CVE-2006-6102 - Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7

CVE-2006-6102

Summary

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.

References

Vulnerable Configurations

cpe:2.3:a:x.org:x.org:6.8.2:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x.org:6.8.2:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x.org:6.9.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x.org:6.9.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x.org:7.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x.org:7.0:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x.org:7.1:*:*:*:*:*:*:*
cpe:2.3:a:x.org:x.org:7.1:*:*:*:*:*:*:*
cpe:2.3:a:xfree86_project:xfree86_x_server:*:*:*:*:*:*:*:*
cpe:2.3:a:xfree86_project:xfree86_x_server:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 11-10-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

oval via4

accepted

2013-04-29T04:23:57.195-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:9991

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa
id RHSA-2007:0002
rhsa
id RHSA-2007:0003

rpms

XFree86-0:4.1.0-78.EL
XFree86-0:4.3.0-115.EL
XFree86-100dpi-fonts-0:4.1.0-78.EL
XFree86-100dpi-fonts-0:4.3.0-115.EL
XFree86-75dpi-fonts-0:4.1.0-78.EL
XFree86-75dpi-fonts-0:4.3.0-115.EL
XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-115.EL
XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-115.EL
XFree86-ISO8859-15-100dpi-fonts-0:4.1.0-78.EL
XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-115.EL
XFree86-ISO8859-15-75dpi-fonts-0:4.1.0-78.EL
XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-115.EL
XFree86-ISO8859-2-100dpi-fonts-0:4.1.0-78.EL
XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-115.EL
XFree86-ISO8859-2-75dpi-fonts-0:4.1.0-78.EL
XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-115.EL
XFree86-ISO8859-9-100dpi-fonts-0:4.1.0-78.EL
XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-115.EL
XFree86-ISO8859-9-75dpi-fonts-0:4.1.0-78.EL
XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-115.EL
XFree86-Mesa-libGL-0:4.3.0-115.EL
XFree86-Mesa-libGLU-0:4.3.0-115.EL
XFree86-Xnest-0:4.1.0-78.EL
XFree86-Xnest-0:4.3.0-115.EL
XFree86-Xvfb-0:4.1.0-78.EL
XFree86-Xvfb-0:4.3.0-115.EL
XFree86-base-fonts-0:4.3.0-115.EL
XFree86-cyrillic-fonts-0:4.1.0-78.EL
XFree86-cyrillic-fonts-0:4.3.0-115.EL
XFree86-devel-0:4.1.0-78.EL
XFree86-devel-0:4.3.0-115.EL
XFree86-doc-0:4.1.0-78.EL
XFree86-doc-0:4.3.0-115.EL
XFree86-font-utils-0:4.3.0-115.EL
XFree86-libs-0:4.1.0-78.EL
XFree86-libs-0:4.3.0-115.EL
XFree86-libs-data-0:4.3.0-115.EL
XFree86-sdk-0:4.3.0-115.EL
XFree86-syriac-fonts-0:4.3.0-115.EL
XFree86-tools-0:4.1.0-78.EL
XFree86-tools-0:4.3.0-115.EL
XFree86-truetype-fonts-0:4.3.0-115.EL
XFree86-twm-0:4.1.0-78.EL
XFree86-twm-0:4.3.0-115.EL
XFree86-xauth-0:4.3.0-115.EL
XFree86-xdm-0:4.1.0-78.EL
XFree86-xdm-0:4.3.0-115.EL
XFree86-xf86cfg-0:4.1.0-78.EL
XFree86-xfs-0:4.1.0-78.EL
XFree86-xfs-0:4.3.0-115.EL
xorg-x11-0:6.8.2-1.EL.13.37.5
xorg-x11-Mesa-libGL-0:6.8.2-1.EL.13.37.5
xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.13.37.5
xorg-x11-Xdmx-0:6.8.2-1.EL.13.37.5
xorg-x11-Xnest-0:6.8.2-1.EL.13.37.5
xorg-x11-Xvfb-0:6.8.2-1.EL.13.37.5
xorg-x11-deprecated-libs-0:6.8.2-1.EL.13.37.5
xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.13.37.5
xorg-x11-devel-0:6.8.2-1.EL.13.37.5
xorg-x11-doc-0:6.8.2-1.EL.13.37.5
xorg-x11-font-utils-0:6.8.2-1.EL.13.37.5
xorg-x11-libs-0:6.8.2-1.EL.13.37.5
xorg-x11-sdk-0:6.8.2-1.EL.13.37.5
xorg-x11-tools-0:6.8.2-1.EL.13.37.5
xorg-x11-twm-0:6.8.2-1.EL.13.37.5
xorg-x11-xauth-0:6.8.2-1.EL.13.37.5
xorg-x11-xdm-0:6.8.2-1.EL.13.37.5
xorg-x11-xfs-0:6.8.2-1.EL.13.37.5

refmap via4

bid	21968
confirm	http://support.avaya.com/elmodocs2/security/ASA-2007-066.htm http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm https://issues.rpath.com/browse/RPL-920
debian	DSA-1249
gentoo	GLSA-200701-25
hp	HPSBUX02225 SSRT071295
idefense	20070109 Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability
mandriva	MDKSA-2007:005
mlist	[x-org announce] 20070109 X.Org Security Advisory: multiple integer overflows in dbe and render extensions
netbsd	NetBSD-SA2007-002
osvdb	32085
sectrack	1017495
secunia	23633 23670 23684 23689 23698 23705 23758 23789 23966 24168 24210 24247 24401 25802
slackware	SSA:2007-066-02
sunalert	102803
suse	SUSE-SA:2007:008
ubuntu	USN-403-1
vupen	ADV-2007-0108 ADV-2007-0109 ADV-2007-0589 ADV-2007-0669 ADV-2007-2233
xf	xorg-xserver-dbe-overflow(31376)

statements via4

contributor	Mark J Cox
lastmodified	2007-03-14
organization	Red Hat
statement	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Last major update

11-10-2017 - 01:31

Published

31-12-2006 - 05:00

Last modified

11-10-2017 - 01:31