Rapid7 Vulnerability & Exploit Database

SUSE-SA:2004:006: xf86/XFree86

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE-SA:2004:006: xf86/XFree86

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

02/23/2004

Created

07/25/2018

Added

11/08/2005

Modified

11/18/2015

Description

Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.

Solution(s)

References

https://attackerkb.com/topics/cve-2004-0083
9636
9652
667502
820006
CLA-2004:821
CVE - 2004-0083
CVE - 2004-0084
CVE - 2004-0106
DSA-443
MDKSA-2004:012
OVAL10405
OVAL11111
OVAL806
OVAL807
OVAL809
OVAL830
OVAL831
OVAL832
OVAL9612
RHSA-2004:059
RHSA-2004:060
RHSA-2004:061
SuSE-SA:2004:006
http://marc.theaimsgroup.com/?l=bugtraq&m=107644835523678&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=107653324115914&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=107662833512775&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=110979666528890&w=2
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:806
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:807
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:809
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:830
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:831
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:832
http://security.gentoo.org/glsa/glsa-200402-02.xml
http://www.idefense.com/application/poi/display?id=72
http://www.idefense.com/application/poi/display?id=73
http://www.novell.com/linux/security/advisories/2004_06_xf86.html
http://www.redhat.com/support/errata/RHSA-2004-060.html
http://www.redhat.com/support/errata/RHSA-2004-061.html
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
http://www.xfree86.org/cvs/changes
http://xforce.iss.net/xforce/xfdb/15130
http://xforce.iss.net/xforce/xfdb/15200
http://xforce.iss.net/xforce/xfdb/15206
15130
15200
15206

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;