Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2007-4568 to a friend New vulnerability? New tool? Tell us	CVE-2007-4568 Multiple Vendor X Font Server Multiple Vulnerabilities     Credit: The information has been provided by iDefense. The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2007-4568 Details Check for CVE-2007-4568 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * XFS version X11R7.2-1.0.4 (Previous versions may also be affected) An integer overflow vulnerability exists within the handlers for the QueryXBitmaps and QueryXExtents protocol requests. Both requests result in a call to the build_range() function. This function takes a 32bit integer from the request, and uses it in an arithmetic operation that calculates the size of a dynamic buffer. This calculation can overflow, which leads to an improperly sized memory allocation. This results in a heap overflow. Additionally, a heap corruption vulnerability exists within the handlers for the QueryXBitmaps and QueryXExtents protocol requests. Both requests result in a call to the swap_char2b() function. This function takes a 32bit integer from the request, and uses it as the number of bytes to swap in the request buffer. This allows an attacker to swap an arbitrary number of bytes on the heap. Exploitation of these vulnerabilities could result in the execution of arbitrary code with the privileges of the X Font Server, usually 'xfs'. On current versions of Solaris, these vulnerabilities are remotely exploitable. The XFS service is turned on by default, and listens on TCP port 7100. On modern Linux systems, these vulnerabilities are only locally exploitable since the server is configured to listen on a UNIX socket only. Workaround: On Solaris, stop XFS from listening remotely by disabling it via the service manager. Vendor Status: The X.Org team has addressed these vulnerabilities with the release of XFS version 1.0.5. Additionally, a patch for version 1.0.4 has been made available. For more information, consult the X.Org advisory at the following URL: http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html CVE Information: CVE-2007-4568 Disclosure Timeline:  * 09/05/2007 - Initial vendor notification  * 09/08/2007 - Initial vendor response  * 10/02/2007 - Coordinated public disclosure  Comments on CVE-2007-4568:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®