XFree86 font.alias file buffer overflow

xfree86-fontalias-bo (15130)

High Risk

Description:

XFree86 is vulnerable to a buffer overflow in the font.alias file, caused by improper bounds checking of user-supplied input. A local attacker could create a specially-crafted font.alias file to overflow a buffer and execute arbitrary code on the system.

Consequences:

Gain Privileges

Remedy:

Apply the patch for this vulnerability, available from the iDEFENSE Security Advisory 02.10.04. See References.

For Gentoo Linux:
Upgrade to the latest version of Xfree (4.2.1-r3 or 4.3.0-r4 or 4.3.99.902-r1 later), as listed in Gentoo Linux Security Announcement 200402-02. See References.

For Slackware Linux:
Upgrade to the latest xfree86 package, as listed below. Refer to slackware-security Mailing List, Thu, 12 Feb 2004 12:19:25 -0800 (PST) for more information. See References.

Slackware Linux 8.1: 4.2.1-i386-3 or later
Slackware Linux 9.0: 4.3.0-i386-3 or later
Slackware Linux 9.1 and -current: 4.3.0-i486-6 or later

For Red Hat Linux 9:
Upgrade to the latest XFree86 Package (4.3.0-2.90.55 or later), as listed in RHSA-2004:059-19. See References.

For Red Hat Linux containing XFree86 package:
Upgrade to the latest XFree86 package, as listed below. Refer to RHSA-2004:060-16 for more information. See References.

Red Hat Enterprise Linux AS (v. 2.1), ES (v.2.1), WS (v. 2.1), and Advanced Workstation for the Itanium Processor: 4.1.0-56 or later

For Red Hat Linux:
Upgrade to the latest XFree86 package, as listed below. Refer to RHSA-2004:061-29 for more information. See References.

Red Hat Enterprise Linux AS (v. 3), ES (v. 3), and WS (v. 3): 4.3.0-55 or later

For Immunix 7.3:
Upgrade to the latest version of XFree86 (4.2.1-13.73.23_imnx_2 or later), as listed in Immunix Secured OS Security Advisory IMNX-2004-73-002-01. See References.

For Turbolinux:
Upgrade to the latest XFree86 package, as listed below. Refer to Turbolinux Security Advisory TLSA-2004-5 for more information. See References.

Turbolinux 10 Desktop: 4.3.0-49 or later
Turbolinux 8 Server and Workstation: 4.2.0-28 or later
Turbolinux 7 Server and Workstation: 4.1.0-39 or later

For Mandrake Linux:
Upgrade to the latest XFree86 package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:012 : XFree86 for more information. See References.

Mandrake Linux 9.0: 4.2.1-3.5.90mdk or later
Mandrake Linux 9.1: 4.3-8.7.91mdk or later
Mandrake Linux 9.2: 4.3-24.4.92mdk or later
Mandrake Linux Corporate Server 2.1: 4.2.1-6.9.C21mdk or later

For SuSE Linux:
Upgrade to the latest XFree86 package, as listed below. Refer to SuSE Security Announcement SuSE-SA:2004:006 for more information. See References.

SuSE Linux 9.0 (Intel): 4.3.0.1-46 or later
SuSE Linux 8.2: 4.3.0-120 or later
SuSE Linux 8.1: 4.2.0-257 or later
SuSE Linux 8.0: 4.2.0-257 or later
SuSE 9.0 (x86_64): 4.3.0.1-52

For Conectiva Linux:
Upgrade to the latest XFree86 package, as listed below. Refer to Conectiva Linux Security Announcement CLSA-2004:821 for more information. See References.

Conectiva Linux 8: 4.2.0-21U80_6cl or later
Conectiva Linux 9: 4.3.0-28972U90_5cl or later

For SCO UnixWare 7.1.3 / Open UNIX 8.0.0, OpenServer 5.0.6, and OpenServer 5.0.7:
Upgrade to the appropriate fixed binaries, as listed in SCO Security Advisory SCOSA-2004.2, SCOSA-2004.3. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

• BugTraq Mailing List, Fri Jul 30 2004 - 15:27:24 CDT: Fri Jul 30 2004 - 15:27:24 CDT.
• CIAC Information Bulletin O-081: Red Hat Updated XFree86 Packages Fix Privilege Escalation Vulnerability.
• Conectiva Linux Security Announcement CLSA-2004:821: XFree86.
• Gentoo Linux Security Announcement 200402-02: XFree86 Font Information File Buffer Overflow. (From LinuxSecurity archive)
• iDEFENSE Security Advisory 02.10.04:: XFree86 Font Information File Buffer Overflow .
• Immunix Secured OS Security Advisory IMNX-2004-73-002-01: XFree86. (From LinuxSecurity archive)
• SCO Security Advisory SCOSA-2004.2: Xsco contains a buffer overflow that could be exploited to gain root privileges.
• SCO Security Advisory SCOSA-2004.3: Xsco contains a buffer overflow that could be exploited to gain root privileges.
• slackware-security Mailing List, Thu, 12 Feb 2004 12:19:25 -0800 (PST): XFree86 security update (SSA:2004-043-02).
• Sun Security Alert ID: 57768: Multiple Security Vulnerabilities in Xsun and Xprt Server Font Handling.
• BID-9636: XFree86 Font Information File Buffer Overflow Vulnerability
• CVE-2004-0083: Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
• DSA-443: xfree86 -- several vulnerabilities
• GLSA-200402-02: XFree86 Font Information File Buffer Overflow
• MDKSA-2004:012: Updated XFree86 packages fix buffer overflow vulnerabilities
• RHSA-2004-059: Updated XFree86 packages fix privilege escalation vulnerability
• RHSA-2004-060: XFree86 security update
• RHSA-2004-061: XFree86 security update
• SUSE-SA:2004:006: xf86/XFree86: local privilege escalation

Platforms Affected:

• Conectiva Linux 8.0
• Conectiva Linux 9.0
• Debian Debian Linux 3.0
• Gentoo Linux
• Immunix Immunix OS 7.3
• MandrakeSoft Mandrake Linux 9.0
• MandrakeSoft Mandrake Linux 9.1
• MandrakeSoft Mandrake Linux 9.1 PPC
• MandrakeSoft Mandrake Linux 9.2
• MandrakeSoft Mandrake Linux 9.2 AMD64
• MandrakeSoft Mandrake Linux Corporate Server 2.1
• MandrakeSoft Mandrake Linux Corporate Server 2.1 X86_64
• Novell SuSE Linux Enterprise Server 7.0
• RedHat Enterprise Linux 2.1 ES
• RedHat Enterprise Linux 2.1 WS
• RedHat Enterprise Linux 2.1 AS
• RedHat Enterprise Linux 2.1 AW
• RedHat Enterprise Linux 3 AS
• RedHat Enterprise Linux 3 ES
• RedHat Enterprise Linux 3 WS
• RedHat Linux 9.0
• RedHat Linux Advanced Workstation 2.1 Itanium
• SCO Caldera OpenUnix 8.0.0
• SCO Caldera UnixWare 7.1.3
• SCO SCO OpenServer 5.0.6
• SCO SCO OpenServer 5.0.7
• SCO SCO UnixWare 7.1.3up
• Slackware Slackware Linux 8.1
• Slackware Slackware Linux 9.0
• Slackware Slackware Linux 9.1
• Slackware Slackware Linux current
• SuSE Linux Enterprise Server 8
• SuSE SuSE eMail Server 3.1
• SuSE SuSE eMail Server III
• SUSE SuSE Linux 8.0
• SUSE SuSE Linux 8.1
• SUSE SuSE Linux 8.2
• SUSE SuSE Linux 9.0
• SuSE SuSE Linux Connectivity Server
• SuSE SuSE Linux Database Server
• SuSE SuSE Linux Firewall
• SuSE SuSE Linux Office Server
• Turbolinux Turbolinux 10 Desktop
• Turbolinux Turbolinux 7 Server
• Turbolinux Turbolinux 7 Workstation
• Turbolinux Turbolinux 8 Server
• Turbolinux Turbolinux 8 Workstation
• XFree86 XFree86 4.1.0 - 4.3.0

Reported:

Feb 10, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page