Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0914

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0914
Last Modified 21 Aug 2010 12:00:00
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0914

Summary

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

Vulnerable Systems

Operating System

  • Gentoo Linux

  • Redhat Fedora Core Core 2.0

  • Redhat Fedora Core Core 3.0

  • Suse Linux 1.0

  • Suse Linux 8

  • Suse Linux 8.1

  • Suse Linux 8.2

  • Suse Linux 9.0

  • Suse Linux 9.1

  • Suse Linux 9.2

Application

  • Lesstif 0.93

  • Lesstif 0.93.12

  • Lesstif 0.93.18

  • Lesstif 0.93.34

  • Lesstif 0.93.36

  • Lesstif 0.93.40

  • Lesstif 0.93.91

  • Lesstif 0.93.94

  • Lesstif 0.93.96

  • X.org X11r6 6.7.0

  • X.org X11r6 6.8

  • X.org X11r6 6.8.1

  • Xfree86 Project X11r6 3.3

  • Xfree86 Project X11r6 3.3.2

  • Xfree86 Project X11r6 3.3.3

  • Xfree86 Project X11r6 3.3.4

  • Xfree86 Project X11r6 3.3.5

  • Xfree86 Project X11r6 3.3.6

  • Xfree86 Project X11r6 4.0

  • Xfree86 Project X11r6 4.0.1

  • Xfree86 Project X11r6 4.0.2.11

  • Xfree86 Project X11r6 4.0.3

  • Xfree86 Project X11r6 4.1.0

  • Xfree86 Project X11r6 4.1.11

  • Xfree86 Project X11r6 4.1.12

  • Xfree86 Project X11r6 4.2.0

  • Xfree86 Project X11r6 4.2.1

  • Xfree86 Project X11r6 4.3.0


References

BID - 11694

GENTOO - GLSA-200411-28

DEBIAN - DSA-607

XF - libxpm-dos(18147)

XF - libxpm-directory-traversal(18146):

XF - libxpm-command-execution(18145):

XF - libxpm-improper-memory-access(18144):

XF - libxpm-image-bo(18142):

HP - HPSBTU01228

CONFIRM - http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch

UBUNTU - USN-83-2

UBUNTU - USN-83-1

REDHAT - RHSA-2005:004

REDHAT - RHSA-2004:610

FEDORA - FLSA-2006:152803

MANDRAKE - MDKSA-2004:137

FEDORA - FEDORA-2004-433

GENTOO - GLSA-200502-07

GENTOO - GLSA-200502-06

SECUNIA - 13224

REDHAT - RHSA-2004:537


Last Updated: 27 May 2016 10:38:48