SecurityTracker.com Archives - X11 Overflows Let Local Users Gain Root Privileges

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > X

Vendors: X.org

X11 Overflows Let Local Users Gain Root Privileges

SecurityTracker Alert ID: 1017857

SecurityTracker URL: http://securitytracker.com/id?1017857

CVE Reference: CVE-2007-1003 , CVE-2007-1351 , CVE-2007-1352 (Links to External Site)

Date: Apr 3 2007

Impact: Execution of arbitrary code via local system, Root access via local system, User access via local system

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 7.2 and prior versions

Description: Several vulnerabilities were reported in X. A local user can obtain elevated privileges on the target system.

A local user can trigger an integer overflow in the processing of BDF fonts to execute arbitrary code on the target system with root privileges [CVE-2007-1351].

A local user can trigger an integer overflow in 'fonts.dir' to execute arbitrary code on the target system with root privileges [CVE-2007-1352].

A local user can trigger an integer overflow in the XC-MISC extension to execute arbitrary code on the target system with root privileges [CVE-2007-1003].

Sean Larsson of iDefense Labs discovered the XC-MISC extension vulnerability. iDefense reported the other two vulnerabilities.

Impact: A local user can obtain root privileges on the target system.

Solution: The vendor has issued a patch for 7.2.

[Editor's note: The vendor's patch and security advisory were not available at the time of this entry.]

Vendor URL: wiki.x.org/wiki/Development/Security?action=show&redirect=SecurityPage (Links to External Site)

Cause: Boundary error

Underlying OS: Linux (Any), UNIX (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

Apr 3 2007	(Red Hat Issues Fix) X11 Overflows Let Local Users Gain Root Privileges (bugzilla@redhat.com) Red Hat has released a fix for Red Hat Enterprise Linux 4.
Apr 3 2007	(Red Hat Issues Fix) X11 Overflows Let Local Users Gain Root Privileges (bugzilla@redhat.com) Red Hat has released a fix for CVE-2007-1003 on Red Hat Enterprise Linux 5.
Apr 3 2007	(Red Hat Issues Fix for libXfont ) X11 Overflows Let Local Users Gain Root Privileges (bugzilla@redhat.com) Red Hat has released a fix for libXfont on Red Hat Enterprise Linux 5.
Apr 4 2007	(Red Hat Issues Fix for XFree86) X11 Overflows Let Local Users Gain Root Privileges (bugzilla@redhat.com) Red Hat has released a fix for XFree86 on Red Hat Enterprise Linux 2.1 and 3.
Apr 5 2007	(OpenBSD Issues Fix) X11 Overflows Let Local Users Gain Root Privileges OpenBSD has issued a fix for OpenBSD 3.9 and 4.0.
Apr 16 2007	(Red Hat Issues Fix for FreeType) X11 Overflows Let Local Users Gain Root Privileges (bugzilla@redhat.com) Red Hat has released a fix for FreeType on Red Hat Enterprise Linux 3, 4, and 5.
Apr 26 2007	(Sun Issues Fix) X11 Overflows Let Local Users Gain Root Privileges Sun has issued a fix for Solaris 8 and 9. A fix for Solaris 10 is pending.

Source Message Contents

Date: Tue, 3 Apr 2007 16:50:19 -0400
Subject: X

 
 
http://wiki.x.org/wiki/Development/Security?action=show&redirect=SecurityPage
 
April 3, 2007 - CVE-2007-1003 CVE-2007-1351 CVE-2007-1352 CVE-2007-1352: Lack of 
validation of parameters passed to the X server and libX11 by client application can 
lead to various kinds of integer overflows or stack overflows that can be used to 
overwrite data in the X server memory.

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2007, SecurityGlobal.net LLC