| ID |
CVE-2007-4990
|
| Summary |
The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 7.5 (as of 15-10-2018 - 21:39) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-189 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| oval
via4
|
| accepted | 2013-04-29T04:14:53.412-04:00 | | class | vulnerability | | contributors | | name | Aharon Chernin | | organization | SCAP.com, LLC |
| name | Dragos Prisaca | | organization | G2, Inc. |
| | definition_extensions | | comment | The operating system installed on the system is Red Hat Enterprise Linux 3 | | oval | oval:org.mitre.oval:def:11782 |
| comment | CentOS Linux 3.x | | oval | oval:org.mitre.oval:def:16651 |
| comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | | oval | oval:org.mitre.oval:def:11831 |
| comment | CentOS Linux 4.x | | oval | oval:org.mitre.oval:def:16636 |
| comment | Oracle Linux 4.x | | oval | oval:org.mitre.oval:def:15990 |
| | description | The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. | | family | unix | | id | oval:org.mitre.oval:def:11599 | | status | accepted | | submitted | 2010-07-09T03:56:16-04:00 | | title | The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. | | version | 29 |
|
| redhat
via4
|
| advisories | | | rpms | - XFree86-0:4.1.0-86.EL
- XFree86-0:4.3.0-126.EL
- XFree86-100dpi-fonts-0:4.1.0-86.EL
- XFree86-100dpi-fonts-0:4.3.0-126.EL
- XFree86-75dpi-fonts-0:4.1.0-86.EL
- XFree86-75dpi-fonts-0:4.3.0-126.EL
- XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-126.EL
- XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-126.EL
- XFree86-ISO8859-15-100dpi-fonts-0:4.1.0-86.EL
- XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-126.EL
- XFree86-ISO8859-15-75dpi-fonts-0:4.1.0-86.EL
- XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-126.EL
- XFree86-ISO8859-2-100dpi-fonts-0:4.1.0-86.EL
- XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-126.EL
- XFree86-ISO8859-2-75dpi-fonts-0:4.1.0-86.EL
- XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-126.EL
- XFree86-ISO8859-9-100dpi-fonts-0:4.1.0-86.EL
- XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-126.EL
- XFree86-ISO8859-9-75dpi-fonts-0:4.1.0-86.EL
- XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-126.EL
- XFree86-Mesa-libGL-0:4.3.0-126.EL
- XFree86-Mesa-libGLU-0:4.3.0-126.EL
- XFree86-Xnest-0:4.1.0-86.EL
- XFree86-Xnest-0:4.3.0-126.EL
- XFree86-Xvfb-0:4.1.0-86.EL
- XFree86-Xvfb-0:4.3.0-126.EL
- XFree86-base-fonts-0:4.3.0-126.EL
- XFree86-cyrillic-fonts-0:4.1.0-86.EL
- XFree86-cyrillic-fonts-0:4.3.0-126.EL
- XFree86-devel-0:4.1.0-86.EL
- XFree86-devel-0:4.3.0-126.EL
- XFree86-doc-0:4.1.0-86.EL
- XFree86-doc-0:4.3.0-126.EL
- XFree86-font-utils-0:4.3.0-126.EL
- XFree86-libs-0:4.1.0-86.EL
- XFree86-libs-0:4.3.0-126.EL
- XFree86-libs-data-0:4.3.0-126.EL
- XFree86-sdk-0:4.3.0-126.EL
- XFree86-syriac-fonts-0:4.3.0-126.EL
- XFree86-tools-0:4.1.0-86.EL
- XFree86-tools-0:4.3.0-126.EL
- XFree86-truetype-fonts-0:4.3.0-126.EL
- XFree86-twm-0:4.1.0-86.EL
- XFree86-twm-0:4.3.0-126.EL
- XFree86-xauth-0:4.3.0-126.EL
- XFree86-xdm-0:4.1.0-86.EL
- XFree86-xdm-0:4.3.0-126.EL
- XFree86-xf86cfg-0:4.1.0-86.EL
- XFree86-xfs-0:4.1.0-86.EL
- XFree86-xfs-0:4.3.0-126.EL
- xorg-x11-0:6.8.2-1.EL.33.0.2
- xorg-x11-Mesa-libGL-0:6.8.2-1.EL.33.0.2
- xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.33.0.2
- xorg-x11-Xdmx-0:6.8.2-1.EL.33.0.2
- xorg-x11-Xnest-0:6.8.2-1.EL.33.0.2
- xorg-x11-Xvfb-0:6.8.2-1.EL.33.0.2
- xorg-x11-deprecated-libs-0:6.8.2-1.EL.33.0.2
- xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.33.0.2
- xorg-x11-devel-0:6.8.2-1.EL.33.0.2
- xorg-x11-doc-0:6.8.2-1.EL.33.0.2
- xorg-x11-font-utils-0:6.8.2-1.EL.33.0.2
- xorg-x11-libs-0:6.8.2-1.EL.33.0.2
- xorg-x11-sdk-0:6.8.2-1.EL.33.0.2
- xorg-x11-tools-0:6.8.2-1.EL.33.0.2
- xorg-x11-twm-0:6.8.2-1.EL.33.0.2
- xorg-x11-xauth-0:6.8.2-1.EL.33.0.2
- xorg-x11-xdm-0:6.8.2-1.EL.33.0.2
- xorg-x11-xfs-0:6.8.2-1.EL.33.0.2
|
|
| refmap
via4
|
| apple | APPLE-SA-2008-03-18 | | bid | 25898 | | bugtraq | 20071003 rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs | | confirm | | | fedora | FEDORA-2007-4263 | | gentoo | GLSA-200710-11 | | hp | | | idefense | 20071002 Multiple Vendor X Font Server Multiple Vulnerabilities | | mandriva | MDKSA-2007:210 | | mlist | [xorg-announce] 20071002 [ANNOUNCE] X.Org security advisory: multiple vulnerabilities in X font server | | sectrack | 1018763 | | secunia | - 27040
- 27052
- 27060
- 27176
- 27228
- 27240
- 27560
- 28004
- 28514
- 28536
- 28542
- 29420
| | sunalert | | | suse | SUSE-SA:2007:054 | | vupen | - ADV-2007-3337
- ADV-2007-3338
- ADV-2007-3467
- ADV-2008-0149
- ADV-2008-0924
| | xf | xfs-queryxbitmaps-queryxextents-bo(36920) |
|
| statements
via4
|
| contributor | Mark J Cox | | lastmodified | 2007-10-08 | | organization | Red Hat | | statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4990
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. |
|
| Last major update |
15-10-2018 - 21:39 |
| Published |
05-10-2007 - 21:17 |
| Last modified |
15-10-2018 - 21:39 |
