[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-0006

Date: (C)2008-01-18   (M)2017-10-04
 
CVSS Score: 7.5Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.

Reference:
SECTRACK-1019232
SUNALERT-103192
http://www.securityfocus.com/archive/1/archive/1/487335/100/0/threaded
SUNALERT-201230
BID-27336
BID-27352
SECUNIA-28273
SECUNIA-28500
SECUNIA-28532
SECUNIA-28535
SECUNIA-28536
SECUNIA-28540
SECUNIA-28542
SECUNIA-28544
SECUNIA-28550
SECUNIA-28571
SECUNIA-28592
SECUNIA-28621
SECUNIA-28718
SECUNIA-28843
SECUNIA-28885
SECUNIA-28941
SECUNIA-29139
SECUNIA-29420
SECUNIA-29622
SECUNIA-29707
SECUNIA-30161
SECUNIA-32545
ADV-2008-0179
ADV-2008-0184
ADV-2008-0497
ADV-2008-0703
ADV-2008-0924
ADV-2008-3000
APPLE-SA-2008-03-18
FEDORA-2008-0760
FEDORA-2008-0794
FEDORA-2008-0831
FEDORA-2008-0891
GLSA-200801-09
GLSA-200804-05
GLSA-200805-07
HPSBUX02381
JVN#88935101
JVNDB-2008-001043
MDVSA-2008:021
MDVSA-2008:022
MDVSA-2008:024
RHSA-2008:0029
RHSA-2008:0030
RHSA-2008:0064
SSRT080083
SUSE-SA:2008:003
SUSE-SR:2008:008
USN-571-1
http://www.openbsd.org/errata41.html#012_xorg
http://www.openbsd.org/errata42.html#006_xorg
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html
http://bugs.gentoo.org/show_bug.cgi?id=204362
http://docs.info.apple.com/article.html?artnum=307562
http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm
http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=428044
https://issues.rpath.com/browse/RPL-2010
xorg-pcffont-bo(39767)

CPE    2
cpe:/a:sun:solaris_libfont
cpe:/a:sun:solaris_libxfont
CWE    1
CWE-119
OVAL    2
oval:org.mitre.oval:def:8106
oval:org.secpod.oval:def:301361

© 2013 SecPod Technologies