ID CVE-2007-4990
Summary The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
References
Vulnerable Configurations
  • cpe:2.3:a:x.org:x_font_server:1.0.4
    cpe:2.3:a:x.org:x_font_server:1.0.4
CVSS
Base: 7.5 (as of 08-10-2007 - 15:17)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200710-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-200710-11 (X Font Server: Multiple Vulnerabilities) iDefense reported that the xfs init script does not correctly handle a race condition when setting permissions of a temporary file (CVE-2007-3103). Sean Larsson discovered an integer overflow vulnerability in the build_range() function possibly leading to a heap-based buffer overflow when handling 'QueryXBitmaps' and 'QueryXExtents' protocol requests (CVE-2007-4568). Sean Larsson also discovered an error in the swap_char2b() function possibly leading to a heap corruption when handling the same protocol requests (CVE-2007-4990). Impact : The first issue would allow a local attacker to change permissions of arbitrary files to be world-writable by performing a symlink attack. The second and third issues would allow a local attacker to execute arbitrary code with privileges of the user running the X Font Server, usually xfs. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 27046
    published 2007-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27046
    title GLSA-200710-11 : X Font Server: Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-4263.NASL
    description - Bug #373261 - CVE-2007-4568 xfs integer overflow in the build_range function [f7] - Bug #373331 - CVE-2007-4990 xfs heap overflow in the swap_char2b function [f7] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 29278
    published 2007-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29278
    title Fedora 7 : xorg-x11-xfs-1.0.5-1.fc7 (2007-4263)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080117_XORG_X11_ON_SL4_X.NASL
    description Two integer overflow flaws were found in the X.Org server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) A memory corruption flaw was found in the X.Org server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6427) An input validation flaw was found in the X.Org server's XFree86-Misc extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-5760) An information disclosure flaw was found in the X.Org server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the X server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.Org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the X.Org server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60347
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60347
    title Scientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0030.NASL
    description Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) A memory corruption flaw was found in the X.Org server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6427) An input validation flaw was found in the X.Org server's XFree86-Misc extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-5760) An information disclosure flaw was found in the X.Org server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the X server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.Org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the X.Org server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of xorg-x11 should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 30002
    published 2008-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30002
    title RHEL 4 : xorg-x11 (RHSA-2008:0030)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0029.NASL
    description Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the XFree86 server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the XFree86 server. (CVE-2008-0006) A memory corruption flaw was found in the XFree86 server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6427) An information disclosure flaw was found in the XFree86 server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the XFree86 server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the XFree86 server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of XFree86 are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 30001
    published 2008-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30001
    title RHEL 2.1 / 3 : XFree86 (RHSA-2008:0029)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-210.NASL
    description Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow. (CVE-2007-4568) The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. (CVE-2007-4990) Updated package fixes these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27817
    published 2007-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27817
    title Mandrake Linux Security Advisory : xfs (MDKSA-2007:210)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0030.NASL
    description Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) A memory corruption flaw was found in the X.Org server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6427) An input validation flaw was found in the X.Org server's XFree86-Misc extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-5760) An information disclosure flaw was found in the X.Org server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the X server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.Org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the X.Org server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of xorg-x11 should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43667
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43667
    title CentOS 4 : xorg-x11 (CESA-2008:0030)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_37225.NASL
    description s700_800 11.23 X Font Server Patch : A potential security vulnerability has been identified with HP-UX running the X Font Server (xfs). The vulnerability could be exploited remotely to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 30046
    published 2008-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30046
    title HP-UX PHSS_37225 : HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code (HPSBUX02303 SSRT071468 rev.1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0029.NASL
    description Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the XFree86 server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the XFree86 server. (CVE-2008-0006) A memory corruption flaw was found in the XFree86 server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6427) An information disclosure flaw was found in the XFree86 server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the XFree86 server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the XFree86 server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of XFree86 are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 30022
    published 2008-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30022
    title CentOS 3 : XFree86 (CESA-2008:0029)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_37224.NASL
    description s700_800 11.11 X Font Server Patch : A potential security vulnerability has been identified with HP-UX running the X Font Server (xfs). The vulnerability could be exploited remotely to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 30045
    published 2008-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30045
    title HP-UX PHSS_37224 : HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code (HPSBUX02303 SSRT071468 rev.1)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_37226.NASL
    description s700_800 11.31 X Font Server Patch : A potential security vulnerability has been identified with HP-UX running the X Font Server (xfs). The vulnerability could be exploited remotely to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 30047
    published 2008-01-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30047
    title HP-UX PHSS_37226 : HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code (HPSBUX02303 SSRT071468 rev.1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_XORG-X11-4485.NASL
    description This update fixes the following issues : X Font Server build_range() Integer Overflow Vulnerability [IDEF2708] (CVE-2007-4989), X Font Server swap_char2b() Heap Overflow Vulnerability [IDEF2709] (CVE-2007-4990), Composite extension buffer overflow. (CVE-2007-4730)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 29603
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29603
    title SuSE 10 Security Update : X.org X11 (ZYPP Patch Number 4485)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0029.NASL
    description From Red Hat Security Advisory 2008:0029 : Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the XFree86 server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the XFree86 server. (CVE-2008-0006) A memory corruption flaw was found in the XFree86 server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6427) An information disclosure flaw was found in the XFree86 server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the XFree86 server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the XFree86 server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of XFree86 are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67634
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67634
    title Oracle Linux 3 : XFree86 (ELSA-2008-0029)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080118_XFREE86_ON_SL3.NASL
    description Two integer overflow flaws were found in the XFree86 server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the XFree86 server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the XFree86 server. (CVE-2008-0006) A memory corruption flaw was found in the XFree86 server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6427) An information disclosure flaw was found in the XFree86 server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the XFree86 server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the XFree86 server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60349
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60349
    title Scientific Linux Security Update : XFree86 on SL3.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0030.NASL
    description From Red Hat Security Advisory 2008:0030 : Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) A memory corruption flaw was found in the X.Org server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6427) An input validation flaw was found in the X.Org server's XFree86-Misc extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-5760) An information disclosure flaw was found in the X.Org server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the X server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.Org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the X.Org server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of xorg-x11 should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67635
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67635
    title Oracle Linux 4 : xorg-x11 (ELSA-2008-0030)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-002.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 31605
    published 2008-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31605
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-002)
oval via4
accepted 2013-04-29T04:14:53.412-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
family unix
id oval:org.mitre.oval:def:11599
status accepted
submitted 2010-07-09T03:56:16-04:00
title The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
version 23
redhat via4
advisories
  • rhsa
    id RHSA-2008:0029
  • rhsa
    id RHSA-2008:0030
rpms
  • XFree86-0:4.3.0-126.EL
  • XFree86-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-Mesa-libGL-0:4.3.0-126.EL
  • XFree86-Mesa-libGLU-0:4.3.0-126.EL
  • XFree86-Xnest-0:4.3.0-126.EL
  • XFree86-Xvfb-0:4.3.0-126.EL
  • XFree86-base-fonts-0:4.3.0-126.EL
  • XFree86-cyrillic-fonts-0:4.3.0-126.EL
  • XFree86-devel-0:4.3.0-126.EL
  • XFree86-doc-0:4.3.0-126.EL
  • XFree86-font-utils-0:4.3.0-126.EL
  • XFree86-libs-0:4.3.0-126.EL
  • XFree86-libs-data-0:4.3.0-126.EL
  • XFree86-sdk-0:4.3.0-126.EL
  • XFree86-syriac-fonts-0:4.3.0-126.EL
  • XFree86-tools-0:4.3.0-126.EL
  • XFree86-truetype-fonts-0:4.3.0-126.EL
  • XFree86-twm-0:4.3.0-126.EL
  • XFree86-xauth-0:4.3.0-126.EL
  • XFree86-xdm-0:4.3.0-126.EL
  • XFree86-xfs-0:4.3.0-126.EL
  • xorg-x11-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Mesa-libGL-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Xdmx-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Xnest-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Xvfb-0:6.8.2-1.EL.33.0.2
  • xorg-x11-deprecated-libs-0:6.8.2-1.EL.33.0.2
  • xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.33.0.2
  • xorg-x11-devel-0:6.8.2-1.EL.33.0.2
  • xorg-x11-doc-0:6.8.2-1.EL.33.0.2
  • xorg-x11-font-utils-0:6.8.2-1.EL.33.0.2
  • xorg-x11-libs-0:6.8.2-1.EL.33.0.2
  • xorg-x11-sdk-0:6.8.2-1.EL.33.0.2
  • xorg-x11-tools-0:6.8.2-1.EL.33.0.2
  • xorg-x11-twm-0:6.8.2-1.EL.33.0.2
  • xorg-x11-xauth-0:6.8.2-1.EL.33.0.2
  • xorg-x11-xdm-0:6.8.2-1.EL.33.0.2
  • xorg-x11-xfs-0:6.8.2-1.EL.33.0.2
refmap via4
apple APPLE-SA-2008-03-18
bid 25898
bugtraq 20071003 rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
confirm
fedora FEDORA-2007-4263
gentoo GLSA-200710-11
hp
  • HPSBUX02303
  • SSRT071468
idefense 20071002 Multiple Vendor X Font Server Multiple Vulnerabilities
mandriva MDKSA-2007:210
mlist [xorg-announce] 20071002 [ANNOUNCE] X.Org security advisory: multiple vulnerabilities in X font server
sectrack 1018763
secunia
  • 27040
  • 27052
  • 27060
  • 27176
  • 27228
  • 27240
  • 27560
  • 28004
  • 28514
  • 28536
  • 28542
  • 29420
sunalert
  • 103114
  • 200642
suse SUSE-SA:2007:054
vupen
  • ADV-2007-3337
  • ADV-2007-3338
  • ADV-2007-3467
  • ADV-2008-0149
  • ADV-2008-0924
xf xfs-queryxbitmaps-queryxextents-bo(36920)
statements via4
contributor Mark J Cox
lastmodified 2007-10-08
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4990 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Last major update 07-03-2011 - 21:59
Published 05-10-2007 - 17:17
Last modified 15-10-2018 - 17:39
Back to Top