CVE-2007-1352

{"id": "CVE-2007-1352", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-04-06T01:19:00.000", "references": [{"url": "http://issues.foresightlinux.org/browse/FL-223", "source": "secalert@redhat.com"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=502", "source": "secalert@redhat.com"}, {"url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html", "source": "secalert@redhat.com"}, {"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html", "source": "secalert@redhat.com"}, {"url": "http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2007-0125.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24741", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24745", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24756", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24758", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24765", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24770", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24771", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24772", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24791", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/25004", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/25006", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/25195", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/25216", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/25305", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/33937", "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-200705-10.xml", "source": "secalert@redhat.com"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1", "source": "secalert@redhat.com"}, {"url": "http://support.apple.com/kb/HT3438", "source": "secalert@redhat.com"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm", "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2007/dsa-1294", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:079", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:080", "source": "secalert@redhat.com"}, {"url": "http://www.novell.com/linux/security/advisories/2007_27_x.html", "source": "secalert@redhat.com"}, {"url": "http://www.openbsd.org/errata39.html#021_xorg", "source": "secalert@redhat.com"}, {"url": "http://www.openbsd.org/errata40.html#011_xorg", "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0126.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0132.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/464686/100/0/threaded", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/464816/100/0/threaded", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/23283", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/23300", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1017857", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/usn-448-1", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2007/1217", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2007/1548", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33419", "source": "secalert@redhat.com"}, {"url": "https://issues.rpath.com/browse/RPL-1213", "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10523", "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13243", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow."}, {"lang": "es", "value": "Desbordamiento de entero en la funci\u00f3n FontFileInitTable en X.Org libXfont versiones anteriores a 20070403 permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n mediante una primera l\u00ednea larga en el fichero fonts.dir, lo cual resulta en un desbordamiento de mont\u00f3n."}], "lastModified": "2018-10-16T16:38:09.313", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C4AD30B9-8FBA-48B3-B2B2-014C950B9BAA"}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "279317B9-AF2F-43E9-BEE5-518FC6D23A87"}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4177C378-7729-46AB-B49B-C6DAED3200E7"}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2164D10D-D1A4-418A-A9C8-CA8FAB1E90A7"}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C"}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53"}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "02362C25-B373-4FB1-AF4A-2AFC7F7D4387"}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19AD5F8D-6EB9-4E4B-9E82-FFBAB68797E9"}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2BB0B27C-04EA-426F-9016-7406BACD91DF"}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC"}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "94F65351-C2DA-41C0-A3F9-1AE951E4386E"}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1B795F9F-AFB3-4A2A-ABC6-9246906800DE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77FF1412-A7DA-4669-8AE1-5A529AB387FB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:x.org:libxfont:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFADBA5A-8168-40B8-B5CA-0F1F7F9193D2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:advanced_server:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9440B25-D206-4914-9557-B5F030890DEC"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:enterprise_server:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9933557-3BCA-4D92-AD4F-27758A0D3347"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:workstation:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10A60552-15A5-4E95-B3CE-99A4B26260C1"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D74A418-50F0-42C0-ABBC-BBBE718FF025"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:client:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13B6DE5F-3143-4C63-8D8D-4679CF0F9DC8"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:client_workstation:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50988CF6-07E5-44BA-81C2-C33DD8E7151B"}, {"criteria": "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C84296C-2C8A-4DCD-9751-52951F8BEA9F"}, {"criteria": "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1"}, {"criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84A50ED3-FD0D-4038-B3E7-CC65D166C968"}, {"criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DBD9D3C-40AB-449D-A9A8-A09DF2DEDB96"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "300A6A65-05FD-401C-80F6-B5F5B1F056E0"}, {"criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C"}, {"criteria": "cpe:2.3:o:slackware:slackware_linux:current:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1CB2DD9-E77F-46EE-A145-F87AD10EA8E4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:turbolinux:turbolinux_desktop:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31C3FFDD-03BF-4FD4-B7A7-B62AFD5DBA19"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia32:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49F400D5-4CA7-4F7D-818B-DEBF58DEB113"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86FD134D-A5C5-4B08-962D-70CF07C74923"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA84692E-F99D-4207-B4F2-799A6ADB88AD"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B0F1091-4B76-44F5-B896-6D37E2F909A2"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:sparc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF15862D-6108-4791-8817-622123C8D10C"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:amd64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1672825-AB87-4402-A628-B33AE5B7D4C8"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:i386:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "939216D8-9E6C-419E-BC0A-EC7F0F29CE95"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:powerpc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E520564E-964D-4758-945B-5EF0C35E605C"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:sparc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2294D5A7-7B36-497A-B0F1-514BC49E1423"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:amd64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB80939E-8B58-48B6-AFB7-9CF518C0EE1F"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:i386:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80FF1759-5F86-4046-ABA3-EB7B0038F656"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:powerpc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF578B64-57E2-4FCD-A6E1-F8F3317FDB88"}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:sparc:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61B11116-FA94-4989-89A1-C7B551D5195A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rpath:linux:1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2B66383-4124-4579-BC8E-36DBE7ABB543"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:openbsd:openbsd:3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5BB6C5D-4C43-4BB8-B1CE-A70BBE650CA1"}, {"criteria": "cpe:2.3:o:openbsd:openbsd:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC77812C-D84E-493E-9D21-1BA6C2129E70"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com", "evaluatorSolution": "The vendor has addressed this vulnerability in the following product update: http://xorg.freedesktop.org/archive/X11R7.2/patches/"}