10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.121 Low
EPSS
Percentile
95.4%
XFree86 contains a vulnerability in the parsing of the ‘fonts.alias’ file, which could be exploited by a local user to execute arbitrary code with elevated privileges.
XFree86 contains a flaw during the processing of the ‘fonts.alias’ file. XFree86 is an implementation of the X Window System. The ‘fonts.alias’ file is used to map new names to existing fonts and must be placed in any directory of the font-path. When reading user input from the file it stores the user supplied data for the font name in a fixed-length buffer. It fails to check the length of the user input, leading to a buffer overflow condition
A local authenticated user may craft a ‘fonts.alias’ file to exploit this buffer overflow vulnerability, leading to execution of arbitrary code with root privileges. The local user must have privileges to write to one of the directories in the font-path to exploit this vulnerability.
Upgrade or Patch
This issue is resolved in XFree86 4.3.0.2. Upgrade or apply patches as specified by your vendor.
667502
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: August 17, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see IBM Support Document IY53508
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Notified: August 23, 2004 Updated: August 26, 2004
Affected
MDKSA-2004:012 fixes both of these vulnerabilities.
The vendor has not provided us with any further information regarding this vulnerability.
The MDKSA-2004:012 advisory refers to both this vulnerability and VU#820006
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see CLSA-2004:821
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see RHSA-2004-059, RHSA-2004-060, and RHSA-2004-061
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see SCOSA-2004.2
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see SGI Advanced Linux Environment security update #12
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: October 26, 2005
Affected
Sun confirms that the XFree86 vulnerabilities described in CERT Vulnerability Notes VU#667502 and VU#820006 affect the following versions of Solaris:
Solaris 7, 8, and 9
Solaris 10 is not impacted by these vulnerabilities. Sun has released Sun Alert 57768 which describes the Solaris specific impact, contributing factors, workaround options, and resolution. The Sun Alert is available here:
<http://sunsolve.Sun.COM/search/document.do?assetkey=1-26-57768-1>
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see TLSA-2004-5
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
Updated: December 07, 2004
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
We have no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23667502 Feedback>).
View all 33 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by Greg MacManus.
This document was written by Will Dormann.
CVE IDs: | CVE-2004-0084 |
---|---|
Severity Metric: | 9.62 Date Public: |