PT-2003-1120 · Xfree86+1 · Xterm+2

H D Moore

·

Published

2003-03-03

·

Updated

2023-07-27

·

CVE-2003-0071

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions XFree86-xf86cfg versions 4.1.0 through 4.2.1 XFree86-font-utils versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-9-75dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-tools versions 4.1.0 through 4.2.1-21 XFree86-devel versions 4.1.0 through 4.2.1-21 XFree86-75dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-cyrillic-fonts versions 4.1.0 through 4.2.1-21 XFree86-doc versions 4.1.0 through 4.2.1-21 XFree86-xdm versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-15-100dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-2-100dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-100dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-libs versions 4.1.0 through 4.2.1-21 XFree86-xfs versions 4.1.0 through 4.2.1-21 XFree86-Xnest versions 4.1.0 through 4.2.1-21 XFree86-twm versions 4.1.0 through 4.2.1-21 XFree86-Mesa-libGL versions 4.1.0 through 4.2.1-21 XFree86-Mesa-libGLU versions 4.1.0 through 4.2.1-21 XFree86-truetype-fonts versions 4.1.0 through 4.2.1-21 XFree86-base-fonts versions 4.1.0 through 4.2.1-21 XFree86-Xvfb versions 4.1.0 through 4.2.1-21 XFree86-xauth versions 4.1.0 through 4.2.1-21
Description The XFree86 package in Red Hat Linux contains multiple vulnerabilities that can be exploited remotely, leading to a violation of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited by attackers to cause a denial of service or potentially gain unauthorized access. The issue is related to the DEC UDK processing feature in the xterm terminal emulator, which allows attackers to cause the terminal to enter a tight loop using a certain character escape sequence.
Recommendations As a temporary workaround, consider disabling the xterm terminal emulator until a patch is available. Restrict access to the vulnerable XFree86 packages to minimize the risk of exploitation. Avoid using the xterm terminal emulator in the affected XFree86 versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

BDU:2015-08248
BDU:2015-08249
BDU:2015-08250
BDU:2015-08251
BDU:2015-08252
BDU:2015-08253
BDU:2015-08254
BDU:2015-08255
BDU:2015-08256
BDU:2015-08257
BDU:2015-08258
BDU:2015-08259
BDU:2015-08260
BDU:2015-08261
BDU:2015-08262
BDU:2015-08263
BDU:2015-08264
BDU:2015-08265
BDU:2015-08266
BDU:2015-08267
BDU:2015-08268
BDU:2015-08269
BDU:2015-08270
BDU:2015-08271
BDU:2015-08272
BDU:2015-08273
BDU:2015-08274
BDU:2015-08275
BDU:2015-08276
BDU:2015-08277
BDU:2015-08278
BDU:2015-08279
BDU:2015-08280
BDU:2015-08281
BDU:2015-08282
BDU:2015-08283
BDU:2015-08284
BDU:2015-08285
BDU:2015-08286
BDU:2015-08287
BDU:2015-08288
BDU:2015-08289
BDU:2015-08290
BDU:2015-08291
BDU:2015-08292
BDU:2015-08293
BDU:2015-08294
BDU:2015-08295
BDU:2015-08296
BDU:2015-08297
BDU:2015-08298
BDU:2015-08299
BDU:2015-08300
BDU:2015-08301
BDU:2015-08302
BDU:2015-08303
BDU:2015-08304
BDU:2015-08305
BDU:2015-08306
BDU:2015-08307
BDU:2015-08308
BDU:2015-08309
BDU:2015-08310
BDU:2015-08311
BDU:2015-08312
BDU:2015-08313
BDU:2015-08314
BDU:2015-08315
BDU:2015-08316
CVE-2003-0071
DSA-380

Affected Products

Red Hat
Xfree86
Xterm