ID CVE-2006-1526
Summary Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.
References
Vulnerable Configurations
  • cpe:2.3:a:x.org:x11r6:6.7.0
    cpe:2.3:a:x.org:x11r6:6.7.0
  • cpe:2.3:a:x.org:x11r6:6.8
    cpe:2.3:a:x.org:x11r6:6.8
  • cpe:2.3:a:x.org:x11r6:6.8.1
    cpe:2.3:a:x.org:x11r6:6.8.1
  • cpe:2.3:a:x.org:x11r6:6.9
    cpe:2.3:a:x.org:x11r6:6.9
CVSS
Base: 2.1 (as of 03-05-2006 - 11:03)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0451.NASL
    description Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces such as GNOME and KDE are designed upon. A buffer overflow flaw in the X.org server RENDER extension was discovered. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-1526) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. This issue does not affect Red Hat Enterprise Linux 2.1 or 3.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21996
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21996
    title CentOS 4 : xorg-x11 (CESA-2006:0451)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2006-123-01.NASL
    description New xorg and xorg-devel packages are available for Slackware 10.1, 10.2, and -current to fix a security issue. A typo in the X render extension in X.Org 6.8.0 or later allows an X client to crash the server and possibly to execute arbitrary code as the X server user (typically this is 'root'.)
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 21342
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21342
    title Slackware 10.1 / 10.2 / current : xorg server overflow (SSA:2006-123-01)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-081.NASL
    description A problem was discovered in xorg-x11 where the X render extension would mis-calculate the size of a buffer, leading to an overflow that could possibly be exploited by clients of the X server. Update : Rafael Bermudez noticed that the patch for 2006 was mis-applied. This update resolves that issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 21356
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21356
    title Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:081-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-280-1.NASL
    description The Render extension of the X.org server incorrectly calculated the size of a memory buffer, which led to a buffer overflow. A local attacker could exploit this to crash the X server or even execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 21374
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21374
    title Ubuntu 5.04 / 5.10 : xorg vulnerability (USN-280-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0451.NASL
    description Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces such as GNOME and KDE are designed upon. A buffer overflow flaw in the X.org server RENDER extension was discovered. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-1526) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. This issue does not affect Red Hat Enterprise Linux 2.1 or 3.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 21367
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21367
    title RHEL 4 : xorg-x11 (RHSA-2006:0451)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200605-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-200605-02 (X.Org: Buffer overflow in XRender extension) X.Org miscalculates the size of a buffer in the XRender extension. Impact : An X.Org user could exploit this issue to make the X server execute arbitrary code with elevated privileges. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 21317
    published 2006-05-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21317
    title GLSA-200605-02 : X.Org: Buffer overflow in XRender extension
oval via4
accepted 2013-04-29T04:23:24.304-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description " instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.
family unix
id oval:org.mitre.oval:def:9929
status accepted
submitted 2010-07-09T03:56:16-04:00
title Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.
version 23
redhat via4
advisories
bugzilla
id 189801
title CVE-2006-1526 X.Org buffer overflow
oval
AND
comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304001
rhsa
id RHSA-2006:0451
released 2006-05-04
severity Important
title RHSA-2006:0451: xorg-x11 security update (Important)
refmap via4
bid 17795
cert-vn VU#633257
confirm https://bugs.freedesktop.org/show_bug.cgi?id=6642
fedora FLSA:190777
gentoo GLSA-200605-02
mandriva MDKSA-2006:081
mlist [xorg] 20060502 [CVE-2006-1525] X.Org security advisory: Buffer overflow in the Xrender extension
openbsd [3.8] 007: SECURITY FIX: May 2, 2006
sectrack 1016018
secunia
  • 19900
  • 19915
  • 19916
  • 19921
  • 19943
  • 19951
  • 19956
  • 19983
sunalert 102339
suse SUSE-SA:2006:023
trustix 2006-0024
ubuntu USN-280-1
vupen ADV-2006-1617
xf xorg-xrender-bo(26200)
Last major update 07-03-2011 - 21:33
Published 02-05-2006 - 17:06
Last modified 18-10-2018 - 12:33
Back to Top