Podatność CVE-2011-2895
Publikacja: 2011-08-19   Modyfikacja: 2012-02-13

Opis:
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
9.3/10
10/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny
Affected software
X -> Libxfont 
Openbsd -> Openbsd 
Netbsd -> Netbsd 
Freetype -> Freetype 
Freebsd -> Freebsd 

 Referencje:
https://bugzilla.redhat.com/show_bug.cgi?id=725760
http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html
http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html
http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0
https://support.apple.com/HT205641
https://support.apple.com/HT205640
https://support.apple.com/HT205637
https://support.apple.com/HT205635
https://bugzilla.redhat.com/show_bug.cgi?id=727624
http://xforce.iss.net/xforce/xfdb/69141
http://www.ubuntu.com/usn/USN-1191-1
http://www.securityfocus.com/bid/49124
http://www.redhat.com/support/errata/RHSA-2011-1834.html
http://www.redhat.com/support/errata/RHSA-2011-1161.html
http://www.redhat.com/support/errata/RHSA-2011-1155.html
http://www.redhat.com/support/errata/RHSA-2011-1154.html
http://www.openwall.com/lists/oss-security/2011/08/10/10
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17
http://www.mandriva.com/security/advisories?name=MDVSA-2011:153
http://www.debian.org/security/2011/dsa-2293
http://support.apple.com/kb/HT5281
http://support.apple.com/kb/HT5130
http://securitytracker.com/id?1025920
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html
http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html
http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc
Copyright 2024, cxsecurity.com

 

Back to Top