XFree86-0:4.3.0-126.EL
XFree86-100dpi-fonts-0:4.1.0-86.EL
XFree86-100dpi-fonts-0:4.3.0-126.EL
XFree86-75dpi-fonts-0:4.1.0-86.EL
XFree86-75dpi-fonts-0:4.3.0-126.EL
XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-126.EL
XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-126.EL
XFree86-ISO8859-15-100dpi-fonts-0:4.1.0-86.EL
XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-126.EL
XFree86-ISO8859-15-75dpi-fonts-0:4.1.0-86.EL
XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-126.EL
XFree86-ISO8859-2-100dpi-fonts-0:4.1.0-86.EL
XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-126.EL
XFree86-ISO8859-2-75dpi-fonts-0:4.1.0-86.EL
XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-126.EL
XFree86-ISO8859-9-100dpi-fonts-0:4.1.0-86.EL
XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-126.EL
XFree86-ISO8859-9-75dpi-fonts-0:4.1.0-86.EL
XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-126.EL
XFree86-Mesa-libGL-0:4.3.0-126.EL
XFree86-Mesa-libGLU-0:4.3.0-126.EL
XFree86-Xnest-0:4.1.0-86.EL
XFree86-Xnest-0:4.3.0-126.EL
XFree86-Xvfb-0:4.1.0-86.EL
XFree86-Xvfb-0:4.3.0-126.EL
XFree86-base-fonts-0:4.3.0-126.EL
XFree86-cyrillic-fonts-0:4.1.0-86.EL
XFree86-cyrillic-fonts-0:4.3.0-126.EL
XFree86-devel-0:4.1.0-86.EL
XFree86-devel-0:4.3.0-126.EL
XFree86-doc-0:4.1.0-86.EL
XFree86-doc-0:4.3.0-126.EL
XFree86-font-utils-0:4.3.0-126.EL
XFree86-libs-0:4.1.0-86.EL
XFree86-libs-0:4.3.0-126.EL
XFree86-libs-data-0:4.3.0-126.EL
XFree86-sdk-0:4.3.0-126.EL
XFree86-syriac-fonts-0:4.3.0-126.EL
XFree86-tools-0:4.1.0-86.EL
XFree86-tools-0:4.3.0-126.EL
XFree86-truetype-fonts-0:4.3.0-126.EL
XFree86-twm-0:4.1.0-86.EL
XFree86-twm-0:4.3.0-126.EL
XFree86-xauth-0:4.3.0-126.EL
XFree86-xdm-0:4.1.0-86.EL
XFree86-xdm-0:4.3.0-126.EL
XFree86-xf86cfg-0:4.1.0-86.EL
XFree86-xfs-0:4.1.0-86.EL
XFree86-xfs-0:4.3.0-126.EL
xorg-x11-0:6.8.2-1.EL.33.0.2
xorg-x11-Mesa-libGL-0:6.8.2-1.EL.33.0.2
xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.33.0.2
xorg-x11-Xdmx-0:6.8.2-1.EL.33.0.2
xorg-x11-Xnest-0:6.8.2-1.EL.33.0.2
xorg-x11-Xvfb-0:6.8.2-1.EL.33.0.2
xorg-x11-deprecated-libs-0:6.8.2-1.EL.33.0.2
xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.33.0.2
xorg-x11-devel-0:6.8.2-1.EL.33.0.2
xorg-x11-doc-0:6.8.2-1.EL.33.0.2
xorg-x11-font-utils-0:6.8.2-1.EL.33.0.2
xorg-x11-libs-0:6.8.2-1.EL.33.0.2
xorg-x11-sdk-0:6.8.2-1.EL.33.0.2
xorg-x11-tools-0:6.8.2-1.EL.33.0.2
xorg-x11-twm-0:6.8.2-1.EL.33.0.2
xorg-x11-xauth-0:6.8.2-1.EL.33.0.2
xorg-x11-xdm-0:6.8.2-1.EL.33.0.2
xorg-x11-xfs-0:6.8.2-1.EL.33.0.2

refmap via4

apple	APPLE-SA-2008-02-11 APPLE-SA-2008-03-18
bid	25898
bugtraq	20071003 rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
cert	TA08-043B
confirm	http://bugs.freedesktop.org/show_bug.cgi?id=12298 http://bugs.gentoo.org/show_bug.cgi?id=194606 http://docs.info.apple.com/article.html?artnum=307430 http://docs.info.apple.com/article.html?artnum=307562 https://issues.rpath.com/browse/RPL-1756
debian	DSA-1385
fedora	FEDORA-2007-4263
gentoo	GLSA-200710-11
idefense	20071002 Multiple Vendor X Font Server Multiple Vulnerabilities
mandriva	MDKSA-2007:210
mlist	[xorg-announce] 20071002 [ANNOUNCE] X.Org security advisory: multiple vulnerabilities in X font server
sectrack	1018763
secunia	27040 27052 27060 27168 27176 27228 27240 27560 28004 28536 28542 28891 29420
sunalert	103114 200642
suse	SUSE-SA:2007:054
vupen	ADV-2007-3337 ADV-2007-3338 ADV-2007-3467 ADV-2008-0495 ADV-2008-0924
xf	xfs-protocol-requests-bo(36919)

statements via4

contributor	Mark J Cox
lastmodified	2007-10-08
organization	Red Hat
statement	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4568 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.

Last major update

13-02-2023 - 02:18

Published

05-10-2007 - 21:17

Last modified

13-02-2023 - 02:18