exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2007-1351

Status Candidate

Overview

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

Related Files

Debian Linux Security Advisory 1454-1
Posted Jan 7, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1454-1 - Greg MacManus discovered an integer overflow in the font handling of libfreetype, a FreeType 2 font engine, which might lead to denial of service or possibly the execution of arbitrary code if a user is tricked into opening a malformed font.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2007-1351
SHA-256 | 3c6caa2944e02ca65c3e653bcaf92d5dda00f4c2edf646e7e2d0742c711ed1c0
Debian Linux Security Advisory 1294-1
Posted May 21, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1294-1 - Several vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667
SHA-256 | 041774f5d08c1a2248f7f5bfafc8394a37277b57085add582ddcb8a761ddaf62
Gentoo Linux Security Advisory 200705-10
Posted May 10, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200705-10 - The libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable(). TightVNC contains a local copy of this code and is also affected. Versions less than 1.2.9-r4 are affected.

tags | advisory, overflow, local
systems | linux, gentoo
advisories | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352
SHA-256 | 2fc25a79b7ffa81e21e6c4c5e2b22c388fa4a3033e765361858a4ee48158de8a
Gentoo Linux Security Advisory 200705-2
Posted May 3, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200705-02 - Greg MacManus of iDefense Labs has discovered an integer overflow in the function bdfReadCharacters() when parsing BDF fonts. Versions less than 2.1.10-r3 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2007-1351
SHA-256 | b8b78c0b16839c9d9ee86e8b2030072f94aa9dffa92ae1fd77a6499c2192ef60
Mandriva Linux Security Advisory 2007.080
Posted Apr 11, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server.

tags | advisory, overflow, arbitrary, local, root
systems | linux, mandriva
advisories | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352
SHA-256 | 3b1c1631f20743de09f36c1b9347ec5d750ad65a0831fd14b5f97665d3ee9d84
Mandriva Linux Security Advisory 2007.081
Posted Apr 11, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - iDefense integer overflows in the way freetype handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code.

tags | advisory, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2007-1351
SHA-256 | bc6cbfe05e8ed044092c8a0a2255e89e4673cf27af3a68a15c9ae33150f3e5da
Mandriva Linux Security Advisory 2007.081
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - iDefense integer overflows in the way freetype handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code.

tags | advisory, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2007-1351
SHA-256 | d4da0504bcad1dad21f7e27ad6722ecbd0d461fba5c492fe3ced6afa5497909a
Mandriva Linux Security Advisory 2007.080
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. TightVNC uses some of the same code base as Xorg, and has the same vulnerable code.

tags | advisory, overflow, arbitrary, local, root, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352
SHA-256 | 330fcb42f22893aed5d9dc72a5e4c07dd0445ff1c5c94024359d87760efc0e63
Mandriva Linux Security Advisory 2007.079
Posted Apr 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. Multiple integer overflows in the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow.

tags | advisory, remote, denial of service, overflow, arbitrary, local, root, vulnerability
systems | linux, mandriva
advisories | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667
SHA-256 | c68398453cdd0da008a82f8abe40ea08649a33cada1190cb14fbbabea9298e8f
iDEFENSE Security Advisory 2007-04-03.3
Posted Apr 5, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 04.03.07 - Local exploitation of an integer overflow vulnerability in multiple vendors' implementations of the X Window System server BDF font parsing component could allow execution of arbitrary commands with elevated privileges. The vulnerability specifically exists in the parsing of BDF fonts. When the X server encounters a specially crafted BDF font, an integer overflow occurs leading to a potentially exploitable heap overflow condition. iDefense has confirmed the existence of this vulnerability in X.Org X11R7.1. Older versions are suspected to be vulnerable. Additionally, it is reported that the freetype library is also vulnerable.

tags | advisory, overflow, arbitrary, local
advisories | CVE-2007-1351
SHA-256 | 5b3a3d520e2e2d171cccc8c7b16c74563a20141daff91279318106380bdda62d
Ubuntu Security Notice 448-1
Posted Apr 5, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 448-1 - Sean Larsson of iDefense Labs discovered that the MISC-XC extension of Xorg did not correctly verify the size of allocated memory. An authenticated user could send a specially crafted X11 request and execute arbitrary code with root privileges. Greg MacManus of iDefense Labs discovered that the BDF font handling code in Xorg and FreeType did not correctly verify the size of allocated memory. If a user were tricked into using a specially crafted font, a remote attacker could execute arbitrary code with root privileges.

tags | advisory, remote, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352
SHA-256 | db2d0709dc9ce1e0901c0f8411756dd6f54fb3dd1dd76b940a08a73e2da41185
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close