Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   XFree Vendors:   XFree86 Project
(OpenBSD Issues Fix) XFree86 Font Information File Buffer Overflow Lets Local Users Gain Root Privileges
SecurityTracker Alert ID:  1009072
SecurityTracker URL:
CVE Reference:   CVE-2004-0083   (Links to External Site)
Date:  Feb 16 2004
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to Release Candidate
Description:   iDEFENSE reported a buffer overflow vulnerability in XFree in the parsing of the 'font.alias' file. A local user can gain root privileges on the target system.

It is reported that the X server does not validate the length of user-supplied input from the 'font.alias' file. A local user can create a specially crafted file that will trigger a buffer overflow when the X server parses the file. Arbitrary code can be executed with root privileges, according to the report.

The flaw reportedly resides in the 'xc/lib/font/fontfile/dirfile.c' file in the ReadFontAlias() function, where user-supplied input may overflow a fixed length buffer of MAXFONTNAMELEN (1024) characters.

The original iDEFENSE advisory is available at:

The following notification timeline is provided:

February 3, 2004 Vendor notified
February 10, 2004 Public disclosure

Impact:   A local user can execute arbitrary code with root privileges.
Solution:   OpenBSD has issued a patch:

Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (OpenBSD)
Underlying OS Comments:  3.4

Message History:   This archive entry is a follow-up to the message listed below.
Feb 9 2004 XFree86 Font Information File Buffer Overflow Lets Local Users Gain Root Privileges

 Source Message Contents

Subject:  OpenBSD XFree86

 > RELIABILITY FIX: February 14, 2004
 > Several buffer overflows exist in the code parsing font.aliases files in XFree86. Thanks
 > to ProPolice, these cannot be exploited to gain privileges, but they can cause the X
 > server to abort.
 > A source code patch exists which remedies the problem.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC