Rapid7 Vulnerability & Exploit Database

SUSE-SA:2007:054: Xorg

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SUSE-SA:2007:054: Xorg

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

10/12/2007

Created

07/25/2018

Added

11/26/2007

Modified

11/18/2015

Description

The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

Solution(s)

References

https://attackerkb.com/topics/cve-2007-4568
APPLE-SA-2008-02-11
APPLE-SA-2008-03-18
25606
25898
TA08-043B
CVE - 2007-4568
CVE - 2007-4730
CVE - 2007-4990
DSA-1372
DSA-1385
37726
OVAL10430
OVAL10882
OVAL11599
RHSA-2007:0898
RHSA-2008:0029
RHSA-2008:0030
SUSE-SA:2007:054
http://bugs.freedesktop.org/show_bug.cgi?id=12299
http://bugs.freedesktop.org/show_bug.cgi?id=7447
http://bugs.gentoo.org/show_bug.cgi?id=191964
http://bugs.gentoo.org/show_bug.cgi?id=194606
http://docs.info.apple.com/article.html?artnum=307562
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01323725
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602
http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html
http://lists.freedesktop.org/archives/xorg-announce/2007-September/000378.html
http://support.avaya.com/elmodocs2/security/ASA-2007-394.htm
http://www.debian.org/security/2007/dsa-1372
http://www.frsirt.com/english/advisories/2007/3337
http://www.frsirt.com/english/advisories/2007/3338
http://www.frsirt.com/english/advisories/2007/3467
http://www.frsirt.com/english/advisories/2008/0149
http://www.frsirt.com/english/advisories/2008/0924/references
http://www.mandriva.com/security/advisories?name=MDKSA-2007:178
http://www.mandriva.com/security/advisories?name=MDKSA-2007:210
http://www.mandriva.com/security/advisories?name=MDVSA-2008:022
http://www.novell.com/linux/security/advisories/2007_54_xorg.html
http://www.securityfocus.com/archive/1/archive/1/481432/100/0/threaded
http://www.ubuntu.com/usn/usn-514-1
https://issues.rpath.com/browse/RPL-1728
https://issues.rpath.com/browse/RPL-1756
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html
36535
36919
36920

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;