ID CVE-2006-6102
Summary Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.
References
Vulnerable Configurations
  • cpe:2.3:a:x.org:x.org:6.8.2
    cpe:2.3:a:x.org:x.org:6.8.2
  • cpe:2.3:a:x.org:x.org:6.9.0
    cpe:2.3:a:x.org:x.org:6.9.0
  • cpe:2.3:a:x.org:x.org:7.0
    cpe:2.3:a:x.org:x.org:7.0
  • cpe:2.3:a:x.org:x.org:7.1
    cpe:2.3:a:x.org:x.org:7.1
  • cpe:2.3:a:xfree86_project:xfree86_x_server
    cpe:2.3:a:xfree86_project:xfree86_x_server
CVSS
Base: 10.0 (as of 10-01-2007 - 10:09)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_XORG-X11-SERVER-2453.NASL
    description This update fixes memory corruptions in the ProcRenderAddGlyphs()/ ProcDbeGetVisualInfo()/ProcDbeSwapBuffers() functions (CVE-2006-6101/ CVE-2006-6102/CVE-2006-6103).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27495
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27495
    title openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-2453)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0003.NASL
    description Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported three integer overflow flaws in the X.org Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 24023
    published 2007-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24023
    title CentOS 4 : xorg-x11 (CESA-2007:0003)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0002.NASL
    description Updated XFree86 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported three integer overflow flaws in the XFree86 Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 24009
    published 2007-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24009
    title RHEL 2.1 / 3 : XFree86 (RHSA-2007:0002)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_36452.NASL
    description s700_800 11.23 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. These vulnerabilities could be exploited by a local user to create a Denial of Service (DoS).
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 26156
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26156
    title HP-UX PHSS_36452 : HP-UX Running Xserver, Local Denial of Service (DoS) (HPSBUX02225 SSRT071295 rev.1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_XORG-X11-SERVER-2449.NASL
    description X server: ProcRenderAddGlyphs Memory Corruption Vulnerability. This update fixes a memory corruption in the ProcRenderAddGlyphs() function (CVE-2006-6101). X server: ProcDbeGetVisualInfo Memory Corruption Vulnerability. This update fixes a memory corruption in the ProcDbeGetVisualInfo() function (CVE-2006-6102). X server: ProcDbeSwapBuffers Memory Corruption Vulnerability. This update fixes a memory corruption in the ProcDbeSwapBuffers() function. (CVE-2006-6103)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29606
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29606
    title SuSE 10 Security Update : xorg-x11-server (ZYPP Patch Number 2449)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-066-02.NASL
    description New x11 packages are available for Slackware 10.2 and 11.0.
    last seen 2018-09-01
    modified 2018-08-09
    plugin id 24788
    published 2007-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24788
    title Slackware 10.2 / 11.0 : x11 (SSA:2007-066-02)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0003.NASL
    description From Red Hat Security Advisory 2007:0003 : Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported three integer overflow flaws in the X.org Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67435
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67435
    title Oracle Linux 4 : xorg-x11 (ELSA-2007-0003)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0003.NASL
    description Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported three integer overflow flaws in the X.org Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 24010
    published 2007-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24010
    title RHEL 4 : xorg-x11 (RHSA-2007:0003)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-403-1.NASL
    description The DBE and Render extensions in X.org were vulnerable to integer overflows, which could lead to memory overwrites. An authenticated user could make a specially crafted request and execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 27991
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27991
    title Ubuntu 5.10 / 6.06 LTS / 6.10 : xorg, xorg-server vulnerabilities (USN-403-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0002.NASL
    description From Red Hat Security Advisory 2007:0002 : Updated XFree86 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported three integer overflow flaws in the XFree86 Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67434
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67434
    title Oracle Linux 3 : XFree86 (ELSA-2007-0002)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1249.NASL
    description Several vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-6101 Sean Larsson discovered an integer overflow in the Render extension, which might lead to denial of service or local privilege escalation. - CVE-2006-6102 Sean Larsson discovered an integer overflow in the DBE extension, which might lead to denial of service or local privilege escalation. - CVE-2006-6103 Sean Larsson discovered an integer overflow in the DBE extension, which might lead to denial of service or local privilege escalation.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 24026
    published 2007-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24026
    title Debian DSA-1249-1 : xfree86 - several vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-005.NASL
    description Sean Larsson of iDefense Labs discovered several vulnerabilities in X.Org/XFree86 : Local exploitation of a memory corruption vulnerability in the 'ProcRenderAddGlyphs()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. (CVE-2006-6101) Local exploitation of a memory corruption vulnerability in the 'ProcDbeGetVisualInfo()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. (CVE-2006-6102) Local exploitation of a memory corruption vulnerability in the 'ProcDbeSwapBuffers()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. (CVE-2006-6103) Updated packages are patched to address these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24621
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24621
    title Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2007:005)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_36123.NASL
    description s700_800 11.31 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. These vulnerabilities could be exploited by a local user to create a Denial of Service (DoS).
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 26150
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26150
    title HP-UX PHSS_36123 : HP-UX Running Xserver, Local Denial of Service (DoS) (HPSBUX02225 SSRT071295 rev.1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200701-25.NASL
    description The remote host is affected by the vulnerability described in GLSA-200701-25 (X.Org X server: Multiple vulnerabilities) Multiple memory corruption vulnerabilities have been found in the ProcDbeGetVisualInfo() and the ProcDbeSwapBuffers() of the DBE extension, and ProcRenderAddGlyphs() in the Render extension. Impact : A local attacker could execute arbitrary code with the privileges of the user running the X server, typically root. Workaround : Disable the DBE extension by removing the 'Load dbe' directive in the Module section of xorg.conf, and explicitly disable the Render extension with ' Option 'RENDER' 'disable' ' in the Extensions section. Note: This could affect the functionality of some applications.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 24310
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24310
    title GLSA-200701-25 : X.Org X server: Multiple vulnerabilities
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_34389.NASL
    description s700_800 11.11 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. These vulnerabilities could be exploited by a local user to create a Denial of Service (DoS).
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 26141
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26141
    title HP-UX PHSS_34389 : HP-UX Running Xserver, Local Denial of Service (DoS) (HPSBUX02225 SSRT071295 rev.1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0002.NASL
    description Updated XFree86 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported three integer overflow flaws in the XFree86 Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 24005
    published 2007-01-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24005
    title CentOS 3 : XFree86 (CESA-2007:0002)
oval via4
accepted 2013-04-29T04:23:57.195-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.
family unix
id oval:org.mitre.oval:def:9991
status accepted
submitted 2010-07-09T03:56:16-04:00
title Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.
version 23
redhat via4
advisories
  • rhsa
    id RHSA-2007:0002
  • rhsa
    id RHSA-2007:0003
rpms
  • XFree86-0:4.3.0-115.EL
  • XFree86-100dpi-fonts-0:4.3.0-115.EL
  • XFree86-75dpi-fonts-0:4.3.0-115.EL
  • XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-115.EL
  • XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-115.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-115.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-115.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-115.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-115.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-115.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-115.EL
  • XFree86-Mesa-libGL-0:4.3.0-115.EL
  • XFree86-Mesa-libGLU-0:4.3.0-115.EL
  • XFree86-Xnest-0:4.3.0-115.EL
  • XFree86-Xvfb-0:4.3.0-115.EL
  • XFree86-base-fonts-0:4.3.0-115.EL
  • XFree86-cyrillic-fonts-0:4.3.0-115.EL
  • XFree86-devel-0:4.3.0-115.EL
  • XFree86-doc-0:4.3.0-115.EL
  • XFree86-font-utils-0:4.3.0-115.EL
  • XFree86-libs-0:4.3.0-115.EL
  • XFree86-libs-data-0:4.3.0-115.EL
  • XFree86-sdk-0:4.3.0-115.EL
  • XFree86-syriac-fonts-0:4.3.0-115.EL
  • XFree86-tools-0:4.3.0-115.EL
  • XFree86-truetype-fonts-0:4.3.0-115.EL
  • XFree86-twm-0:4.3.0-115.EL
  • XFree86-xauth-0:4.3.0-115.EL
  • XFree86-xdm-0:4.3.0-115.EL
  • XFree86-xfs-0:4.3.0-115.EL
  • xorg-x11-0:6.8.2-1.EL.13.37.5
  • xorg-x11-Mesa-libGL-0:6.8.2-1.EL.13.37.5
  • xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.13.37.5
  • xorg-x11-Xdmx-0:6.8.2-1.EL.13.37.5
  • xorg-x11-Xnest-0:6.8.2-1.EL.13.37.5
  • xorg-x11-Xvfb-0:6.8.2-1.EL.13.37.5
  • xorg-x11-deprecated-libs-0:6.8.2-1.EL.13.37.5
  • xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.13.37.5
  • xorg-x11-devel-0:6.8.2-1.EL.13.37.5
  • xorg-x11-doc-0:6.8.2-1.EL.13.37.5
  • xorg-x11-font-utils-0:6.8.2-1.EL.13.37.5
  • xorg-x11-libs-0:6.8.2-1.EL.13.37.5
  • xorg-x11-sdk-0:6.8.2-1.EL.13.37.5
  • xorg-x11-tools-0:6.8.2-1.EL.13.37.5
  • xorg-x11-twm-0:6.8.2-1.EL.13.37.5
  • xorg-x11-xauth-0:6.8.2-1.EL.13.37.5
  • xorg-x11-xdm-0:6.8.2-1.EL.13.37.5
  • xorg-x11-xfs-0:6.8.2-1.EL.13.37.5
refmap via4
bid 21968
confirm
debian DSA-1249
gentoo GLSA-200701-25
hp
  • HPSBUX02225
  • SSRT071295
idefense 20070109 Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability
mandriva MDKSA-2007:005
mlist [x-org announce] 20070109 X.Org Security Advisory: multiple integer overflows in dbe and render extensions
netbsd NetBSD-SA2007-002
osvdb 32085
sectrack 1017495
secunia
  • 23633
  • 23670
  • 23684
  • 23689
  • 23698
  • 23705
  • 23758
  • 23789
  • 23966
  • 24168
  • 24210
  • 24247
  • 24401
  • 25802
slackware SSA:2007-066-02
sunalert 102803
suse SUSE-SA:2007:008
ubuntu USN-403-1
vupen
  • ADV-2007-0108
  • ADV-2007-0109
  • ADV-2007-0589
  • ADV-2007-0669
  • ADV-2007-2233
xf xorg-xserver-dbe-overflow(31376)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 07-12-2016 - 22:00
Published 31-12-2006 - 00:00
Last modified 10-10-2017 - 21:31
Back to Top