ID CVE-2013-4396
Summary Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. Per: https://bugzilla.redhat.com/show_bug.cgi?id=1014561 "' A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges.'
References
Vulnerable Configurations
  • cpe:2.3:a:x:x.org_x11:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:6.3:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:6.4:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:6.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:6.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:6.6:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:6.7:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:6.8:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:6.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:6.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:6.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:6.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:6.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:6.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:7.2:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:7.3:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:7.4:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:7.5:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:7.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:7.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:7.6:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:7.6:rc1:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:7.6:rc1:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:7.7:*:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:x:x.org_x11:7.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:x:x.org_x11:7.7:rc1:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 28-11-2016 - 19:09)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 1014561
title CVE-2013-4396 xorg-x11-server: use-after-free flaw when handling ImageText requests
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment xorg-x11-server-Xdmx is earlier than 0:1.13.0-11.1.el6_4.2
          oval oval:com.redhat.rhsa:tst:20131426001
        • comment xorg-x11-server-Xdmx is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376182
      • AND
        • comment xorg-x11-server-Xephyr is earlier than 0:1.13.0-11.1.el6_4.2
          oval oval:com.redhat.rhsa:tst:20131426003
        • comment xorg-x11-server-Xephyr is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376184
      • AND
        • comment xorg-x11-server-Xnest is earlier than 0:1.13.0-11.1.el6_4.2
          oval oval:com.redhat.rhsa:tst:20131426005
        • comment xorg-x11-server-Xnest is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376186
      • AND
        • comment xorg-x11-server-Xorg is earlier than 0:1.13.0-11.1.el6_4.2
          oval oval:com.redhat.rhsa:tst:20131426007
        • comment xorg-x11-server-Xorg is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376188
      • AND
        • comment xorg-x11-server-Xvfb is earlier than 0:1.13.0-11.1.el6_4.2
          oval oval:com.redhat.rhsa:tst:20131426009
        • comment xorg-x11-server-Xvfb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376190
      • AND
        • comment xorg-x11-server-common is earlier than 0:1.13.0-11.1.el6_4.2
          oval oval:com.redhat.rhsa:tst:20131426011
        • comment xorg-x11-server-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376192
      • AND
        • comment xorg-x11-server-devel is earlier than 0:1.13.0-11.1.el6_4.2
          oval oval:com.redhat.rhsa:tst:20131426013
        • comment xorg-x11-server-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376194
      • AND
        • comment xorg-x11-server-source is earlier than 0:1.13.0-11.1.el6_4.2
          oval oval:com.redhat.rhsa:tst:20131426015
        • comment xorg-x11-server-source is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376196
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • comment xorg-x11-server-Xdmx is earlier than 0:1.1.1-48.101.el5_10.1
          oval oval:com.redhat.rhsa:tst:20131426018
        • comment xorg-x11-server-Xdmx is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127002
      • AND
        • comment xorg-x11-server-Xephyr is earlier than 0:1.1.1-48.101.el5_10.1
          oval oval:com.redhat.rhsa:tst:20131426020
        • comment xorg-x11-server-Xephyr is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127004
      • AND
        • comment xorg-x11-server-Xnest is earlier than 0:1.1.1-48.101.el5_10.1
          oval oval:com.redhat.rhsa:tst:20131426022
        • comment xorg-x11-server-Xnest is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127006
      • AND
        • comment xorg-x11-server-Xorg is earlier than 0:1.1.1-48.101.el5_10.1
          oval oval:com.redhat.rhsa:tst:20131426024
        • comment xorg-x11-server-Xorg is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127008
      • AND
        • comment xorg-x11-server-Xvfb is earlier than 0:1.1.1-48.101.el5_10.1
          oval oval:com.redhat.rhsa:tst:20131426026
        • comment xorg-x11-server-Xvfb is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127010
      • AND
        • comment xorg-x11-server-Xvnc-source is earlier than 0:1.1.1-48.101.el5_10.1
          oval oval:com.redhat.rhsa:tst:20131426028
        • comment xorg-x11-server-Xvnc-source is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100382012
      • AND
        • comment xorg-x11-server-sdk is earlier than 0:1.1.1-48.101.el5_10.1
          oval oval:com.redhat.rhsa:tst:20131426030
        • comment xorg-x11-server-sdk is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070127012
rhsa
id RHSA-2013:1426
released 2013-10-15
severity Important
title RHSA-2013:1426: xorg-x11-server security update (Important)
rpms
  • xorg-x11-server-Xdmx-0:1.1.1-48.101.el5_10.1
  • xorg-x11-server-Xdmx-0:1.13.0-11.1.el6_4.2
  • xorg-x11-server-Xephyr-0:1.1.1-48.101.el5_10.1
  • xorg-x11-server-Xephyr-0:1.13.0-11.1.el6_4.2
  • xorg-x11-server-Xnest-0:1.1.1-48.101.el5_10.1
  • xorg-x11-server-Xnest-0:1.13.0-11.1.el6_4.2
  • xorg-x11-server-Xorg-0:1.1.1-48.101.el5_10.1
  • xorg-x11-server-Xorg-0:1.13.0-11.1.el6_4.2
  • xorg-x11-server-Xvfb-0:1.1.1-48.101.el5_10.1
  • xorg-x11-server-Xvfb-0:1.13.0-11.1.el6_4.2
  • xorg-x11-server-Xvnc-source-0:1.1.1-48.101.el5_10.1
  • xorg-x11-server-common-0:1.13.0-11.1.el6_4.2
  • xorg-x11-server-debuginfo-0:1.1.1-48.101.el5_10.1
  • xorg-x11-server-debuginfo-0:1.13.0-11.1.el6_4.2
  • xorg-x11-server-devel-0:1.13.0-11.1.el6_4.2
  • xorg-x11-server-sdk-0:1.1.1-48.101.el5_10.1
  • xorg-x11-server-source-0:1.13.0-11.1.el6_4.2
refmap via4
bid 62892
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1014561
debian DSA-2784
mlist
  • [oss-security] 20131008 Fwd: X.Org security advisory: CVE-2013-4396: Use after free in Xserver handling of ImageText requests
  • [xorg-announce] 20131008 X.Org security advisory: CVE-2013-4396: Use after free in Xserver handling of ImageText requests
suse
  • openSUSE-SU-2013:1610
  • openSUSE-SU-2013:1614
ubuntu USN-1990-1
Last major update 28-11-2016 - 19:09
Published 10-10-2013 - 10:55
Last modified 28-11-2016 - 19:09
Back to Top