Vulnerability Bulletins

int(3729)

Vulnerability Bulletins

Desbordamiento de búfer en Xorg
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Aumento de privilegios
Dificulty	Experto
Required attacker level	Acceso remoto con cuenta
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	libXfont < 1.4.1
Description
Se ha descubierto una vulnerabilidad de tipo desbordamiento de búfer en zona de heap en libXfont de X.Org en versiones anteriores a la 1.4.1. La vulnerabilidad reside en un error al manejar ciertos ficheros de fuentes. Un atacante local podría escalar privilegios y ejecutar código en el contexto del usuario con el que se ejecuta el servidor X.org.
Solution
Actualización de software Red Hat (RHSA-2008:0064-5) RHEL Desktop Workstation (v. 5 cliente) Red Hat Enterprise Linux (v. 5 servidor) Red Hat Enterprise Linux Desktop (v. 5 cliente) https://rhn.redhat.com/ Red Hat (RHSA-2008:0030-7) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Red Hat (RHSA-2008:0029-9) Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Linux Advanced Workstation 2.1 para el procesador Itanium https://rhn.redhat.com/ Sun (201230) Solaris 10 (para Xsun(1)) / SPARC / patch 119059-37 Solaris 10 (para Xorg(1)) / SPARC / patch 125719-07 Solaris 9 (para Xsun(1)) / SPARC / patch 112785-63 Solaris 8 (para Xsun(1)) / SPARC / patch 119067-09 Solaris 10 (para Xsun(1)) / x86 / patch 119060-36 Solaris 10 (para Xorg(1)) / x86 / patch 125720-16 Solaris 9 (para Xorg(1)) / x86 / patch 118908-04 Solaris 9 (para Xsun(1)) / x86 / patch 112786-52 Solaris 8 (para Xsun(1)) / x86 / patch 119068-09 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux. Mandriva (MDVSA-2008:021) Corporate Server 3.0 corporate/3.0/i586/X11R6-contrib-4.3-32.15.C30mdk.i586.rpm corporate/3.0/i586/XFree86-100dpi-fonts-4.3-32.15.C30mdk.i586.rpm corporate/3.0/i586/XFree86-4.3-32.15.C30mdk.i586.rpm corporate/3.0/i586/XFree86-75dpi-fonts-4.3-32.15.C30mdk.i586.rpm corporate/3.0/i586/XFree86-Xnest-4.3-32.15.C30mdk.i586.rpm corporate/3.0/i586/XFree86-Xvfb-4.3-32.15.C30mdk.i586.rpm corporate/3.0/i586/XFree86-cyrillic-fonts-4.3-32.15.C30mdk.i586.rpm corporate/3.0/i586/XFree86-doc-4.3-32.15.C30mdk.i586.rpm corporate/3.0/i586/XFree86-glide-module-4.3-32.15.C30mdk.i586.rpm corporate/3.0/i586/XFree86-server-4.3-32.15.C30mdk.i586.rpm corporate/3.0/i586/XFree86-xfs-4.3-32.15.C30mdk.i586.rpm corporate/3.0/i586/libxfree86-4.3-32.15.C30mdk.i586.rpm corporate/3.0/i586/libxfree86-devel-4.3-32.15.C30mdk.i586.rpm corporate/3.0/i586/libxfree86-static-devel-4.3-32.15.C30mdk.i586.rpm corporate/3.0/SRPMS/XFree86-4.3-32.15.C30mdk.src.rpm X86_64 corporate/3.0/x86_64/X11R6-contrib-4.3-32.15.C30mdk.x86_64.rpm corporate/3.0/x86_64/XFree86-100dpi-fonts-4.3-32.15.C30mdk.x86_64.rpm corporate/3.0/x86_64/XFree86-4.3-32.15.C30mdk.x86_64.rpm corporate/3.0/x86_64/XFree86-75dpi-fonts-4.3-32.15.C30mdk.x86_64.rpm corporate/3.0/x86_64/XFree86-Xnest-4.3-32.15.C30mdk.x86_64.rpm corporate/3.0/x86_64/XFree86-Xvfb-4.3-32.15.C30mdk.x86_64.rpm corporate/3.0/x86_64/XFree86-cyrillic-fonts-4.3-32.15.C30mdk.x86_64.rpm corporate/3.0/x86_64/XFree86-doc-4.3-32.15.C30mdk.x86_64.rpm corporate/3.0/x86_64/XFree86-server-4.3-32.15.C30mdk.x86_64.rpm corporate/3.0/x86_64/XFree86-xfs-4.3-32.15.C30mdk.x86_64.rpm corporate/3.0/x86_64/lib64xfree86-4.3-32.15.C30mdk.x86_64.rpm corporate/3.0/x86_64/lib64xfree86-devel-4.3-32.15.C30mdk.x86_64.rpm corporate/3.0/x86_64/lib64xfree86-static-devel-4.3-32.15.C30mdk.x86_64.rpm corporate/3.0/SRPMS/XFree86-4.3-32.15.C30mdk.src.rpm Mandriva (MDVSA-2008:022) Corporate Server 4.0 corporate/4.0/i586/X11R6-contrib-6.9.0-5.17.20060mlcs4.i586.rpm corporate/4.0/i586/libxorg-x11-6.9.0-5.17.20060mlcs4.i586.rpm corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.17.20060mlcs4.i586.rpm corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.17.20060mlcs4.i586.rpm corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.17.20060mlcs4.i586.rpm corporate/4.0/i586/xorg-x11-6.9.0-5.17.20060mlcs4.i586.rpm corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.17.20060mlcs4.i586.rpm corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.17.20060mlcs4.i586.rpm corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.17.20060mlcs4.i586.rpm corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.17.20060mlcs4.i586.rpm corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.17.20060mlcs4.i586.rpm corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.17.20060mlcs4.i586.rpm corporate/4.0/i586/xorg-x11-doc-6.9.0-5.17.20060mlcs4.i586.rpm corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.17.20060mlcs4.i586.rpm corporate/4.0/i586/xorg-x11-server-6.9.0-5.17.20060mlcs4.i586.rpm corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.17.20060mlcs4.i586.rpm corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.17.20060mlcs4.i586.rpm corporate/4.0/SRPMS/xorg-x11-6.9.0-5.17.20060mlcs4.src.rpm X86_64 corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.17.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.17.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.17.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.17.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.17.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/xorg-x11-6.9.0-5.17.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.17.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.17.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.17.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.17.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.17.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.17.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.17.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.17.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.17.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.17.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.17.20060mlcs4.x86_64.rpm corporate/4.0/SRPMS/xorg-x11-6.9.0-5.17.20060mlcs4.src.rpm Mandriva (MDVSA-2008:024) Mandriva Linux 2007 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/libxfont1-1.1.0-4.3mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/libxfont1-devel-1.1.0-4.3mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/libxfont1-static-devel-1.1.0-4.3mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/SRPMS/main/updates/libxfont-1.1.0-4.3mdv2007.0.src.rpm X86_64 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/lib64xfont1-1.1.0-4.3mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/lib64xfont1-devel-1.1.0-4.3mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/lib64xfont1-static-devel-1.1.0-4.3mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/SRPMS/main/updates/libxfont-1.1.0-4.3mdv2007.0.src.rpm Mandriva Linux 2007.1 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/libxfont1-1.2.7-1.2mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/libxfont1-devel-1.2.7-1.2mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/libxfont1-static-devel-1.2.7-1.2mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/SRPMS/main/updates/libxfont-1.2.7-1.2mdv2007.1.src.rpm X86_64 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/lib64xfont1-1.2.7-1.2mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/lib64xfont1-devel-1.2.7-1.2mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/lib64xfont1-static-devel-1.2.7-1.2mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/SRPMS/main/updates/libxfont-1.2.7-1.2mdv2007.1.src.rpm Mandriva Linux 2008.0 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/i586/media/main/updates/libxfont1-1.3.0-3.1mdv2008.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/i586/media/main/updates/libxfont1-devel-1.3.0-3.1mdv2008.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/i586/media/main/updates/libxfont1-static-devel-1.3.0-3.1mdv2008.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/SRPMS/main/updates/libxfont-1.3.0-3.1mdv2008.0.src.rpm X86_64 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/x86_64/media/main/updates/lib64xfont1-1.3.0-3.1mdv2008.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/x86_64/media/main/updates/lib64xfont1-devel-1.3.0-3.1mdv2008.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/x86_64/media/main/updates/lib64xfont1-static-devel-1.3.0-3.1mdv2008.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/SRPMS/main/updates/libxfont-1.3.0-3.1mdv2008.0.src.rpm OpenBSD OpenBSD 4.2 ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/006_xorg.patch http://openbsd.org/faq/faq10.html#Patches IBM AIX 5.2.0 - APAR IZ13652 (Disponible el 05/07/08) http://www.ibm.com/support/docview.wss?uid=isg1IZ13652 AIX 5.3.0 - APAR IZ13653 (Disponible el 03/12/08) http://www.ibm.com/support/docview.wss?uid=isg1IZ13653 AIX 5.3.7 - APAR IZ13654 (Disponible el 03/12/08) http://www.ibm.com/support/docview.wss?uid=isg1IZ13654 AIX 6.1.0 - APAR IZ13655 (Disponible el 04/09/08) http://www.ibm.com/support/docview.wss?uid=isg1IZ13655 Hewlett-Packard (HPSBUX02381) HP-UX B.11.31 running Xserver / patch Install PHSS_38840 o posterior HP-UX B.11.23 running Xserver / patch Install PHSS_37972 o posterior HP-UX B.11.11 running Xserver / patch Install PHSS_34392 o posterior
Standar resources
Property	Value
CVE	CVE-2008-0006
BID	27352
Other resources
Red Hat Security Advisory (RHSA-2008:0064-5) https://rhn.redhat.com/errata/RHSA-2008-0064.html Red Hat Security Advisory (RHSA-2008:0030-7) https://rhn.redhat.com/errata/RHSA-2008-0030.html Red Hat Security Advisory (RHSA-2008:0029-9) https://rhn.redhat.com/errata/RHSA-2008-0029.html Sun Alert Notification (103192) http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1 Sun Alert Notification (201230) http://sunsolve.sun.com/search/document.do?assetkey=1-66-201230-1 SUSE Security Advisory (SUSE-SA:2008:003) http://www.novell.com/linux/security/advisories/xorg_sec_prob.html SUSE Security Advisory (SUSE-SR:2008:008) http://www.novell.com/linux/security/advisories/2008_8_sr.html Mandriva Security Advisory (MDVSA-2008:021) http://www.mandriva.com/security/advisories?name=MDVSA-2008:021 Mandriva Security Advisory (MDVSA-2008:022) http://www.mandriva.com/security/advisories?name=MDVSA-2008:022 Mandriva Security Advisory (MDVSA-2008:024) http://www.mandriva.com/security/advisories?name=MDVSA-2008:024 OpenBSD http://www.openbsd.org/errata42.html#006_xorg IBM Security Advisory http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539 HP SECURITY BULLETIN (HPSBUX02381) http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01543321-1

Version history
Version	Comments	Date
1.0	Aviso emitido	2008-01-24
1.1	Aviso emitido por Mandriva (MDVSA-2008:021), aviso emitido por Mandriva (MDVSA-2008:022), aviso emitido por Mandriva (MDVSA-2008:024)	2008-01-29
1.2	Aviso actualizado por Sun (201230)	2008-02-04
1.3	Aviso actualizado por Sun (201230)	2008-02-06
1.4	Aviso emitido por OpenBSD	2008-02-08
1.5	Aviso emitido por IBM	2008-02-29
1.6	Aviso emitido por Suse (SUSE-SR:2008:008)	2008-04-15
1.7	Aviso emitido por HP (HPSBUX02381)	2008-11-04

Vulnerability Bulletins

Desbordamiento de búfer en Xorg

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history