ID CVE-2004-0106
Summary Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
References
Vulnerable Configurations
  • cpe:2.3:a:xfree86_project:x11r6:4.1.0
    cpe:2.3:a:xfree86_project:x11r6:4.1.0
  • cpe:2.3:a:xfree86_project:x11r6:4.1.11
    cpe:2.3:a:xfree86_project:x11r6:4.1.11
  • cpe:2.3:a:xfree86_project:x11r6:4.1.12
    cpe:2.3:a:xfree86_project:x11r6:4.1.12
  • cpe:2.3:a:xfree86_project:x11r6:4.2.0
    cpe:2.3:a:xfree86_project:x11r6:4.2.0
  • cpe:2.3:a:xfree86_project:x11r6:4.2.1
    cpe:2.3:a:xfree86_project:x11r6:4.2.1
  • cpe:2.3:a:xfree86_project:x11r6:4.2.1:-:errata
    cpe:2.3:a:xfree86_project:x11r6:4.2.1:-:errata
  • cpe:2.3:a:xfree86_project:x11r6:4.3.0
    cpe:2.3:a:xfree86_project:x11r6:4.3.0
  • OpenBSD 3.3
    cpe:2.3:o:openbsd:openbsd:3.3
  • OpenBSD 3.4
    cpe:2.3:o:openbsd:openbsd:3.4
CVSS
Base: 7.2 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SA_2004_006.NASL
    description The remote host is missing the patch for the advisory SuSE-SA:2004:006 (xf86/XFree86). XFree86 is an open source X Window System implementation that acts as a client-server-based API between different hardware components like display, mouse, keyboard and so on. Several buffer overflows were found in the fontfile code that handles a user-supplied 'fonts.alias' file. The file is processed with root privileges and therefore a successful exploitation of these bugs leads to local root access. There is no known workaround. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, to apply the update use the command 'rpm -Fhv file.rpm'.
    last seen 2019-02-21
    modified 2016-12-27
    plugin id 13824
    published 2004-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13824
    title SuSE-SA:2004:006: xf86/XFree86
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-060.NASL
    description Updated XFree86 packages that fix a privilege escalation vulnerability are now available. XFree86 is an implementation of the X Window System, providing the core graphical user interface and video drivers. iDefense discovered two buffer overflows in the parsing of the 'font.alias' file. A local attacker could exploit this vulnerability by creating a carefully-crafted file and gaining root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0083 and CVE-2004-0084 to these issues. Additionally David Dawes discovered additional flaws in reading font files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0106 to these issues. All users of XFree86 are advised to upgrade to these erratum packages, which contain a backported fix and are not vulnerable to these issues. Red Hat would like to thank David Dawes from XFree86 for the patches and notification of these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 12465
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12465
    title RHEL 2.1 : XFree86 (RHSA-2004:060)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-012.NASL
    description Two buffer overflow vulnerabilities were found by iDEFENSE in XFree86's parsing of the font.alias file. The X server, which runs as root, fails to check the length of user-provided input; as a result a malicious user could craft a malformed font.alias file causing a buffer overflow upon parsing, which could eventually lead to the execution of arbitrary code. Additional vulnerabilities were found by David Dawes, also in the reading of font files. The updated packages have a patch from David Dawes to correct these vulnerabilities.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14112
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14112
    title Mandrake Linux Security Advisory : XFree86 (MDKSA-2004:012)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2004-043-02.NASL
    description New XFree86 base packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix overflows which could possibly be exploited to gain unauthorized root access. All sites running XFree86 should upgrade to the new package.
    last seen 2019-02-21
    modified 2013-06-01
    plugin id 18771
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18771
    title Slackware 8.1 / 9.0 / 9.1 / current : XFree86 security update (SSA:2004-043-02)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_XFREE86_SERVER_430_13.NASL
    description The following package needs to be updated: XFree86-Server
    last seen 2016-09-26
    modified 2011-10-03
    plugin id 12625
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12625
    title FreeBSD : Buffer overflows in XFree86 servers (206)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-061.NASL
    description Updated XFree86 packages that fix a privilege escalation vulnerability are now available. [Update 16 February 2004] Erratum filelist has been modified for x86_64 and s390x only so that the correct multi-lib packages are available. XFree86 is an implementation of the X Window System, providing the core graphical user interface and video drivers. iDefense discovered two buffer overflows in the parsing of the 'font.alias' file. A local attacker could exploit this vulnerability by creating a carefully-crafted file and gaining root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0083 and CVE-2004-0084 to these issues. Additionally David Dawes discovered additional flaws in reading font files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0106 to these issues. All users of XFree86 are advised to upgrade to these erratum packages, which contain a backported fix and are not vulnerable to these issues. Red Hat would like to thank David Dawes from XFree86 for the patches and notification of these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 12466
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12466
    title RHEL 3 : XFree86 (RHSA-2004:061)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-443.NASL
    description A number of vulnerabilities have been discovered in XFree86. The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project : - CAN-2004-0083 : Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CAN-2004-0084. - CAN-2004-0084 : Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CAN-2004-0083. - CAN-2004-0106 : Miscellaneous additional flaws in XFree86's handling of font files. - CAN-2003-0690 : xdm does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module. - CAN-2004-0093, CAN-2004-0094 : Denial-of-service attacks against the X server by clients using the GLX extension and Direct Rendering Infrastructure are possible due to unchecked client data (out-of-bounds array indexes [CAN-2004-0093] and integer signedness errors [CAN-2004-0094]). Exploitation of CAN-2004-0083, CAN-2004-0084, CAN-2004-0106, CAN-2004-0093 and CAN-2004-0094 would require a connection to the X server. By default, display managers in Debian start the X server with a configuration which only accepts local connections, but if the configuration is changed to allow remote connections, or X servers are started by other means, then these bugs could be exploited remotely. Since the X server usually runs with root privileges, these bugs could potentially be exploited to gain root privileges. No attack vector for CAN-2003-0690 is known at this time.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15280
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15280
    title Debian DSA-443-1 : xfree86 - several vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3837F4625D6B11D880E30020ED76EF5A.NASL
    description A number of buffer overflows were recently discovered in XFree86, prompted by initial discoveries by iDEFENSE. These buffer overflows are present in the font alias handling. An attacker with authenticated access to a running X server may exploit these vulnerabilities to obtain root privileges on the machine running the X server.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 37616
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37616
    title FreeBSD : Buffer overflows in XFree86 servers (3837f462-5d6b-11d8-80e3-0020ed76ef5a)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_BF2E7483D3FA440D8C6E8F1F2F018818.NASL
    description Trevor Johnson reported that the Red Hat Linux RPMs used by linux_base contained multiple older vulnerabilities, such as a DNS resolver issue and critical bugs in X font handling and XPM image handling.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 19106
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19106
    title FreeBSD : linux_base -- vulnerabilities in Red Hat 7.1 libraries (bf2e7483-d3fa-440d-8c6e-8f1f2f018818)
oval via4
  • accepted 2013-04-29T04:11:35.380-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
    family unix
    id oval:org.mitre.oval:def:11111
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
    version 23
  • accepted 2007-04-25T19:52:47.539-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Matt Busby
      organization The MITRE Corporation
    • name Thomas R. Jones
      organization Maitreya Security
    description Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
    family unix
    id oval:org.mitre.oval:def:809
    status accepted
    submitted 2004-03-20T12:00:00.000-04:00
    title XFree86 Font File Handling Vulnerability
    version 34
  • accepted 2007-04-25T19:52:58.024-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Matt Busby
      organization The MITRE Corporation
    • name Thomas R. Jones
      organization Maitreya Security
    description Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
    family unix
    id oval:org.mitre.oval:def:832
    status accepted
    submitted 2004-03-20T12:00:00.000-04:00
    title XFree86 Improper Handling of Font Files
    version 34
redhat via4
advisories
  • rhsa
    id RHSA-2004:059
  • rhsa
    id RHSA-2004:060
  • rhsa
    id RHSA-2004:061
refmap via4
conectiva CLA-2004:821
debian DSA-443
fedora FLSA:2314
mandrake MDKSA-2004:012
slackware SSA:2004-043
suse SuSE-SA:2004:006
xf xfree86-multiple-font-improper-handling(15206)
Last major update 17-10-2016 - 22:40
Published 03-03-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top