Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0084

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0084
Last Modified 21 Aug 2010 12:19:32
Published 03 Mar 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0084

Summary

Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.

Vulnerable Systems

Operating System

  • Openbsd 3.3

  • Openbsd 3.4

Application

  • Xfree86 Project X11r6 4.1.0

  • Xfree86 Project X11r6 4.1.11

  • Xfree86 Project X11r6 4.1.12

  • Xfree86 Project X11r6 4.2.0

  • Xfree86 Project X11r6 4.2.1

  • Xfree86 Project X11r6 4.3.0


References

CERT-VN - VU#667502

BID - 9652

REDHAT - RHSA-2004:061

REDHAT - RHSA-2004:060

XF - xfree86-copyisolatin1lLowered-bo(15200)

SLACKWARE - SSA:2004-043

REDHAT - RHSA-2004:059

SUSE - SuSE-SA:2004:006

MISC - http://www.idefense.com/application/poi/display?id=73

DEBIAN - DSA-443

FEDORA - FLSA:2314

CONECTIVA - CLA-2004:821

MANDRAKE - MDKSA-2004:012

SUNALERT - 57768

BUGTRAQ - 20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II


Last Updated: 27 May 2016 10:38:28