Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4990

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4990
Last Modified 07 Mar 2011 09:59:52
Published 05 Oct 2007 05:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4990

Summary

The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

Vulnerable Systems

Application

  • X.org X Font Server 1.0.4


References

VUPEN - ADV-2008-0924

VUPEN - ADV-2008-0149

VUPEN - ADV-2007-3467

VUPEN - ADV-2007-3338

VUPEN - ADV-2007-3337

MLIST - [xorg-announce] 20071002 [ANNOUNCE] X.Org security advisory: multiple vulnerabilities in X font server

IDEFENSE - 20071002 Multiple Vendor X Font Server Multiple Vulnerabilities

HP - SSRT071468

FEDORA - FEDORA-2007-4263

CONFIRM - https://issues.rpath.com/browse/RPL-1756

XF - xfs-queryxbitmaps-queryxextents-bo(36920)

SECTRACK - 1018763

BID - 25898

BUGTRAQ - 20071003 rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs

REDHAT - RHSA-2008:0030

REDHAT - RHSA-2008:0029

SUSE - SUSE-SA:2007:054

MANDRIVA - MDKSA-2007:210

SUNALERT - 200642

SUNALERT - 103114

GENTOO - GLSA-200710-11

SECUNIA - 29420

SECUNIA - 28542

SECUNIA - 28536

SECUNIA - 28514

SECUNIA - 28004

SECUNIA - 27560

SECUNIA - 27240

SECUNIA - 27228

SECUNIA - 27176

SECUNIA - 27060

SECUNIA - 27052

SECUNIA - 27040

APPLE - APPLE-SA-2008-03-18

HP - HPSBUX02303

CONFIRM - http://docs.info.apple.com/article.html?artnum=307562

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=194606

CONFIRM - http://bugs.freedesktop.org/show_bug.cgi?id=12299

Related Patches

Apple 2008-03-18 Security Update 2008-002 v1.0 Server (Tiger PPC)

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Tiger PPC)

Apple 2008-03-18 Security Update 2008-002 v1.0 Server (Tiger Universal)

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Tiger Universal)

Novell SUSE 2007:4485 xorg-x11 security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:46:02