Lucene search

[email protected]CVE-2008-0006

HistoryJan 18, 2008 - 11:00 p.m.

CVE-2008-0006

2008-01-1823:00:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-0006

buffer overflow

x.org xserver

libfont

arbitrary code execution

pcf font

nvd

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.459 Medium

EPSS

Percentile

97.4%

JSON

Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.

CPENameOperatorVersion
x.org:xserverx.org xserverle1.4
sun:solaris_libxfontsun solaris libxfonteq*
sun:solaris_libfontsun solaris libfonteq*

CPE	Name	Operator	Version
x.org:xserver	x.org xserver	le	1.4
sun:solaris_libxfont	sun solaris libxfont	eq	*
sun:solaris_libfont	sun solaris libfont	eq	*

References

bugs.gentoo.org/show_bug.cgi?id=204362

docs.info.apple.com/article.html?artnum=307562

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321

jvn.jp/en/jp/JVN88935101/index.html

jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html

lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

lists.freedesktop.org/archives/xorg/2008-January/031918.html

lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html

lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html

secunia.com/advisories/28273

secunia.com/advisories/28500

secunia.com/advisories/28532

secunia.com/advisories/28535

secunia.com/advisories/28536

secunia.com/advisories/28540

secunia.com/advisories/28542

secunia.com/advisories/28544

secunia.com/advisories/28550

secunia.com/advisories/28571

secunia.com/advisories/28592

secunia.com/advisories/28621

secunia.com/advisories/28718

secunia.com/advisories/28843

secunia.com/advisories/28885

secunia.com/advisories/28941

secunia.com/advisories/29139

secunia.com/advisories/29420

secunia.com/advisories/29622

secunia.com/advisories/29707

secunia.com/advisories/30161

secunia.com/advisories/32545

security.gentoo.org/glsa/glsa-200801-09.xml

security.gentoo.org/glsa/glsa-200804-05.xml

securitytracker.com/id?1019232

sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1

sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1

support.avaya.com/elmodocs2/security/ASA-2008-038.htm

support.avaya.com/elmodocs2/security/ASA-2008-077.htm

www.gentoo.org/security/en/glsa/glsa-200805-07.xml

www.kb.cert.org/vuls/id/203220

www.mandriva.com/security/advisories?name=MDVSA-2008:021

www.mandriva.com/security/advisories?name=MDVSA-2008:022

www.mandriva.com/security/advisories?name=MDVSA-2008:024

www.openbsd.org/errata41.html#012_xorg

www.openbsd.org/errata42.html#006_xorg

www.redhat.com/support/errata/RHSA-2008-0029.html

www.redhat.com/support/errata/RHSA-2008-0030.html

www.redhat.com/support/errata/RHSA-2008-0064.html

www.securityfocus.com/archive/1/487335/100/0/threaded

www.securityfocus.com/bid/27336

www.securityfocus.com/bid/27352

www.vupen.com/english/advisories/2008/0179

www.vupen.com/english/advisories/2008/0184

www.vupen.com/english/advisories/2008/0497/references

www.vupen.com/english/advisories/2008/0703

www.vupen.com/english/advisories/2008/0924/references

www.vupen.com/english/advisories/2008/3000

www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities

bugzilla.redhat.com/show_bug.cgi?id=428044

exchange.xforce.ibmcloud.com/vulnerabilities/39767

issues.rpath.com/browse/RPL-2010

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10021

usn.ubuntu.com/571-1/

www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html

www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html

www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html

www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html