SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   XFree Vendors:   XFree86 Project
(OpenBSD Issues Fix) XFree86 Additional Font Information File Buffer Overflows Let Local Users Gain Root Privileges
SecurityTracker Alert ID:  1009070
SecurityTracker URL:  http://securitytracker.com/id/1009070
CVE Reference:   CVE-2004-0106   (Links to External Site)
Date:  Feb 16 2004
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 4.3.99.903 Release Candidate
Description:   Some additional buffer overflow vulnerabilities were reported in XFree86. A local user can gain root privileges on the target system.

It is reported that David Dawes discovered additional vulnerabilities in XFree86, in addition to the ones previously reported in Alert ID 1008991 [CVE: CVE-2004-0083] and Alert ID 1009031 [CVE: AN-2004-0084]. The flaws appear to reside in 'encparse.c' and 'fontfile.c' and relate to the processing of font file paths.

Impact:   A local user can execute arbitrary code with root privileges.
Solution:   OpenBSD has issued a patch:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/012_font.patch

Vendor URL:  www.xfree86.org/security/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (OpenBSD)
Underlying OS Comments:  3.4

Message History:   This archive entry is a follow-up to the message listed below.
Feb 14 2004 XFree86 Additional Font Information File Buffer Overflows Let Local Users Gain Root Privileges



 Source Message Contents

Subject:  OpenBSD XFree86


 > RELIABILITY FIX: February 14, 2004
 > Several buffer overflows exist in the code parsing font.aliases files in XFree86. Thanks
 > to ProPolice, these cannot be exploited to gain privileges, but they can cause the X
 > server to abort.
 > A source code patch exists which remedies the problem.

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/012_font.patch

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC