Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200609-07
HistorySep 13, 2006 - 12:00 a.m.

LibXfont, monolithic X.org: Multiple integer overflows

2006-09-1300:00:00
Gentoo Foundation
security.gentoo.org
21

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

29.0%

JSON

Background

libXfont is the X.Org Xfont library, some parts are based on the FreeType code base.

Description

Several integer overflows have been found in the CID font parser.

Impact

A remote attacker could exploit this vulnerability by enticing a user to load a malicious font file resulting in the execution of arbitrary code with the permissions of the user running the X server which typically is the root user. A local user could exploit this vulnerability to gain elevated privileges.

Workaround

Disable CID-encoded Type 1 fonts by removing the “type1” module and replacing it with the “freetype” module in xorg.conf.

Resolution

All libXfont users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.1"

All monolithic X.org users are advised to migrate to modular X.org.

OSVersionArchitecturePackageVersionFilename
Gentooanyallx11-libs/libxfont< 1.2.1UNKNOWN
Gentooanyallx11-base/xorg-x11< 7.0UNKNOWN

Related

nessus 31
centos 3
openvas 9
redhat 2
slackware 1
ubuntu 1
oraclelinux 1
osv 1
debian 1
debiancve 2
cvelist 2
cve 2
nvd 2
securityvulns 1
ubuntucve 2
nessus
nessus
CentOS 3 : XFree86 (CESA-2006:0666)
2006-09-14 00:00:00
RHEL 2.1 / 3 : XFree86 (RHSA-2006:0666)
2006-09-14 00:00:00
Ubuntu 5.04 / 5.10 / 6.06 LTS : libxfont, xorg vulnerabilities (USN-344-1)
2007-11-10 00:00:00
centos
centos
xorg security update
2006-09-12 19:13:12
XFree86 security update
2006-09-13 01:55:44
XFree86 security update
2006-09-12 18:53:15
openvas
openvas
SLES9: Security update for XFree86-server
2009-10-10 00:00:00
Slackware Advisory SSA:2006-259-01 x11
2012-09-11 00:00:00
Gentoo Security Advisory GLSA 200609-07 (libxfont)
2008-09-24 00:00:00
redhat
redhat
(RHSA-2006:0666) XFree86 security update
2006-09-12 00:00:00
(RHSA-2006:0665) xorg-x11 security update
2006-09-12 00:00:00
slackware
slackware
[slackware-security] x11
2006-09-17 05:14:08
ubuntu
ubuntu
X.org vulnerabilities
2006-09-13 00:00:00
oraclelinux
oraclelinux
Important xorg-x11 security update
2006-11-30 00:00:00
osv
osv
xfree86
2006-10-09 00:00:00
debian
debian
[SECURITY] [DSA 1193-1] New XFree86 packages fix several vulnerabilities
2006-10-09 16:58:41
debiancve
debiancve
CVE-2006-3740
2006-09-13 01:07:00
CVE-2006-3739
2006-09-13 01:07:00
cvelist
cvelist
CVE-2006-3739
2006-09-13 01:00:00
CVE-2006-3740
2006-09-13 01:00:00
cve
cve
CVE-2006-3739
2006-09-13 01:07:00
CVE-2006-3740
2006-09-13 01:07:00
nvd
nvd
CVE-2006-3740
2006-09-13 01:07:00
CVE-2006-3739
2006-09-13 01:07:00
securityvulns
securityvulns
iDefense Security Advisory 09.12.06: Multiple Vendor X Server CID-keyed Fonts &#39;scan_cidfont&#40;&#41;&#39; Integer Overflow Vulnerability
2006-09-13 00:00:00
ubuntucve
ubuntucve
CVE-2006-3740
2006-09-13 00:00:00
CVE-2006-3739
2006-09-13 00:00:00

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

29.0%

JSON
Related for GLSA-200609-07
nessus31centos3openvas9redhat2slackware1ubuntu1oraclelinux1osv1debian1debiancve2cvelist2cve2nvd2securityvulns1ubuntucve2