SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   libXpm Vendors:   X.org
libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1011324
SecurityTracker URL:  http://securitytracker.com/id/1011324
CVE Reference:   CVE-2004-0687, CVE-2004-0688   (Links to External Site)
Updated:  May 23 2006
Original Entry Date:  Sep 16 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): X11 R6.8.0
Description:   Some vulnerabilities were reported in libXpm. A remote user may be able to execute arbitrary code on applications that use libXpm.

The vendor reported that there are some integer overflows [CVE: CVE-2004-0687] and stack overflows [CVE: CVE-2004-0688] in the libXpm X Pixmap library, shipped as part of the X Window System.

A stack overflow is reported in xpmParseColors() in 'parse.c' that can be triggered by a specially crafted XPMv1 and XPMv2/3 file. A demonstration exploit file is available at:

http://scary.beasts.org/misc/doom.xpm

A stack overflow is reported in the reading of pixel values in the ParseAndPutPixels() function in 'create.c' and in the ParsePixels() function in 'parse.c'. A demonstration exploit file is available at:

http://scary.beasts.org/misc/doom2.xpm

An integer overflow is reported in the colorTable allocation in xpmParseColors() in 'parse.c'. The XpmCreateImageFromXpmImage, CreateXImage, ParsePixels, ParseAndPutPixels, and ParsePixels are affected.

The vendor credits Chris Evans with reporting these flaws. The advisory from Chris Evans is available at:

http://scary.beasts.org/security/CESA-2004-003.txt

Impact:   A remote user can create a specially crafted image file that, when processed by an application using libXpm, will execute arbitrary code on the target system with the privileges of the target application.
Solution:   The vendor has released a fixed version (6.8.1), available at:

http://freedesktop.org/~xorg/X11R6.8.1/src/

The vendor has also released a patch for version 6.8.0, available at:

http://www.x.org/pub/X11R6.8.0/patches/xorg-CVE-2004-0687-0688.patch

Vendor URL:  www.x.org/pub/X11R6.8.0/patches/README.xorg-CVE-2004-0687-0688.patch (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 16 2004 (Mandrake Issues Fix) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
Mandrake has released a fix.
Sep 16 2004 (Mandrake Issues Fix for XFree) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
Mandrake has released a fix.
Sep 17 2004 (OpenBSD Issues Fix) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
OpenBSD has released a fix.
Sep 17 2004 (SuSE Issues Fix) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
SuSE has released a fix.
Sep 27 2004 (Gentoo Issues Fix) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
Gentoo has released a fix.
Sep 28 2004 (LessTif Issues Fix) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
A fix is available for LessTif, which is affected by the libXpm vulnerability.
Sep 29 2004 (IBM Issues Fix for AIX) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
IBM has issued a fix for AIX.
Oct 4 2004 (Red Hat Issues Fix for XFree86 on RHEL) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
Red Hat has released a fix for XFree86 for Red Hat Enterprise Linux 3.
Oct 7 2004 (Debian Issues Fix) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
Debian has released a fix.
Oct 9 2004 (Sun Issues Fix for JDS) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
Sun has issued a fix for Sun Java Desktop System (JDS), which is affected by the libXpm vulnerability.
Oct 11 2004 (Gentoo Issues Fix for LessTif) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
Gentoo has released a fix for LessTif, which is affected by the libXpm vulnerability.
Oct 11 2004 (Debian Issues Fix for XFree) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
Debian has released a fix for XFree86, which is affected by the libXpm vulnerability.
Oct 15 2004 (Red Hat Issues Fix for XFree86 on RHEL) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
Red Hat has released a fix for XFree86 on Red Hat Enterprise Linux 2.1.
Oct 16 2004 (Sun Issues Fix for Java Desktop System) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
Sun has issued a fix for Sun Java Desktop System.
Oct 16 2004 (Sun Issues T-Patches) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
Sun has issued a preliminary fix for Solaris 9.
Nov 5 2004 (Mandrake Issues Fix) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
Mandrake has released a fix.
Nov 12 2004 (HP Issues ERPs for Tru64) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
HP has issued a early release patches for the HP Tru64 UNIX Motif library.
Dec 2 2004 (ICS Issues Fix for Motif) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
ICS has issued a fix for Motif.
Dec 2 2004 (Red Hat Issues Fix for Open Motif) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
Red Hat has released a fix for Open Motif on Red Hat Enterprise Linux 2.1 and 3
Dec 8 2004 (Sun Issues Fix for Solaris) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
Sun has issued a fix for Sun Solaris 9.
Jan 13 2005 (Red Hat Issues Fix for LessTif) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
Red Hat has released a fix for LessTif.
Feb 16 2005 (Conectiva Issues Fix) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
Conectiva has released a fix.
May 3 2005 (Apple Issues Fix) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
Apple has released a fix for Mac OS X.
May 11 2005 (Sun Issues Additional Fix for Solaris) libXpm Integer and Stack Overflows May Let Remote Users Execute Arbitrary Code
Sun has added patches for Solaris 7.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC