SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   XFree Vendors:   XFree86 Project
(OpenBSD Issues Fix) XFree86 Font Information File CopyISOLatin1Lowered() Buffer Overflow Lets Local Users Gain Root Privileges
SecurityTracker Alert ID:  1009071
SecurityTracker URL:  http://securitytracker.com/id/1009071
CVE Reference:   CVE-2004-0084   (Links to External Site)
Date:  Feb 16 2004
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Confirmed in 4.1.0 - 4.3.0; Prior to 4.3.99.903 Release Candidate
Description:   iDEFENSE reported another buffer overflow vulnerability in XFree in the parsing of the 'font.alias' file, this time residing in the CopyISOLatin1Lowered() function. A local user can gain root privileges on the target system.

It is reported that when the ReadFontAlias() function parses a 'font.alias' file, user-supplied input may overflow a fixed length buffer of MAXFONTNAMELEN*2 (2048) characters. The flaw reportedly resides in the processing of the 'font_name' buffer in the CopyISOLatin1Lowered() function.

A local user can create a specially crafted file that will trigger a buffer overflow when the X server parses the file. Arbitrary code can be executed with root privileges, according to the report.

The vendor was reportedly notified on February 9, 2004.

The original advisory is available at:

http://www.idefense.com/application/poi/display?id=73

[Editor's note: This flaw is related to but separate from the XFree86 font file vulnerability recently reported in Alert ID 1008991.]

Impact:   A local user can execute arbitrary code with root privileges.
Solution:   OpenBSD has issued a patch:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/012_font.patch

Vendor URL:  www.xfree86.org/security (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (OpenBSD)
Underlying OS Comments:  3.4

Message History:   This archive entry is a follow-up to the message listed below.
Feb 12 2004 XFree86 Font Information File CopyISOLatin1Lowered() Buffer Overflow Lets Local Users Gain Root Privileges



 Source Message Contents

Subject:  OpenBSD XFree86


 > RELIABILITY FIX: February 14, 2004
 > Several buffer overflows exist in the code parsing font.aliases files in XFree86. Thanks
 > to ProPolice, these cannot be exploited to gain privileges, but they can cause the X
 > server to abort.
 > A source code patch exists which remedies the problem.

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/012_font.patch

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC