The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 102803 Multiple Integer Overflow Vulnerabilities in the X Font Server (xfs(1)) and the X Render and DBE Extensions

Guest Author
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System

Multiple security vulnerabilities in the X Font Server (xfs(1)) and the X Render and DBE extensions, which are part of the X11 servers Xsun(1) and Xorg(1), may allow a local or remote unprivileged user to elevate their privileges to root and execute arbitrary code resulting in memory corruption or a Denial of Service (DoS) condition.

These issues are described in the following documents:

CVE-2003-0730 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0730

CVE-2006-6101 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101

CVE-2006-6102 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102

CVE-2006-6103 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103

iDefense Multiple Vendor X Server Render Extension ProcRenderAddGlyphs Memory Corruption Vulnerability at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=463

iDefense Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=464

iDefense Multiple Vendor X Server DBE Extension ProcDbeSwapBuffers Memory Corruption Vulnerability at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=465

Avoidance: Patch, Workaround
State: Resolved
First released: 13-Feb-2007

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.