Vulnerability CVE-2007-1352


Published: 2007-04-05   Modified: 2012-02-12

Description:
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

Type:

CWE-Other

Vendor: Slackware
Product: Slackware linux 
Version:
current
9.1
9.0
Vendor: Redhat
Product: Fedora core 
Version: core_1.0;
Product: Linux 
Version: 9.0;
Product: Enterprise linux desktop 
Version:
5.0
4.0
3.0
Product: Enterprise linux 
Version:
4.0
3.0
2.1
Product: Linux advanced workstation 
Version: 2.1;
Vendor: Ubuntu
Product: Ubuntu linux 
Version:
6.10
6.06_lts
5.10
4.1
Vendor: Openbsd
Product: Openbsd 
Version: 4.0; 3.9;
Vendor: Mandrakesoft
Product: Mandrake multi network firewall 
Version: 2.0;
Vendor: Turbolinux
Product: Turbolinux desktop 
Version: 10.0;
Vendor: X.org
Product: Libxfont 
Version: 1.2.2;
Vendor: Rpath
Product: Linux 
Version: 1;

CVSS2 => (AV:A/AC:M/Au:S/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.8/10
4.9/10
4.4/10
Exploit range
Attack complexity
Authentication
Adjacent network
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial

 References:
http://issues.foresightlinux.org/browse/FL-223
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=502
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
http://rhn.redhat.com/errata/RHSA-2007-0125.html
http://security.gentoo.org/glsa/glsa-200705-10.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm
http://www.debian.org/security/2007/dsa-1294
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
http://www.mandriva.com/security/advisories?name=MDKSA-2007:080
http://www.novell.com/linux/security/advisories/2007_27_x.html
http://www.openbsd.org/errata39.html#021_xorg
http://www.openbsd.org/errata40.html#011_xorg
http://www.redhat.com/support/errata/RHSA-2007-0126.html
http://www.redhat.com/support/errata/RHSA-2007-0132.html
http://www.securityfocus.com/archive/1/464686/100/0/threaded
http://www.securityfocus.com/archive/1/464816/100/0/threaded
http://www.securityfocus.com/bid/23283
http://www.securityfocus.com/bid/23300
http://www.securitytracker.com/id?1017857
http://www.ubuntu.com/usn/usn-448-1
http://www.vupen.com/english/advisories/2007/1217
http://www.vupen.com/english/advisories/2007/1548
https://exchange.xforce.ibmcloud.com/vulnerabilities/33419
https://issues.rpath.com/browse/RPL-1213
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10523
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13243

Related CVE
CVE-2008-4832
rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows local users to delete arbitrary files via a symlink attack on a directory under (1) /var/lock or (2) /var/run. NOTE: this issue exists because of a race condition in an incorrect fi...
CVE-2008-3138
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.
CVE-2008-3139
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.
CVE-2008-2139
The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not re-validate requests from a browser with a valid administrator session, including requests to change the password, which makes it easier for physically proximate attackers to gain p...
CVE-2008-2140
Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL.
CVE-2008-1078
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.
CVE-2007-5962
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a ...
CVE-2007-5686
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certa...

Copyright 2019, cxsecurity.com

 

Back to Top