Lucene search
K

3346 matches found

ubuntu
ubuntu
added 2007/01/09 6:47 p.m.69 views

USN-403-1: X.org vulnerabilities

The DBE and Render extensions in X.org were vulnerable to integer overflows, which could lead to memory overwrites. An authenticated user could make a specially crafted request and execute arbitrary code with root privileges...

10CVSS8.8AI score0.0339EPSS
Exploits0
securityvulns
securityvulns
added 2007/01/09 12:0 a.m.52 views

[USN-403-1] X.org vulnerabilities

=========================================================== Ubuntu Security Notice USN-403-1 January 09, 2007 xorg, xorg-server vulnerabilities CVE-2006-6101, CVE-2006-6102, CVE-2006-6103 =========================================================== A security issue affects the following Ubuntu...

10CVSS0.1AI score0.0339EPSS
Exploits0
ubuntucve
ubuntucve
added 2006/12/31 5:0 a.m.36 views

CVE-2006-6103

Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures...

6.6CVSS7.6AI score0.00379EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2006/12/31 5:0 a.m.31 views

CVE-2006-6102

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures...

10CVSS7.6AI score0.0339EPSS
Exploits0References2
osv
osv
added 2006/12/31 5:0 a.m.8 views

CVE-2006-6101

Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data...

7.3AI score
Exploits0References42
nvd
nvd
added 2006/12/31 5:0 a.m.16 views

CVE-2006-6103

Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures...

6.6CVSS7.3AI score0.00379EPSS
Exploits0References40
nvd
nvd
added 2006/12/31 5:0 a.m.16 views

CVE-2006-6102

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures...

10CVSS7.3AI score0.0339EPSS
Exploits0References40
osv
osv
added 2006/12/31 5:0 a.m.7 views

CVE-2006-6102

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures...

7.3AI score
Exploits0References41
ubuntucve
ubuntucve
added 2006/12/31 5:0 a.m.27 views

CVE-2006-6101

Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data...

6.6CVSS7.6AI score0.00379EPSS
Exploits0References2
nvd
nvd
added 2006/12/31 5:0 a.m.23 views

CVE-2006-6101

Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data...

6.6CVSS7.3AI score0.00379EPSS
Exploits0References40
osv
osv
added 2006/12/31 5:0 a.m.10 views

CVE-2006-6103

Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures...

7.3AI score
Exploits0References42
seebug
seebug
added 2006/11/07 12:0 a.m.18 views

X.Org LibXfont CID字体文件多个整数溢出漏洞

X.Org是X.Org Foundation对X窗口系统的开源实现。 X.Org和XFree86 X server在解析type1模块中的CID编码的Type1字体时缺少验证,远程攻击者可能利用此漏洞在用户机器上执行任意指令。 具体来讲,scancidfont函数在处理CMap和CIDFont字体数据时存在整数溢出漏洞;CIDAFM函数在处理AFM(Adobe Font Metrics)文件时也存在整数溢出漏洞。攻击者可以利用这些漏洞以root权限执行任意指令。 RedHat Linux WS 4 RedHat Linux ES 4 RedHat Linux Desktop 4 RedH...

7.1AI score
Exploits0
seebug
seebug
added 2006/11/07 12:0 a.m.21 views

X.Org LibX11 XKEYBOARD扩展本地溢出漏洞

X.Org是X.Org Foundation对X窗口系统的开源实现。 X11R6 X窗口系统库的字符控制函数中存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。 如果将XKBCHARSET环境变量设置为很长的字符串并将DISPLAY环境变量设置为启用了XKEYBOARD扩展的X窗口系统服务器的话,则调用动态连接库时就会触发这个漏洞,导致执行任意指令。 X11R6.4中有漏洞的函数: static int if NeedFunctionPrototypes Strcmpchar str1, char str2 else Strcmpstr1, str2 char str1...

7.1AI score
Exploits0
ubuntucve
ubuntucve
added 2006/11/03 12:7 a.m.38 views

CVE-2006-5397

The Xinput module modules/im/ximcp/imLcIm.c in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor...

2.1CVSS5.9AI score0.00355EPSS
Exploits0References1
nvd
nvd
added 2006/11/03 12:7 a.m.22 views

CVE-2006-5397

The Xinput module modules/im/ximcp/imLcIm.c in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor...

2.1CVSS6.1AI score0.00355EPSS
Exploits0References8
cve
cve
added 2006/11/03 12:0 a.m.58 views

CVE-2006-5397

The CVE-2006-5397 issue affects X.Org libX11 1.0.2 and 1.0.3, specifically the Xinput module (modules/im/ximcp/imLcIm.c). The root cause is that the code opens a file for reading twice using the same file descriptor, causing a file descriptor leak. This leak allows local users to read files speci...

2.1CVSS6.1AI score0.00355EPSS
Exploits0References8Affected Software1
cvelist
cvelist
added 2006/11/03 12:0 a.m.26 views

CVE-2006-5397

The Xinput module modules/im/ximcp/imLcIm.c in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor...

6.1AI score0.00355EPSS
Exploits0References8
debiancve
debiancve
added 2006/11/03 12:0 a.m.45 views

CVE-2006-5397

The Xinput module modules/im/ximcp/imLcIm.c in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor...

2.1CVSS6AI score0.00355EPSS
Exploits0
cert
cert
added 2006/10/25 12:0 a.m.31 views

X.Org fails to check for setuid failure on Linux systems

Overview Programs distributed as part of the X.Org software distribution fail to properly handle test results for effective user ID. This vulnerability may lead to privilege escalation. Description Linux, like most Unix systems, provides a system call, setuid, to set the effective user ID of a...

7.2CVSS7.3AI score0.00434EPSS
Exploits0References8
seebug
seebug
added 2006/10/25 12:0 a.m.30 views

X.Org多个setuid调用返回检查本地权限提升漏洞

X.Org是X.Org Foundation对X窗口系统的开源实现。 X.Org在处理权限放弃操作时存在漏洞,本地攻击者可能利用此漏洞提升自己的权限。 X.Org没有检查setuid或类似的调用是否成功。如果由于“maximum processes”ulimit的限制导致调用失败的话,就会导致进程以root用户权限执行某些特权操作(文件访问)。 X.org X.org 6.7.0 - 7.1 Gentoo已经为此发布了一个安全公告(GLSA-200608-25)以及相应补丁: GLSA-200608-25:X.org and some X.org libraries: Local...

7.1AI score
Exploits0
Rows per page
Query Builder