Info

Disclosure

Feb 11, 2004

Discovery

Unknown

Dates

Exploit

Apr 01, 2004

Solution

Unknown

Description

A local overflow exists in XFree86. The 'ReadFontAlias()' function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, XFree86 Project has released a patch to address this vulnerability.

Products

XFree86 Project, Inc.	XFree86	4.3.0
		4.2.x
		4.1.x

References

Security Tracker: 1008991
Secunia Advisory ID: 10824 10922 12080 12196
ISS X-Force ID: 15130
CVE ID: 2004-0083 (see also: NVD)
SCIP VulDB ID: 510
Related OSVDB ID: 8341
Bugtraq ID: 9636
Vendor Specific Advisory URL: ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.3/SCOSA-2004.3.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.2/SCOSA-2004.2.txt http://forums.gentoo.org/viewtopic.php?t=135482
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
http://support.avaya.com/elmodocs2/security/ASA-2005-113_SUN-4-21-2005.pdf
http://www.linuxsecurity.com/advisories/immunix_advisory-4020.html
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:012
http://www.securityfocus.com/advisories/6676
http://www.suse.de/de/security/2004_06_xf86.html
http://www.turbolinux.com/security/2004/TLSA-2004-5.txt
Vendor Specific Solution URL: ftp://ftp.xfree86.org/pub/XFree86/4.3.0/fixes/fontfile.diff
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0481.html
Packet Storm: http://packetstormsecurity.nl/0402-advisories/02.10.04.txt
Other Advisory URL: http://www.idefense.com/application/poi/display?id=72&type=vulnerabilities
http://www.slackware.com/lists/archive/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
CIAC Advisory: o-081
RedHat RHSA: RHSA-2004:061

Credit

Greg MacManus - iDEFENSE Labs

Direct URL: http://osvdb.org/3905

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

XFree86 Project, Inc.

XFree86

References

Credit