XFree86 Additional Font Information File Buffer Overflows Let Local Users Gain Root Privileges
|
|
SecurityTracker Alert ID: 1009046 |
|
SecurityTracker URL: http://securitytracker.com/id/1009046
|
|
CVE Reference:
CAN-2004-0106
(Links to External Site)
|
Updated: Feb 16 2004
|
Original Entry Date: Feb 14 2004
|
Impact:
Execution of arbitrary code via local system, Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 4.3.99.903 Release Candidate
|
Description:
Some additional buffer overflow vulnerabilities were reported in XFree86. A local user can gain root privileges on the target system.
It is reported that David Dawes discovered additional vulnerabilities in XFree86, in addition to the ones previously reported in Alert ID 1008991 [CVE: CAN-2004-0083] and Alert ID 1009031 [CVE: AN-2004-0084]. The flaws appear to reside in 'encparse.c' and 'fontfile.c' and relate to the processing of font file paths.
|
Impact:
A local user can execute arbitrary code with root privileges.
|
Solution:
A patch is available at:
ftp://ftp.xfree86.org/pub/XFree86/4.3.0/fixes/fontfile.diff
A fix is available at:
ftp://ftp.xfree86.org/pub/XFree86/develsnaps/XFree86-4.3.99.903.tar.bz2
|
Vendor URL: www.xfree86.org/security/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Sat, 14 Feb 2004 00:30:53 -0500
Subject: CAN-2004-0106
|
CAN-2004-0106
It is reported that David Dawes discovered additional vulnerabilities (in addition to the
ones reported by iDEFENSE in CAN-2004-0083 and CAN-2004-0084) in XFree86 in the process of
font file paths.
The flaws appear to reside in 'encparse.c' and 'fontfile.c'.
A fix is available at:
ftp://ftp.xfree86.org/pub/XFree86/4.3.0/fixes/fontfile.diff
|
|
