Podatność CVE-2007-1351


Publikacja: 2007-04-05   Modyfikacja: 2012-02-12

Opis:
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

Typ:

CWE-189

(Numeric Errors)

CVSS2 => (AV:N/AC:M/Au:S/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
8.5/10
10/10
6.8/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Jednorazowa
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny
Affected software
Xfree86 project -> X11r6 
X.org -> Libxfont 
Ubuntu -> Ubuntu linux 
Rpath -> Rpath linux 
Redhat -> Enterprise linux 
Redhat -> Enterprise linux desktop 
Redhat -> Linux advanced workstation 
Openbsd -> Openbsd 
Mandrakesoft -> Mandrake multi network firewall 

 Referencje:
http://issues.foresightlinux.org/browse/FL-223
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
http://rhn.redhat.com/errata/RHSA-2007-0125.html
http://security.gentoo.org/glsa/glsa-200705-02.xml
http://security.gentoo.org/glsa/glsa-200705-10.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.626733
http://sourceforge.net/project/shownotes.php?group_id=3157&release_id=498954
http://sourceforge.net/project/shownotes.php?release_id=498954
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm
http://support.avaya.com/elmodocs2/security/ASA-2007-193.htm
http://www.debian.org/security/2007/dsa-1294
http://www.debian.org/security/2008/dsa-1454
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
http://www.mandriva.com/security/advisories?name=MDKSA-2007:080
http://www.mandriva.com/security/advisories?name=MDKSA-2007:081
http://www.novell.com/linux/security/advisories/2007_27_x.html
http://www.novell.com/linux/security/advisories/2007_6_sr.html
http://www.openbsd.org/errata39.html#021_xorg
http://www.openbsd.org/errata40.html#011_xorg
http://www.redhat.com/support/errata/RHSA-2007-0126.html
http://www.redhat.com/support/errata/RHSA-2007-0132.html
http://www.redhat.com/support/errata/RHSA-2007-0150.html
http://www.securityfocus.com/archive/1/464686/100/0/threaded
http://www.securityfocus.com/archive/1/464816/100/0/threaded
http://www.securityfocus.com/bid/23283
http://www.securityfocus.com/bid/23300
http://www.securityfocus.com/bid/23402
http://www.securitytracker.com/id?1017857
http://www.trustix.org/errata/2007/0013/
http://www.ubuntu.com/usn/usn-448-1
http://www.vupen.com/english/advisories/2007/1217
http://www.vupen.com/english/advisories/2007/1264
http://www.vupen.com/english/advisories/2007/1548
https://exchange.xforce.ibmcloud.com/vulnerabilities/33417
https://issues.rpath.com/browse/RPL-1213
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11266
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1810

Copyright 2024, cxsecurity.com

 

Back to Top