PT-2007-7518 · Xfree86+2 · Xfree86+3
Published
1970-01-01
·
Updated
2024-06-15
·
CVE-2008-2361
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
XFree86-twm version 4.3.0
XFree86-devel version 4.3.0
XFree86-font-utils version 4.3.0
XFree86-ISO8859-9-75dpi-fonts version 4.3.0
XFree86-cyrillic-fonts version 4.3.0
xorg-x11-server-sdk version 1.1.1
XFree86-ISO8859-14-75dpi-fonts version 4.3.0
XFree86-ISO8859-9-100dpi-fonts version 4.3.0
XFree86-libs version 4.3.0
XFree86-tools version 4.3.0
xorg-x11-server-Xnest version 1.1.1
xorg-server versions prior to 1.3.0.0-r6
XFree86-syriac-fonts version 4.3.0
xorg-x11-server-Xdmx version 1.1.1
XFree86-75dpi-fonts version 4.3.0
XFree86-ISO8859-15-100dpi-fonts version 4.3.0
XFree86-base-fonts version 4.3.0
XFree86-doc version 4.3.0
XFree86-ISO8859-15-75dpi-fonts version 4.3.0
XFree86-xauth version 4.3.0
xorg-x11-Xvfb (affected versions not specified)
xorg-x11-server-Xorg version 1.1.1
xorg-x11-server version 1.1.1
xorg-x11-server-Xephyr version 1.1.1
XFree86-ISO8859-2-100dpi-fonts version 4.3.0
xorg-x11-Xvnc (affected versions not specified)
XFree86-xdm version 4.3.0
xorg-x11-server-Xvfb version 1.1.1
xorg-x11-server (affected versions not specified)
XFree86-xfs version 4.3.0
xorg-x11-server-randr-source version 1.1.1
XFree86-Xvfb version 4.3.0
XFree86-Mesa-libGL version 4.3.0
XFree86-libs-data version 4.3.0
XFree86-ISO8859-2-75dpi-fonts version 4.3.0
XFree86-ISO8859-14-100dpi-fonts version 4.3.0
XFree86 version 4.3.0
XFree86-Xnest version 4.3.0
XFree86-Mesa-libGLU version 4.3.0
XFree86-sdk version 4.3.0
Description
The issue is related to multiple vulnerabilities in various packages of the XFree86 and xorg-x11-server software, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities are caused by an integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server, allowing context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory.
Recommendations
For XFree86-twm version 4.3.0, update to a fixed version or apply available patches.
For XFree86-devel version 4.3.0, update to a fixed version or apply available patches.
For XFree86-font-utils version 4.3.0, update to a fixed version or apply available patches.
For XFree86-ISO8859-9-75dpi-fonts version 4.3.0, update to a fixed version or apply available patches.
For XFree86-cyrillic-fonts version 4.3.0, update to a fixed version or apply available patches.
For xorg-x11-server-sdk version 1.1.1, update to a fixed version or apply available patches.
For XFree86-ISO8859-14-75dpi-fonts version 4.3.0, update to a fixed version or apply available patches.
For XFree86-ISO8859-9-100dpi-fonts version 4.3.0, update to a fixed version or apply available patches.
For XFree86-libs version 4.3.0, update to a fixed version or apply available patches.
For XFree86-tools version 4.3.0, update to a fixed version or apply available patches.
For xorg-x11-server-Xnest version 1.1.1, update to a fixed version or apply available patches.
For xorg-server versions prior to 1.3.0.0-r6, update to version 1.3.0.0-r6 or later.
For XFree86-syriac-fonts version 4.3.0, update to a fixed version or apply available patches.
For xorg-x11-server-Xdmx version 1.1.1, update to a fixed version or apply available patches.
For XFree86-75dpi-fonts version 4.3.0, update to a fixed version or apply available patches.
For XFree86-ISO8859-15-100dpi-fonts version 4.3.0, update to a fixed version or apply available patches.
For XFree86-base-fonts version 4.3.0, update to a fixed version or apply available patches.
For XFree86-doc version 4.3.0, update to a fixed version or apply available patches.
For XFree86-ISO8859-15-75dpi-fonts version 4.3.0, update to a fixed version or apply available patches.
For XFree86-xauth version 4.3.0, update to a fixed version or apply available patches.
For xorg-x11-Xvfb, update to a fixed version or apply available patches.
For xorg-x11-server-Xorg version 1.1.1, update to a fixed version or apply available patches.
For xorg-x11-server version 1.1.1, update to a fixed version or apply available patches.
For xorg-x11-server-Xephyr version 1.1.1, update to a fixed version or apply available patches.
For XFree86-ISO8859-2-100dpi-fonts version 4.3.0, update to a fixed version or apply available patches.
For xorg-x11-Xvnc, update to a fixed version or apply available patches.
For XFree86-xdm version 4.3.0, update to a fixed version or apply available patches.
For xorg-x11-server-Xvfb version 1.1.1, update to a fixed version or apply available patches.
For xorg-x11-server, update to a fixed version or apply available patches.
For XFree86-xfs version 4.3.0, update to a fixed version or apply available patches.
For xorg-x11-server-randr-source version 1.1.1, update to a fixed version or apply available patches.
For XFree86-Xvfb version 4.3.0, update to a fixed version or apply available patches.
For XFree86-Mesa-libGL version 4.3.0, update to a fixed version or apply available patches.
For XFree86-libs-data version 4.3.0, update to a fixed version or apply available patches.
For XFree86-ISO8859-2-75dpi-fonts version 4.3.0, update to a fixed version or apply available patches.
For XFree86-ISO8859-14-100dpi-fonts version 4.3.0, update to a fixed version or apply available patches.
For XFree86 version 4.3.0, update to a fixed version or apply available patches.
For XFree86-Xnest version 4.3.0, update to a fixed version or apply available patches.
For XFree86-Mesa-libGLU version 4.3.0, update to a fixed version or apply available patches.
For XFree86-sdk version 4.3.0, update to a fixed version or apply available patches.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat
Xfree86
Xorg-Server
Xorg-X11-Server