|
 |
|
XFree86 Multiple Integer Overflow Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA9651
|
|
|
Release Date:
|
2003-09-02
|
|
Last Update:
|
2003-09-12
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Privilege escalation
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | XFree86 4.3.x
|
| | CVE reference: | CVE-2003-0730 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Multiple vulnerabilities have been reported in XFree86, which potentially can be exploited by malicious users to escalate their privileges on a vulnerable system or compromise it.
The vulnerabilities are caused due to integer overflows in the XFree86 font libraries. Reportedly, the problem is more specifically in the functions handling the transfer and enumeration of fonts from font servers to clients. Since various input isn't checked sufficiently, it is possible to cause a miscalculation of the required buffer sizes, which may lead to buffer overflows.
A malicious user can exploit this to escalate privileges on a vulnerable system by specifying a malicious font server. A malicious person may potentially also be able to compromise a vulnerable system if either xfs or XServer is running in a non-default configuration acting as a client to a font server.
The vulnerabilities have been reported in version 4.3.0.
Solution:
The vulnerabilities have been fixed in the XFree86 4.3.0.2 CVS version.
Exploitation can also be prevented by removing the XFree86 suid bit and ensuring that xfs and Xserver only include trusted font servers in their font search paths.
Provided and/or discovered by:
blexim, Matthieu Herrb.
Original Advisory:
XFree86 4.3 Branch CVS Change Log:
http://www.xfree86.org/cvs/changes_4_3.html
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
9 Related Secunia Security Advisories
|
|
|
1. XFree86 X Font Server Multiple Vulnerabilities
|
|
2. XFree86 Multiple Vulnerabilities
|
|
3. XFree86 "DBE" and "Render" Extensions Vulnerabilities
|
|
4. XFree86 CID Encoded Fonts Integer Overflows
|
|
5. XFree86 PCF Integer Overflow Vulnerabilities
|
|
6. XFree86 Pixmap Creation Integer Overflow Vulnerability
|
|
7. XFree86 Multiple Vulnerabilities
|
|
8. XFree86 "font.alias" File Parsing Privilege Escalation Vulnerabilities
|
|
9. XFree Weak Session Cookies
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
