Sun Alert 102886 Multiple vulnerabilities in libfreetype, Xsun(1) and Xorg(1)

Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System

Multiple security vulnerabilities exist in the X11 FreeType library and  X11 display servers Xsun(1) and Xorg(1).

The XC-MISC extension is used by the X11 display servers to manage resource IDs. A local or remote unprivileged user who is able to display data on a running X11 server instance may be able to elevate their privileges to root and execute arbitrary code or cause a Denial of Service (DOS) to that X11 server instance resulting from memory corruption in ProxXCMiscGetXIDList.

This issue is described in the following documents:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=503

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003

http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html

The X11 display servers contain a flaw that may allow a local or remote unprivileged user who is able to display data on a running X11 server instance to elevate their privileges to root and execute arbitrary code or cause a Denial of Service (DOS) to that X11 server instance when a BDF font file specifies that there are more then 2\^30 characters defined in the font file.

This issue is described in the following documents:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351

http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html

The X11 Free Type library and X11 display servers contain a flaw that may allow a local or remote unprivileged user who is able to display data on a running X11 server instance to elevate their privileges to root and execute arbitrary code or cause a Denial of Service (DOS) to that X11 server instance by causing the server to load a long path name in the fonts.dir file for a font.

This issue is described in the following documents:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=502

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352

http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html

Avoidance: Patch
State: Resolved
First released: 25-Apr-2007
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
11
12
13
14
16
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today