CVE-2006-1526 - Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers t

CVE-2006-1526

Summary

Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.

References

Vulnerable Configurations

cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x11r6:6.7.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x11r6:6.8:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x11r6:6.8.1:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x11r6:6.9:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x11r6:6.9:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 18-10-2018 - 16:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:P

oval via4

accepted

2013-04-29T04:23:24.304-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.

family

unix

oval:org.mitre.oval:def:9929

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.

version

redhat via4

advisories

bugzilla

id	189801
title	CVE-2006-1526 X.Org buffer overflow

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment xorg-x11 is earlier than 0:6.8.2-1.EL.13.25.1
oval oval:com.redhat.rhsa:tst:20060451001
comment xorg-x11 is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451002

AND

comment xorg-x11-Mesa-libGL is earlier than 0:6.8.2-1.EL.13.25.1
oval oval:com.redhat.rhsa:tst:20060451003
comment xorg-x11-Mesa-libGL is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451004

AND

comment xorg-x11-Mesa-libGLU is earlier than 0:6.8.2-1.EL.13.25.1
oval oval:com.redhat.rhsa:tst:20060451005
comment xorg-x11-Mesa-libGLU is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451006

AND
comment xorg-x11-Xdmx is earlier than 0:6.8.2-1.EL.13.25.1
oval oval:com.redhat.rhsa:tst:20060451007
comment xorg-x11-Xdmx is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451008
AND
comment xorg-x11-Xnest is earlier than 0:6.8.2-1.EL.13.25.1
oval oval:com.redhat.rhsa:tst:20060451009
comment xorg-x11-Xnest is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451010
AND
comment xorg-x11-Xvfb is earlier than 0:6.8.2-1.EL.13.25.1
oval oval:com.redhat.rhsa:tst:20060451011
comment xorg-x11-Xvfb is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451012

AND

comment xorg-x11-deprecated-libs is earlier than 0:6.8.2-1.EL.13.25.1
oval oval:com.redhat.rhsa:tst:20060451013
comment xorg-x11-deprecated-libs is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451014

AND

comment xorg-x11-deprecated-libs-devel is earlier than 0:6.8.2-1.EL.13.25.1
oval oval:com.redhat.rhsa:tst:20060451015
comment xorg-x11-deprecated-libs-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451016

AND
comment xorg-x11-devel is earlier than 0:6.8.2-1.EL.13.25.1
oval oval:com.redhat.rhsa:tst:20060451017
comment xorg-x11-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451018
AND
comment xorg-x11-doc is earlier than 0:6.8.2-1.EL.13.25.1
oval oval:com.redhat.rhsa:tst:20060451019
comment xorg-x11-doc is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451020

AND

comment xorg-x11-font-utils is earlier than 0:6.8.2-1.EL.13.25.1
oval oval:com.redhat.rhsa:tst:20060451021
comment xorg-x11-font-utils is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451022

AND
comment xorg-x11-libs is earlier than 0:6.8.2-1.EL.13.25.1
oval oval:com.redhat.rhsa:tst:20060451023
comment xorg-x11-libs is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451024
AND
comment xorg-x11-sdk is earlier than 0:6.8.2-1.EL.13.25.1
oval oval:com.redhat.rhsa:tst:20060451025
comment xorg-x11-sdk is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451026
AND
comment xorg-x11-tools is earlier than 0:6.8.2-1.EL.13.25.1
oval oval:com.redhat.rhsa:tst:20060451027
comment xorg-x11-tools is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451028
AND
comment xorg-x11-twm is earlier than 0:6.8.2-1.EL.13.25.1
oval oval:com.redhat.rhsa:tst:20060451029
comment xorg-x11-twm is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451030
AND
comment xorg-x11-xauth is earlier than 0:6.8.2-1.EL.13.25.1
oval oval:com.redhat.rhsa:tst:20060451031
comment xorg-x11-xauth is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451032
AND
comment xorg-x11-xdm is earlier than 0:6.8.2-1.EL.13.25.1
oval oval:com.redhat.rhsa:tst:20060451033
comment xorg-x11-xdm is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451034
AND
comment xorg-x11-xfs is earlier than 0:6.8.2-1.EL.13.25.1
oval oval:com.redhat.rhsa:tst:20060451035
comment xorg-x11-xfs is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451036

rhsa

id	RHSA-2006:0451
released	2006-05-04
severity	Important
title	RHSA-2006:0451: xorg-x11 security update (Important)

rpms

xorg-x11-0:6.8.2-1.EL.13.25.1
xorg-x11-Mesa-libGL-0:6.8.2-1.EL.13.25.1
xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.13.25.1
xorg-x11-Xdmx-0:6.8.2-1.EL.13.25.1
xorg-x11-Xnest-0:6.8.2-1.EL.13.25.1
xorg-x11-Xvfb-0:6.8.2-1.EL.13.25.1
xorg-x11-deprecated-libs-0:6.8.2-1.EL.13.25.1
xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.13.25.1
xorg-x11-devel-0:6.8.2-1.EL.13.25.1
xorg-x11-doc-0:6.8.2-1.EL.13.25.1
xorg-x11-font-utils-0:6.8.2-1.EL.13.25.1
xorg-x11-libs-0:6.8.2-1.EL.13.25.1
xorg-x11-sdk-0:6.8.2-1.EL.13.25.1
xorg-x11-tools-0:6.8.2-1.EL.13.25.1
xorg-x11-twm-0:6.8.2-1.EL.13.25.1
xorg-x11-xauth-0:6.8.2-1.EL.13.25.1
xorg-x11-xdm-0:6.8.2-1.EL.13.25.1
xorg-x11-xfs-0:6.8.2-1.EL.13.25.1

refmap via4

bid	17795
cert-vn	VU#633257
confirm	https://bugs.freedesktop.org/show_bug.cgi?id=6642
fedora	FLSA:190777
gentoo	GLSA-200605-02
mandriva	MDKSA-2006:081
mlist	[xorg] 20060502 [CVE-2006-1525] X.Org security advisory: Buffer overflow in the Xrender extension
openbsd	[3.8] 007: SECURITY FIX: May 2, 2006
sectrack	1016018
secunia	19900 19915 19916 19921 19943 19951 19956 19983
sunalert	102339
suse	SUSE-SA:2006:023
trustix	2006-0024
ubuntu	USN-280-1
vupen	ADV-2006-1617
xf	xorg-xrender-bo(26200)

Last major update

18-10-2018 - 16:33

Published

02-05-2006 - 21:06

Last modified

18-10-2018 - 16:33