3346 matches found
USN-403-1: X.org vulnerabilities
The DBE and Render extensions in X.org were vulnerable to integer overflows, which could lead to memory overwrites. An authenticated user could make a specially crafted request and execute arbitrary code with root privileges...
[USN-403-1] X.org vulnerabilities
=========================================================== Ubuntu Security Notice USN-403-1 January 09, 2007 xorg, xorg-server vulnerabilities CVE-2006-6101, CVE-2006-6102, CVE-2006-6103 =========================================================== A security issue affects the following Ubuntu...
CVE-2006-6103
Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures...
CVE-2006-6102
Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures...
CVE-2006-6101
Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data...
CVE-2006-6103
Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures...
CVE-2006-6102
Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures...
CVE-2006-6102
Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures...
CVE-2006-6101
Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data...
CVE-2006-6101
Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data...
CVE-2006-6103
Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures...
X.Org LibXfont CID字体文件多个整数溢出漏洞
X.Org是X.Org Foundation对X窗口系统的开源实现。 X.Org和XFree86 X server在解析type1模块中的CID编码的Type1字体时缺少验证,远程攻击者可能利用此漏洞在用户机器上执行任意指令。 具体来讲,scancidfont函数在处理CMap和CIDFont字体数据时存在整数溢出漏洞;CIDAFM函数在处理AFM(Adobe Font Metrics)文件时也存在整数溢出漏洞。攻击者可以利用这些漏洞以root权限执行任意指令。 RedHat Linux WS 4 RedHat Linux ES 4 RedHat Linux Desktop 4 RedH...
X.Org LibX11 XKEYBOARD扩展本地溢出漏洞
X.Org是X.Org Foundation对X窗口系统的开源实现。 X11R6 X窗口系统库的字符控制函数中存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。 如果将XKBCHARSET环境变量设置为很长的字符串并将DISPLAY环境变量设置为启用了XKEYBOARD扩展的X窗口系统服务器的话,则调用动态连接库时就会触发这个漏洞,导致执行任意指令。 X11R6.4中有漏洞的函数: static int if NeedFunctionPrototypes Strcmpchar str1, char str2 else Strcmpstr1, str2 char str1...
CVE-2006-5397
The Xinput module modules/im/ximcp/imLcIm.c in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor...
CVE-2006-5397
The Xinput module modules/im/ximcp/imLcIm.c in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor...
CVE-2006-5397
The CVE-2006-5397 issue affects X.Org libX11 1.0.2 and 1.0.3, specifically the Xinput module (modules/im/ximcp/imLcIm.c). The root cause is that the code opens a file for reading twice using the same file descriptor, causing a file descriptor leak. This leak allows local users to read files speci...
CVE-2006-5397
The Xinput module modules/im/ximcp/imLcIm.c in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor...
CVE-2006-5397
The Xinput module modules/im/ximcp/imLcIm.c in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor...
X.Org fails to check for setuid failure on Linux systems
Overview Programs distributed as part of the X.Org software distribution fail to properly handle test results for effective user ID. This vulnerability may lead to privilege escalation. Description Linux, like most Unix systems, provides a system call, setuid, to set the effective user ID of a...
X.Org多个setuid调用返回检查本地权限提升漏洞
X.Org是X.Org Foundation对X窗口系统的开源实现。 X.Org在处理权限放弃操作时存在漏洞,本地攻击者可能利用此漏洞提升自己的权限。 X.Org没有检查setuid或类似的调用是否成功。如果由于“maximum processes”ulimit的限制导致调用失败的话,就会导致进程以root用户权限执行某些特权操作(文件访问)。 X.org X.org 6.7.0 - 7.1 Gentoo已经为此发布了一个安全公告(GLSA-200608-25)以及相应补丁: GLSA-200608-25:X.org and some X.org libraries: Local...