From 42fb7de6ca3362178aae22c870fd4abec61d46a1 Mon Sep 17 00:00:00 2001 From: flz Date: Mon, 8 Oct 2007 12:05:08 +0000 Subject: Document xfs -- multiple vulnerabilities. --- security/vuxml/vuln.xml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) (limited to 'security/vuxml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 7ab94ca9102b..786cc3947559 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,41 @@ Note: Please add new entries to the beginning of this file. --> + + xfs -- multiple vulnerabilites + + + xfs + 1.0.5,1 + + + + +

Matthieu Herrb reports:

+
+

Problem Description:

+

Several vulnerabilities have been identified in xfs, the X font + server. The QueryXBitmaps and QueryXExtents protocol requests + suffer from lack of validation of their 'length' parameters.

+

Impact:

+

On most modern systems, the font server is accessible only for + local clients and runs with reduced privileges, but on some + systems it may still be accessible from remote clients and + possibly running with root privileges, creating an opportunity + for remote privilege escalation.

+
+ + + + CVE-2007-4568 + http://lists.freedesktop.org/archives/xorg/2007-October/028899.html + + + 2007-10-02 + 2007-10-08 + + + tcl/tk -- buffer overflow in ReadImage function -- cgit