Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3739

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-3739
Last Modified 07 Mar 2011 09:39:22
Published 12 Sep 2006 09:07:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-3739

Summary

Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.

Vulnerable Systems

Application

  • X.org 6.8.2

  • Xfree86 Project Xfree86 X


References

REDHAT - RHSA-2006:0666

REDHAT - RHSA-2006:0665

IDEFENSE - 20060912 Multiple Vendor X Server CID-keyed Fonts 'CIDAFM()' Integer Overflow Vulnerability

VUPEN - ADV-2007-1171

VUPEN - ADV-2007-0322

VUPEN - ADV-2006-3582

VUPEN - ADV-2006-3581

CONFIRM - https://issues.rpath.com/browse/RPL-614

XF - xorg-server-cidafm-overflow(28899)

CONFIRM - http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html

UBUNTU - USN-344-1

BID - 19974

BUGTRAQ - 20070330 VMSA-2007-0002 VMware ESX security updates

BUGTRAQ - 20060912 rPSA-2006-0167-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs

SUSE - SUSE-SR:2006:023

MANDRIVA - MDKSA-2006:164

DEBIAN - DSA-1193

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm

SUNALERT - 102780

SUNALERT - 102714

SECTRACK - 1016828

GENTOO - GLSA-200609-07

SECUNIA - 24636

SECUNIA - 23899

SECUNIA - 23033

SECUNIA - 22560

SECUNIA - 22332

SECUNIA - 22141

SECUNIA - 22080

SECUNIA - 21924

SECUNIA - 21908

SECUNIA - 21904

SECUNIA - 21900

SECUNIA - 21894

SECUNIA - 21890

SECUNIA - 21889

SECUNIA - 21864


Last Updated: 27 May 2016 10:43:06