Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1699

Overview

Vulnerability Score 3.6 3.6
CVE Id CVE-2012-1699
Last Modified 05 Dec 2013 12:12:25
Published 21 Dec 2012 12:46:15
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-1699

Summary

The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference.

Vulnerable Systems

Application

  • X.org X11 6.0

  • X.org X11 6.1

  • X.org X11 6.3

  • X.org X11 6.4

  • X.org X11 6.5.1

  • X.org X11 6.6

  • Xfree86 3.3.2


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=842841

CONFIRM - https://blogs.oracle.com/sunsecurity/entry/cve_2012_1699_denial_of

MISC - http://twitter.com/bsdaemon/status/228958599790071809

MLIST - [xorg-announce] 20120724 X.Org security advisory: DoS/info leak in xfs prior to X11R6.7/XFree86 3.3.3

MISC - http://invisible-island.net/ansification/ansify-xfs-cve.html

HP - HPSBUX02829

HP - SSRT100883

Related Patches

SUN113923-06 Solaris 9 SPARC: X11 6.6.1: security font server patch


Last Updated: 27 May 2016 10:53:46