Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в сервере X11 X.Org
Опубликовано:4 апреля 2007 г.
Источник:
SecurityVulns ID:7531
Тип:локальная
Уровень опасности:
7/10
Описание:Многочисленные целочисленные переполнения и повреждения памяти.
Затронутые продукты:TIGHTVNC : tightvnc 1.2
 FREETYPE : freetype 2.2
 XORG : X11 7.1
CVE:CVE-2007-2437 (The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.)
 CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.)
 CVE-2007-1351 (Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.)
 CVE-2007-1003 (Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.)
Оригинальный текстdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 04.03.07: Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability (04.04.2007)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 04.03.07: Multiple Vendor X Server fonts.dir File Parsing Integer Overflow Vulnerability (04.04.2007)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 04.03.07: Multiple Vendor X Server XC-MISC Extension Memory Corruption Vulnerability (04.04.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород