Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2007-1352 to a friend New vulnerability? New tool? Tell us	CVE-2007-1352 Multiple Vendor X Server fonts.dir File Parsing Integer Overflow Vulnerability     Credit: The information has been provided by Greg MacManus of iDefense Labs. The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=502 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2007-1352 Details Check for CVE-2007-1352 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * in X.Org X11R7.1 Immune Systems:  * in X.Org X11R7.2 The vulnerability specifically exists in the parsing of the "fonts.dir" font information file. When the element count on the first line of the file specifies it contains more than 1,073,741,824 (2 to the power of 30) elements, a potentially exploitable heap overflow condition occurs. Analysis: Exploitation allows attackers to execute arbitrary code with elevated privileges. As the X11 server requires direct access to video hardware, it runs with elevated privileges. A user compromising an X server would gain those permissions. In order to exploit this vulnerability, an attacker would need to be able to cause the X server to use a maliciously constructed font. The X11 server contains multiple methods for a user to define additional paths to look for fonts. An exploit has been developed using the "-fp" command line option to the X11 server to pass the location of the attack to the server. It is also possible to use "xset" command with the "fp" option to perform an attack on an already running server. Some distributions allow users to start the X11 server only if they are logged on at the console, while others will allow any user to start it. Attempts at exploiting this vulnerability may put the console into an unusable state. This will not prevent repeated exploitation attempts. Workaround: iDefense is currently unaware of any effective workaround for this issue. Vendor response: The X.Org Foundation has addressed this vulnerability with source code patches. More information can be found from their advisory at the following URL. http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html CVE Information: CVE-2007-1352 Disclosure Timeline: 02/21/2007 - Initial vendor notification 02/21/2007 - Initial vendor response 04/03/2007 - Coordinated public disclosure  Comments on CVE-2007-1352:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®