X.Org DBE和Render扩展多个整数溢出漏洞

X.Org是X.Org Foundation对X窗口系统的开源实现。 X.Org Render扩展的ProcRenderAddGlyphs函数及DBE扩展的ProcDbeGetVisualInfo和ProcDbeSwapBuffers函数没有正确验证用户输入，允许攻击者通过向X服务器发送特制的X请求触发整数溢出，本地攻击者可能利用此漏洞获取root用户权限。 X.org X11R6 6.9.0 X.org X11R7 7.1 X.org X11R7 7.0 临时解决方法：...

XFree86 security update

CentOS Errata and Security Advisory CESA-2007:0002 Updated XFree86 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the...

security flaw

Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures...

iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeSwapBuffers Memory Corruption Vulnerability

Multiple Vendor X Server DBE Extension ProcDbeSwapBuffers Memory Corruption Vulnerability iDefense Security Advisory 01.09.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 09, 2007 I. BACKGROUND The X Window System is a graphical windowing system based on a client/server model. More...

iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability

Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability iDefense Security Advisory 01.09.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 09, 2007 I. BACKGROUND The X Window System is a graphical windowing system based on a client/server model. Mor...

[SECURITY] Fedora Core 6 Update: xterm-223-1.fc6

The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly...

[SECURITY] Fedora Core 5 Update: xterm-223-1.fc5

The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly...

X.Org LibX11 XKEYBOARD扩展本地溢出漏洞

X.Org是X.Org Foundation对X窗口系统的开源实现。 X11R6 X窗口系统库的字符控制函数中存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞在服务器上执行任意指令。 如果将XKBCHARSET环境变量设置为很长的字符串并将DISPLAY环境变量设置为启用了XKEYBOARD扩展的X窗口系统服务器的话，则调用动态连接库时就会触发这个漏洞，导致执行任意指令。 X11R6.4中有漏洞的函数： static int if NeedFunctionPrototypes Strcmpchar str1, char str2 else Strcmpstr1, str2 char str1...

qt security update

CentOS Errata and Security Advisory CESA-2006:0725-01 Updated qt packages that correct an integer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and...

Moderate: Red Hat Security Advisory: qt security update

Updated qt packages that correct an integer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI Graphical User Interface applications...

Debian DSA-1193-1 : xfree86 - several vulnerabilities

Several vulnerabilities have been discovered in the X Window System, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-3467 Chris Evan discovered an integer overflow in the code t...

DSA-1193-1 xfree86

Bulletin has no description...

CentOS 4 : xorg-x11 (CESA-2006:0665)

Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level...

RHEL 2.1 / 3 : XFree86 (RHSA-2006:0666)

Updated XFree86 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core...

XFree86 security update

CentOS Errata and Security Advisory CESA-2006:0666-01 Updated XFree86 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of...

X11R6 6.4 XKEYBOARD (SolarisSPARC) - Local Buffer Overflow (2)

X11R6 6.4 XKEYBOARD SolarisSPARC - Local Buffer Overflow 2 / $Id: raptorxkb.c,v 1.1 2006/09/13 16:18:36 raptor Exp $ raptorxkb.c - XKEYBOARD Strcmp, Solaris/SPARC 8/9/10 Copyright c 2006 Marco Ivaldi Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and...

X11R6 < 6.4 XKEYBOARD (Solaris/SPARC) - Local Buffer Overflow (2)

/ $Id: raptorxkb.c,v 1.1 2006/09/13 16:18:36 raptor Exp $ raptorxkb.c - XKEYBOARD Strcmp, Solaris/SPARC 8/9/10 Copyright c 2006 Marco Ivaldi Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8...

iDefense Security Advisory 09.12.06: Multiple Vendor X Server CID-keyed Fonts 'scan_cidfont()' Integer Overflow Vulnerability

Multiple Vendor X Server CID-keyed Fonts 'scancidfont' Integer Overflow Vulnerability iDefense Security Advisory 09.12.06 http://www.idefense.com/intelligence/vulnerabilities/ Sep 12, 2006 I. BACKGROUND The X Window System is a graphical windowing system based on a client/server model. More...

X11R6 6.4 XKEYBOARD (SolarisSPARC) - Local Buffer Overflow (1)

X11R6 6.4 XKEYBOARD SolarisSPARC - Local Buffer Overflow 1 / X11R6 XKEYBOARD extension Strcmp for Sun Solaris 8 9 10 SPARC Copyright 2006 RISE Security , Ramon de Carvalho Valle This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public Licen...

DEBIAN-CVE-2006-4447

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit...