ID CVE-2008-0006
Summary Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.
References
Vulnerable Configurations
  • Sun Solaris libfont
    cpe:2.3:a:sun:solaris_libfont
  • Sun Solaris libXfont
    cpe:2.3:a:sun:solaris_libxfont
  • cpe:2.3:a:x.org:xserver:1.4
    cpe:2.3:a:x.org:xserver:1.4
CVSS
Base: 7.5 (as of 21-01-2008 - 09:13)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_118908.NASL
    description X11 6.7.0_x86: Xorg patch. Date this patch was last updated by Sun : Sep/23/08
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 23609
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23609
    title Solaris 9 (x86) : 118908-06
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080117_XORG_X11_ON_SL4_X.NASL
    description Two integer overflow flaws were found in the X.Org server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) A memory corruption flaw was found in the X.Org server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6427) An input validation flaw was found in the X.Org server's XFree86-Misc extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-5760) An information disclosure flaw was found in the X.Org server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the X server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.Org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the X.Org server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60347
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60347
    title Scientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0030.NASL
    description Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) A memory corruption flaw was found in the X.Org server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6427) An input validation flaw was found in the X.Org server's XFree86-Misc extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-5760) An information disclosure flaw was found in the X.Org server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the X server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.Org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the X.Org server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of xorg-x11 should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 30002
    published 2008-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30002
    title RHEL 4 : xorg-x11 (RHSA-2008:0030)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0029.NASL
    description Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the XFree86 server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the XFree86 server. (CVE-2008-0006) A memory corruption flaw was found in the XFree86 server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6427) An information disclosure flaw was found in the XFree86 server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the XFree86 server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the XFree86 server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of XFree86 are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 30001
    published 2008-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30001
    title RHEL 2.1 / 3 : XFree86 (RHSA-2008:0029)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0064.NASL
    description An updated X.Org libXfont package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libXfont package contains the X.Org X11 libXfont runtime library. A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) Users of X.Org libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43671
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43671
    title CentOS 5 : libXfont (CESA-2008:0064)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0030.NASL
    description Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) A memory corruption flaw was found in the X.Org server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6427) An input validation flaw was found in the X.Org server's XFree86-Misc extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-5760) An information disclosure flaw was found in the X.Org server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the X server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.Org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the X.Org server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of xorg-x11 should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43667
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43667
    title CentOS 4 : xorg-x11 (CESA-2008:0030)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-0891.NASL
    description CVE-2008-0006 Xorg / XFree86 PCF font parser buffer overflow Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 30079
    published 2008-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30079
    title Fedora 7 : libXfont-1.2.9-3.fc7 (2008-0891)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_37972.NASL
    description s700_800 11.23 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. The vulnerabilities could be exploited remotely to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 34737
    published 2008-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34737
    title HP-UX PHSS_37972 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080117_LIBXFONT_ON_SL5_X.NASL
    description A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60346
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60346
    title Scientific Linux Security Update : libXfont on SL5.x i386/x86_64
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_38840.NASL
    description s700_800 11.31 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. The vulnerabilities could be exploited remotely to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 34738
    published 2008-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34738
    title HP-UX PHSS_38840 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)
  • NASL family HP-UX Local Security Checks
    NASL id HPUX_PHSS_34392.NASL
    description s700_800 11.11 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. The vulnerabilities could be exploited remotely to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 34736
    published 2008-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34736
    title HP-UX PHSS_34392 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-0794.NASL
    description CVE-2008-0006 Xorg / XFree86 PCF font parser buffer overflow Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 30074
    published 2008-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30074
    title Fedora 8 : libXfont-1.3.1-2.fc8 (2008-0794)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0029.NASL
    description Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the XFree86 server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the XFree86 server. (CVE-2008-0006) A memory corruption flaw was found in the XFree86 server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6427) An information disclosure flaw was found in the XFree86 server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the XFree86 server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the XFree86 server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of XFree86 are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 30022
    published 2008-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30022
    title CentOS 3 : XFree86 (CESA-2008:0029)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-024.NASL
    description A heap-based buffer overflow flaw was found in how the X.org server handled malformed font files that could allow a malicious local user to potentially execute arbitrary code with the privileges of the X.org server (CVE-2008-0006). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 36558
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36558
    title Mandriva Linux Security Advisory : libxfont (MDVSA-2008:024)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0064.NASL
    description From Red Hat Security Advisory 2008:0064 : An updated X.Org libXfont package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libXfont package contains the X.Org X11 libXfont runtime library. A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) Users of X.Org libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 67644
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67644
    title Oracle Linux 5 : libXfont (ELSA-2008-0064)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0064.NASL
    description An updated X.Org libXfont package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libXfont package contains the X.Org X11 libXfont runtime library. A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) Users of X.Org libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 30004
    published 2008-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30004
    title RHEL 5 : libXfont (RHSA-2008:0064)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0029.NASL
    description From Red Hat Security Advisory 2008:0029 : Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the XFree86 server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the XFree86 server. (CVE-2008-0006) A memory corruption flaw was found in the XFree86 server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6427) An information disclosure flaw was found in the XFree86 server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the XFree86 server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the XFree86 server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of XFree86 are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67634
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67634
    title Oracle Linux 3 : XFree86 (ELSA-2008-0029)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080118_XFREE86_ON_SL3.NASL
    description Two integer overflow flaws were found in the XFree86 server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the XFree86 server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the XFree86 server. (CVE-2008-0006) A memory corruption flaw was found in the XFree86 server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6427) An information disclosure flaw was found in the XFree86 server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the XFree86 server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the XFree86 server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60349
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60349
    title Scientific Linux Security Update : XFree86 on SL3.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0030.NASL
    description From Red Hat Security Advisory 2008:0030 : Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) A memory corruption flaw was found in the X.Org server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6427) An input validation flaw was found in the X.Org server's XFree86-Misc extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-5760) An information disclosure flaw was found in the X.Org server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the X server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.Org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the X.Org server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of xorg-x11 should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67635
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67635
    title Oracle Linux 4 : xorg-x11 (ELSA-2008-0030)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_XGL-5100.NASL
    description This update fixes several integer overflows in Xgl. (CVE-2007-6429 / CVE-2007-1003 / CVE-2007-5958 / CVE-2007-6427 / CVE-2007-6428 / CVE-2007-6429 / CVE-2008-0006)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 31780
    published 2008-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31780
    title SuSE 10 Security Update : Xgl (ZYPP Patch Number 5100)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_125719-54.NASL
    description X11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Oct/13/14
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107436
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107436
    title Solaris 10 (sparc) : 125719-54
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-023.NASL
    description An input validation flaw was found in the X.org server's XFree86-Misc extension that could allow a malicious authorized client to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.org server (CVE-2007-5760). A flaw was found in the X.org server's XC-SECURITY extension that could allow a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user (CVE-2007-5958). A memory corruption flaw was found in the X.org server's XInput extension that could allow a malicious authorized client to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server (CVE-2007-6427). An information disclosure flaw was found in the X.org server's TOG-CUP extension that could allow a malicious authorized client to cause a denial of service (crash) or potentially view arbitrary memory content within the X.org server's address space (CVE-2007-6428). Two integer overflow flaws were found in the X.org server's EVI and MIT-SHM modules that could allow a malicious authorized client to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server (CVE-2007-6429). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37567
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37567
    title Mandriva Linux Security Advisory : x11-server (MDVSA-2008:023)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1466.NASL
    description The X.org fix for CVE-2007-6429 introduced a regression in the MIT-SHM extension, which prevented the start of a few applications. This update provides updated packages for the xfree86 version included in Debian old stable (sarge) in addition to the fixed packages for Debian stable (etch), which were provided in DSA 1466-2. For reference the original advisory text below : Several local vulnerabilities have been discovered in the X.Org X server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5760 'regenrecht' discovered that missing input sanitising within the XFree86-Misc extension may lead to local privilege escalation. - CVE-2007-5958 It was discovered that error messages of security policy file handling may lead to a minor information leak disclosing the existence of files otherwise inaccessible to the user. - CVE-2007-6427 'regenrecht' discovered that missing input sanitising within the XInput-Misc extension may lead to local privilege escalation. - CVE-2007-6428 'regenrecht' discovered that missing input sanitising within the TOG-CUP extension may lead to disclosure of memory contents. - CVE-2007-6429 'regenrecht' discovered that integer overflows in the EVI and MIT-SHM extensions may lead to local privilege escalation. - CVE-2008-0006 It was discovered that insufficient validation of PCF fonts could lead to local privilege escalation.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 30059
    published 2008-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30059
    title Debian DSA-1466-1 : xorg-server - several vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-0831.NASL
    description CVE-2007-5760: XFree86-Misc Extension Invalid Array Index Vulnerability CVE-2007-5958: Xorg / XFree86 file existence disclosure vulnerability CVE-2007-6427: XInput Extension Memory Corruption Vulnerability CVE-2007-6428: TOG-CUP Extension Memory Corruption Vulnerability CVE-2007-6429: EVI and MIT-SHM Extension Integer Overflow Vulnerability CVE-2008-0006: PCF Font Vulnerability - this patch isn't strictly required with new version of libXfont. This contains ajax's fixes for the MITSHM patch. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 30076
    published 2008-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30076
    title Fedora 7 : xorg-x11-server-1.3.0.0-15.fc7 (2008-0831)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_125719-42.NASL
    description X11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Nov/28/11
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107435
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107435
    title Solaris 10 (sparc) : 125719-42
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-571-1.NASL
    description Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429) It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. (CVE-2007-5958) It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges. (CVE-2008-0006). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 30019
    published 2008-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30019
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libxfont, xorg-server vulnerabilities (USN-571-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-571-2.NASL
    description USN-571-1 fixed vulnerabilities in X.org. The upstream fixes were incomplete, and under certain situations, applications using the MIT-SHM extension (e.g. Java, wxWidgets) would crash with BadAlloc X errors. This update fixes the problem. We apologize for the inconvenience. Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429) It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. (CVE-2007-5958) It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges. (CVE-2008-0006). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 30042
    published 2008-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30042
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : xorg-server regression (USN-571-2)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_125719-55.NASL
    description X11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Jul/13/15
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107437
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107437
    title Solaris 10 (sparc) : 125719-55
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_FE2B6597C9A411DC8DA80008A18A9961.NASL
    description Matthieu Herrb of X.Org reports : Several vulnerabilities have been identified in server code of the X window system caused by lack of proper input validation on user controlled data in various parts of the software, causing various kinds of overflows. Exploiting these overflows will crash the X server or, under certain circumstances allow the execution of arbitrary machine code. When the X server is running with root privileges (which is the case for the Xorg server and for most kdrive based servers), these vulnerabilities can thus also be used to raise privileges. All these vulnerabilities, to be exploited succesfully, require either an already established connection to a running X server (and normally running X servers are only accepting authenticated connections), or a shell access with a valid user on the machine where the vulnerable server is installed.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 30088
    published 2008-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30088
    title FreeBSD : xorg -- multiple vulnerabilities (fe2b6597-c9a4-11dc-8da8-0008a18a9961)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_XGL-5099.NASL
    description This update fixes several integer overflows in Xgl (CVE-2007-6429, CVE-2007-1003, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 31779
    published 2008-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31779
    title openSUSE 10 Security Update : xgl (xgl-5099)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-002.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 31605
    published 2008-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31605
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-002)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_125719-57.NASL
    description X11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Mar/09/17
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107439
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107439
    title Solaris 10 (sparc) : 125719-57
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200801-09.NASL
    description The remote host is affected by the vulnerability described in GLSA-200801-09 (X.Org X server and Xfont library: Multiple vulnerabilities) regenrecht reported multiple vulnerabilities in various X server extension via iDefense: The XFree86-Misc extension does not properly sanitize a parameter within a PassMessage request, allowing the modification of a function pointer (CVE-2007-5760). Multiple functions in the XInput extension do not properly sanitize client requests for swapping bytes, leading to corruption of heap memory (CVE-2007-6427). Integer overflow vulnerabilities in the EVI extension and in the MIT-SHM extension can lead to buffer overflows (CVE-2007-6429). The TOG-CUP extension does not sanitize an index value in the ProcGetReservedColormapEntries() function, leading to arbitrary memory access (CVE-2007-6428). A buffer overflow was discovered in the Xfont library when processing PCF font files (CVE-2008-0006). The X server does not enforce restrictions when a user specifies a security policy file and attempts to open it (CVE-2007-5958). Impact : Remote attackers could exploit the vulnerability in the Xfont library by enticing a user to load a specially crafted PCF font file resulting in the execution of arbitrary code with the privileges of the user running the X server, typically root. Local attackers could exploit this and the vulnerabilities in the X.org extensions to gain elevated privileges. If the X server allows connections from the network, these vulnerabilities could be exploited remotely. A local attacker could determine the existence of arbitrary files by exploiting the last vulnerability or possibly cause a Denial of Service. Workaround : Workarounds for some of the vulnerabilities can be found in the X.Org security advisory as listed under References.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 30033
    published 2008-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30033
    title GLSA-200801-09 : X.Org X server and Xfont library: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-0760.NASL
    description CVE-2007-5760: XFree86-Misc Extension Invalid Array Index Vulnerability CVE-2007-5958: Xorg / XFree86 file existence disclosure vulnerability CVE-2007-6427: XInput Extension Memory Corruption Vulnerability CVE-2007-6428: TOG-CUP Extension Memory Corruption Vulnerability CVE-2007-6429: EVI and MIT-SHM Extension Integer Overflow Vulnerability CVE-2008-0006: PCF Font Vulnerability - this patch isn't strictly required with new version of libXfont. Contains updated fix for MITSHM from ajax. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 30073
    published 2008-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30073
    title Fedora 8 : xorg-x11-server-1.3.0.0-39.fc8 (2008-0760)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_125719-56.NASL
    description X11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Nov/12/15
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107438
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107438
    title Solaris 10 (sparc) : 125719-56
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_125719.NASL
    description X11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Jun/15/17 This plugin has been deprecated and either replaced with individual 125719 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 26989
    published 2007-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26989
    title Solaris 10 (sparc) : 125719-58 (deprecated)
oval via4
accepted 2013-04-29T04:00:27.589-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.
family unix
id oval:org.mitre.oval:def:10021
status accepted
submitted 2010-07-09T03:56:16-04:00
title Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.
version 25
redhat via4
advisories
  • bugzilla
    id 428044
    title CVE-2008-0006 Xorg / XFree86 PCF font parser buffer overflow
    oval
    AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhba:tst:20070026001
    • OR
      • AND
        • comment XFree86 is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029002
        • comment XFree86 is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002003
      • AND
        • comment XFree86-100dpi-fonts is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029054
        • comment XFree86-100dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002017
      • AND
        • comment XFree86-75dpi-fonts is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029032
        • comment XFree86-75dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002033
      • AND
        • comment XFree86-ISO8859-14-100dpi-fonts is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029058
        • comment XFree86-ISO8859-14-100dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002007
      • AND
        • comment XFree86-ISO8859-14-75dpi-fonts is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029036
        • comment XFree86-ISO8859-14-75dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002009
      • AND
        • comment XFree86-ISO8859-15-100dpi-fonts is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029052
        • comment XFree86-ISO8859-15-100dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002049
      • AND
        • comment XFree86-ISO8859-15-75dpi-fonts is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029004
        • comment XFree86-ISO8859-15-75dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002043
      • AND
        • comment XFree86-ISO8859-2-100dpi-fonts is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029034
        • comment XFree86-ISO8859-2-100dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002039
      • AND
        • comment XFree86-ISO8859-2-75dpi-fonts is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029006
        • comment XFree86-ISO8859-2-75dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002005
      • AND
        • comment XFree86-ISO8859-9-100dpi-fonts is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029050
        • comment XFree86-ISO8859-9-100dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002055
      • AND
        • comment XFree86-ISO8859-9-75dpi-fonts is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029008
        • comment XFree86-ISO8859-9-75dpi-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002037
      • AND
        • comment XFree86-Mesa-libGL is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029056
        • comment XFree86-Mesa-libGL is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002011
      • AND
        • comment XFree86-Mesa-libGLU is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029044
        • comment XFree86-Mesa-libGLU is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002027
      • AND
        • comment XFree86-Xnest is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029014
        • comment XFree86-Xnest is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002035
      • AND
        • comment XFree86-Xvfb is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029040
        • comment XFree86-Xvfb is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002053
      • AND
        • comment XFree86-base-fonts is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029030
        • comment XFree86-base-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002029
      • AND
        • comment XFree86-cyrillic-fonts is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029038
        • comment XFree86-cyrillic-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002019
      • AND
        • comment XFree86-devel is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029012
        • comment XFree86-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002031
      • AND
        • comment XFree86-doc is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029042
        • comment XFree86-doc is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002015
      • AND
        • comment XFree86-font-utils is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029048
        • comment XFree86-font-utils is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002021
      • AND
        • comment XFree86-libs is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029060
        • comment XFree86-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002057
      • AND
        • comment XFree86-libs-data is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029024
        • comment XFree86-libs-data is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002059
      • AND
        • comment XFree86-sdk is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029018
        • comment XFree86-sdk is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002013
      • AND
        • comment XFree86-syriac-fonts is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029028
        • comment XFree86-syriac-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002061
      • AND
        • comment XFree86-tools is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029016
        • comment XFree86-tools is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002025
      • AND
        • comment XFree86-truetype-fonts is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029046
        • comment XFree86-truetype-fonts is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002041
      • AND
        • comment XFree86-twm is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029026
        • comment XFree86-twm is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002051
      • AND
        • comment XFree86-xauth is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029020
        • comment XFree86-xauth is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002047
      • AND
        • comment XFree86-xdm is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029022
        • comment XFree86-xdm is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002045
      • AND
        • comment XFree86-xfs is earlier than 0:4.3.0-126.EL
          oval oval:com.redhat.rhsa:tst:20080029010
        • comment XFree86-xfs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070002023
    rhsa
    id RHSA-2008:0029
    released 2008-01-18
    severity Important
    title RHSA-2008:0029: XFree86 security update (Important)
  • bugzilla
    id 428044
    title CVE-2008-0006 Xorg / XFree86 PCF font parser buffer overflow
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304001
    • OR
      • AND
        • comment xorg-x11 is earlier than 0:6.8.2-1.EL.33.0.2
          oval oval:com.redhat.rhsa:tst:20080030002
        • comment xorg-x11 is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003003
      • AND
        • comment xorg-x11-Mesa-libGL is earlier than 0:6.8.2-1.EL.33.0.2
          oval oval:com.redhat.rhsa:tst:20080030008
        • comment xorg-x11-Mesa-libGL is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003021
      • AND
        • comment xorg-x11-Mesa-libGLU is earlier than 0:6.8.2-1.EL.33.0.2
          oval oval:com.redhat.rhsa:tst:20080030022
        • comment xorg-x11-Mesa-libGLU is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003019
      • AND
        • comment xorg-x11-Xdmx is earlier than 0:6.8.2-1.EL.33.0.2
          oval oval:com.redhat.rhsa:tst:20080030026
        • comment xorg-x11-Xdmx is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003013
      • AND
        • comment xorg-x11-Xnest is earlier than 0:6.8.2-1.EL.33.0.2
          oval oval:com.redhat.rhsa:tst:20080030020
        • comment xorg-x11-Xnest is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003037
      • AND
        • comment xorg-x11-Xvfb is earlier than 0:6.8.2-1.EL.33.0.2
          oval oval:com.redhat.rhsa:tst:20080030006
        • comment xorg-x11-Xvfb is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003033
      • AND
        • comment xorg-x11-deprecated-libs is earlier than 0:6.8.2-1.EL.33.0.2
          oval oval:com.redhat.rhsa:tst:20080030034
        • comment xorg-x11-deprecated-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003029
      • AND
        • comment xorg-x11-deprecated-libs-devel is earlier than 0:6.8.2-1.EL.33.0.2
          oval oval:com.redhat.rhsa:tst:20080030010
        • comment xorg-x11-deprecated-libs-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003027
      • AND
        • comment xorg-x11-devel is earlier than 0:6.8.2-1.EL.33.0.2
          oval oval:com.redhat.rhsa:tst:20080030030
        • comment xorg-x11-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003011
      • AND
        • comment xorg-x11-doc is earlier than 0:6.8.2-1.EL.33.0.2
          oval oval:com.redhat.rhsa:tst:20080030004
        • comment xorg-x11-doc is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003015
      • AND
        • comment xorg-x11-font-utils is earlier than 0:6.8.2-1.EL.33.0.2
          oval oval:com.redhat.rhsa:tst:20080030032
        • comment xorg-x11-font-utils is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003025
      • AND
        • comment xorg-x11-libs is earlier than 0:6.8.2-1.EL.33.0.2
          oval oval:com.redhat.rhsa:tst:20080030014
        • comment xorg-x11-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003009
      • AND
        • comment xorg-x11-sdk is earlier than 0:6.8.2-1.EL.33.0.2
          oval oval:com.redhat.rhsa:tst:20080030028
        • comment xorg-x11-sdk is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003007
      • AND
        • comment xorg-x11-tools is earlier than 0:6.8.2-1.EL.33.0.2
          oval oval:com.redhat.rhsa:tst:20080030024
        • comment xorg-x11-tools is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003031
      • AND
        • comment xorg-x11-twm is earlier than 0:6.8.2-1.EL.33.0.2
          oval oval:com.redhat.rhsa:tst:20080030018
        • comment xorg-x11-twm is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003035
      • AND
        • comment xorg-x11-xauth is earlier than 0:6.8.2-1.EL.33.0.2
          oval oval:com.redhat.rhsa:tst:20080030012
        • comment xorg-x11-xauth is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003017
      • AND
        • comment xorg-x11-xdm is earlier than 0:6.8.2-1.EL.33.0.2
          oval oval:com.redhat.rhsa:tst:20080030036
        • comment xorg-x11-xdm is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003023
      • AND
        • comment xorg-x11-xfs is earlier than 0:6.8.2-1.EL.33.0.2
          oval oval:com.redhat.rhsa:tst:20080030016
        • comment xorg-x11-xfs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070003005
    rhsa
    id RHSA-2008:0030
    released 2008-01-17
    severity Important
    title RHSA-2008:0030: xorg-x11 security update (Important)
  • bugzilla
    id 428044
    title CVE-2008-0006 Xorg / XFree86 PCF font parser buffer overflow
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment libXfont is earlier than 0:1.2.2-1.0.3.el5_1
          oval oval:com.redhat.rhsa:tst:20080064002
        • comment libXfont is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070132003
      • AND
        • comment libXfont-devel is earlier than 0:1.2.2-1.0.3.el5_1
          oval oval:com.redhat.rhsa:tst:20080064004
        • comment libXfont-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070132005
    rhsa
    id RHSA-2008:0064
    released 2008-01-17
    severity Important
    title RHSA-2008:0064: libXfont security update (Important)
rpms
  • XFree86-0:4.3.0-126.EL
  • XFree86-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-Mesa-libGL-0:4.3.0-126.EL
  • XFree86-Mesa-libGLU-0:4.3.0-126.EL
  • XFree86-Xnest-0:4.3.0-126.EL
  • XFree86-Xvfb-0:4.3.0-126.EL
  • XFree86-base-fonts-0:4.3.0-126.EL
  • XFree86-cyrillic-fonts-0:4.3.0-126.EL
  • XFree86-devel-0:4.3.0-126.EL
  • XFree86-doc-0:4.3.0-126.EL
  • XFree86-font-utils-0:4.3.0-126.EL
  • XFree86-libs-0:4.3.0-126.EL
  • XFree86-libs-data-0:4.3.0-126.EL
  • XFree86-sdk-0:4.3.0-126.EL
  • XFree86-syriac-fonts-0:4.3.0-126.EL
  • XFree86-tools-0:4.3.0-126.EL
  • XFree86-truetype-fonts-0:4.3.0-126.EL
  • XFree86-twm-0:4.3.0-126.EL
  • XFree86-xauth-0:4.3.0-126.EL
  • XFree86-xdm-0:4.3.0-126.EL
  • XFree86-xfs-0:4.3.0-126.EL
  • xorg-x11-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Mesa-libGL-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Xdmx-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Xnest-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Xvfb-0:6.8.2-1.EL.33.0.2
  • xorg-x11-deprecated-libs-0:6.8.2-1.EL.33.0.2
  • xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.33.0.2
  • xorg-x11-devel-0:6.8.2-1.EL.33.0.2
  • xorg-x11-doc-0:6.8.2-1.EL.33.0.2
  • xorg-x11-font-utils-0:6.8.2-1.EL.33.0.2
  • xorg-x11-libs-0:6.8.2-1.EL.33.0.2
  • xorg-x11-sdk-0:6.8.2-1.EL.33.0.2
  • xorg-x11-tools-0:6.8.2-1.EL.33.0.2
  • xorg-x11-twm-0:6.8.2-1.EL.33.0.2
  • xorg-x11-xauth-0:6.8.2-1.EL.33.0.2
  • xorg-x11-xdm-0:6.8.2-1.EL.33.0.2
  • xorg-x11-xfs-0:6.8.2-1.EL.33.0.2
  • libXfont-0:1.2.2-1.0.3.el5_1
  • libXfont-devel-0:1.2.2-1.0.3.el5_1
refmap via4
apple APPLE-SA-2008-03-18
bid
  • 27336
  • 27352
bugtraq 20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
cert-vn VU#203220
confirm
fedora
  • FEDORA-2008-0760
  • FEDORA-2008-0794
  • FEDORA-2008-0831
  • FEDORA-2008-0891
gentoo
  • GLSA-200801-09
  • GLSA-200804-05
  • GLSA-200805-07
hp
  • HPSBUX02381
  • SSRT080083
jvn JVN#88935101
jvndb JVNDB-2008-001043
mandriva
  • MDVSA-2008:021
  • MDVSA-2008:022
  • MDVSA-2008:024
mlist [xorg] 20080117 X.Org security advisory: multiple vulnerabilities in the X server
openbsd
  • [4.1] 20080208 012: SECURITY FIX: February 8, 2008
  • [4.2] 20080208 006: SECURITY FIX: February 8, 2008
sectrack 1019232
secunia
  • 28273
  • 28500
  • 28532
  • 28535
  • 28536
  • 28540
  • 28542
  • 28544
  • 28550
  • 28571
  • 28592
  • 28621
  • 28718
  • 28843
  • 28885
  • 28941
  • 29139
  • 29420
  • 29622
  • 29707
  • 30161
  • 32545
sunalert
  • 103192
  • 201230
suse
  • SUSE-SA:2008:003
  • SUSE-SR:2008:008
ubuntu USN-571-1
vupen
  • ADV-2008-0179
  • ADV-2008-0184
  • ADV-2008-0497
  • ADV-2008-0703
  • ADV-2008-0924
  • ADV-2008-3000
xf xorg-pcffont-bo(39767)
Last major update 07-03-2011 - 22:03
Published 18-01-2008 - 18:00
Last modified 15-10-2018 - 17:56
Back to Top