CVE-2008-0006

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-0006
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://bugs.gentoo.org/show_bug.cgi?id=204362
http://docs.info.apple.com/article.html?artnum=307562
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
http://jvn.jp/en/jp/JVN88935101/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html Patch
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
http://secunia.com/advisories/28273 Vendor Advisory
http://secunia.com/advisories/28500 Vendor Advisory
http://secunia.com/advisories/28532 Vendor Advisory
http://secunia.com/advisories/28535 Vendor Advisory
http://secunia.com/advisories/28536 Vendor Advisory
http://secunia.com/advisories/28540 Vendor Advisory
http://secunia.com/advisories/28542 Vendor Advisory
http://secunia.com/advisories/28544 Vendor Advisory
http://secunia.com/advisories/28550 Vendor Advisory
http://secunia.com/advisories/28571 Vendor Advisory
http://secunia.com/advisories/28592 Vendor Advisory
http://secunia.com/advisories/28621 Vendor Advisory
http://secunia.com/advisories/28718
http://secunia.com/advisories/28843
http://secunia.com/advisories/28885
http://secunia.com/advisories/28941
http://secunia.com/advisories/29139
http://secunia.com/advisories/29420
http://secunia.com/advisories/29622
http://secunia.com/advisories/29707
http://secunia.com/advisories/30161
http://secunia.com/advisories/32545
http://security.gentoo.org/glsa/glsa-200801-09.xml
http://security.gentoo.org/glsa/glsa-200804-05.xml
http://securitytracker.com/id?1019232
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1 Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1
http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm
http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.kb.cert.org/vuls/id/203220 US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2008:021
http://www.mandriva.com/security/advisories?name=MDVSA-2008:022
http://www.mandriva.com/security/advisories?name=MDVSA-2008:024
http://www.openbsd.org/errata41.html#012_xorg
http://www.openbsd.org/errata42.html#006_xorg
http://www.redhat.com/support/errata/RHSA-2008-0029.html
http://www.redhat.com/support/errata/RHSA-2008-0030.html
http://www.redhat.com/support/errata/RHSA-2008-0064.html
http://www.securityfocus.com/archive/1/487335/100/0/threaded
http://www.securityfocus.com/bid/27336 Patch
http://www.securityfocus.com/bid/27352
http://www.vupen.com/english/advisories/2008/0179
http://www.vupen.com/english/advisories/2008/0184
http://www.vupen.com/english/advisories/2008/0497/references
http://www.vupen.com/english/advisories/2008/0703
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/3000
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=428044
https://exchange.xforce.ibmcloud.com/vulnerabilities/39767
https://issues.rpath.com/browse/RPL-2010
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10021
https://usn.ubuntu.com/571-1/
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html
http://bugs.gentoo.org/show_bug.cgi?id=204362
http://docs.info.apple.com/article.html?artnum=307562
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
http://jvn.jp/en/jp/JVN88935101/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html Patch
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
http://secunia.com/advisories/28273 Vendor Advisory
http://secunia.com/advisories/28500 Vendor Advisory
http://secunia.com/advisories/28532 Vendor Advisory
http://secunia.com/advisories/28535 Vendor Advisory
http://secunia.com/advisories/28536 Vendor Advisory
http://secunia.com/advisories/28540 Vendor Advisory
http://secunia.com/advisories/28542 Vendor Advisory
http://secunia.com/advisories/28544 Vendor Advisory
http://secunia.com/advisories/28550 Vendor Advisory
http://secunia.com/advisories/28571 Vendor Advisory
http://secunia.com/advisories/28592 Vendor Advisory
http://secunia.com/advisories/28621 Vendor Advisory
http://secunia.com/advisories/28718
http://secunia.com/advisories/28843
http://secunia.com/advisories/28885
http://secunia.com/advisories/28941
http://secunia.com/advisories/29139
http://secunia.com/advisories/29420
http://secunia.com/advisories/29622
http://secunia.com/advisories/29707
http://secunia.com/advisories/30161
http://secunia.com/advisories/32545
http://security.gentoo.org/glsa/glsa-200801-09.xml
http://security.gentoo.org/glsa/glsa-200804-05.xml
http://securitytracker.com/id?1019232
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1 Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1
http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm
http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.kb.cert.org/vuls/id/203220 US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2008:021
http://www.mandriva.com/security/advisories?name=MDVSA-2008:022
http://www.mandriva.com/security/advisories?name=MDVSA-2008:024
http://www.openbsd.org/errata41.html#012_xorg
http://www.openbsd.org/errata42.html#006_xorg
http://www.redhat.com/support/errata/RHSA-2008-0029.html
http://www.redhat.com/support/errata/RHSA-2008-0030.html
http://www.redhat.com/support/errata/RHSA-2008-0064.html
http://www.securityfocus.com/archive/1/487335/100/0/threaded
http://www.securityfocus.com/bid/27336 Patch
http://www.securityfocus.com/bid/27352
http://www.vupen.com/english/advisories/2008/0179
http://www.vupen.com/english/advisories/2008/0184
http://www.vupen.com/english/advisories/2008/0497/references
http://www.vupen.com/english/advisories/2008/0703
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/3000
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=428044
https://exchange.xforce.ibmcloud.com/vulnerabilities/39767
https://issues.rpath.com/browse/RPL-2010
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10021
https://usn.ubuntu.com/571-1/
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sun:solaris_libfont:*:*:*:*:*:*:*:*
cpe:2.3:a:sun:solaris_libxfont:*:*:*:*:*:*:*:*
cpe:2.3:a:x.org:xserver:*:*:*:*:*:*:*:*
History

21 Nov 2024, 00:40

Type Values Removed Values Added
References () http://bugs.gentoo.org/show_bug.cgi?id=204362 - () http://bugs.gentoo.org/show_bug.cgi?id=204362 -
References () http://docs.info.apple.com/article.html?artnum=307562 - () http://docs.info.apple.com/article.html?artnum=307562 -
References () http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 - () http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 -
References () http://jvn.jp/en/jp/JVN88935101/index.html - () http://jvn.jp/en/jp/JVN88935101/index.html -
References () http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html - () http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html -
References () http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html - () http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html -
References () http://lists.freedesktop.org/archives/xorg/2008-January/031918.html - Patch () http://lists.freedesktop.org/archives/xorg/2008-January/031918.html - Patch
References () http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html - () http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html -
References () http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html - () http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html -
References () http://secunia.com/advisories/28273 - Vendor Advisory () http://secunia.com/advisories/28273 - Vendor Advisory
References () http://secunia.com/advisories/28500 - Vendor Advisory () http://secunia.com/advisories/28500 - Vendor Advisory
References () http://secunia.com/advisories/28532 - Vendor Advisory () http://secunia.com/advisories/28532 - Vendor Advisory
References () http://secunia.com/advisories/28535 - Vendor Advisory () http://secunia.com/advisories/28535 - Vendor Advisory
References () http://secunia.com/advisories/28536 - Vendor Advisory () http://secunia.com/advisories/28536 - Vendor Advisory
References () http://secunia.com/advisories/28540 - Vendor Advisory () http://secunia.com/advisories/28540 - Vendor Advisory
References () http://secunia.com/advisories/28542 - Vendor Advisory () http://secunia.com/advisories/28542 - Vendor Advisory
References () http://secunia.com/advisories/28544 - Vendor Advisory () http://secunia.com/advisories/28544 - Vendor Advisory
References () http://secunia.com/advisories/28550 - Vendor Advisory () http://secunia.com/advisories/28550 - Vendor Advisory
References () http://secunia.com/advisories/28571 - Vendor Advisory () http://secunia.com/advisories/28571 - Vendor Advisory
References () http://secunia.com/advisories/28592 - Vendor Advisory () http://secunia.com/advisories/28592 - Vendor Advisory
References () http://secunia.com/advisories/28621 - Vendor Advisory () http://secunia.com/advisories/28621 - Vendor Advisory
References () http://secunia.com/advisories/28718 - () http://secunia.com/advisories/28718 -
References () http://secunia.com/advisories/28843 - () http://secunia.com/advisories/28843 -
References () http://secunia.com/advisories/28885 - () http://secunia.com/advisories/28885 -
References () http://secunia.com/advisories/28941 - () http://secunia.com/advisories/28941 -
References () http://secunia.com/advisories/29139 - () http://secunia.com/advisories/29139 -
References () http://secunia.com/advisories/29420 - () http://secunia.com/advisories/29420 -
References () http://secunia.com/advisories/29622 - () http://secunia.com/advisories/29622 -
References () http://secunia.com/advisories/29707 - () http://secunia.com/advisories/29707 -
References () http://secunia.com/advisories/30161 - () http://secunia.com/advisories/30161 -
References () http://secunia.com/advisories/32545 - () http://secunia.com/advisories/32545 -
References () http://security.gentoo.org/glsa/glsa-200801-09.xml - () http://security.gentoo.org/glsa/glsa-200801-09.xml -
References () http://security.gentoo.org/glsa/glsa-200804-05.xml - () http://security.gentoo.org/glsa/glsa-200804-05.xml -
References () http://securitytracker.com/id?1019232 - () http://securitytracker.com/id?1019232 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1 - Patch () http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1 - Patch
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1 -
References () http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm - () http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm -
References () http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm - () http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm -
References () http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml - () http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml -
References () http://www.kb.cert.org/vuls/id/203220 - US Government Resource () http://www.kb.cert.org/vuls/id/203220 - US Government Resource
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:021 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:021 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:022 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:022 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:024 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:024 -
References () http://www.openbsd.org/errata41.html#012_xorg - () http://www.openbsd.org/errata41.html#012_xorg -
References () http://www.openbsd.org/errata42.html#006_xorg - () http://www.openbsd.org/errata42.html#006_xorg -
References () http://www.redhat.com/support/errata/RHSA-2008-0029.html - () http://www.redhat.com/support/errata/RHSA-2008-0029.html -
References () http://www.redhat.com/support/errata/RHSA-2008-0030.html - () http://www.redhat.com/support/errata/RHSA-2008-0030.html -
References () http://www.redhat.com/support/errata/RHSA-2008-0064.html - () http://www.redhat.com/support/errata/RHSA-2008-0064.html -
References () http://www.securityfocus.com/archive/1/487335/100/0/threaded - () http://www.securityfocus.com/archive/1/487335/100/0/threaded -
References () http://www.securityfocus.com/bid/27336 - Patch () http://www.securityfocus.com/bid/27336 - Patch
References () http://www.securityfocus.com/bid/27352 - () http://www.securityfocus.com/bid/27352 -
References () http://www.vupen.com/english/advisories/2008/0179 - () http://www.vupen.com/english/advisories/2008/0179 -
References () http://www.vupen.com/english/advisories/2008/0184 - () http://www.vupen.com/english/advisories/2008/0184 -
References () http://www.vupen.com/english/advisories/2008/0497/references - () http://www.vupen.com/english/advisories/2008/0497/references -
References () http://www.vupen.com/english/advisories/2008/0703 - () http://www.vupen.com/english/advisories/2008/0703 -
References () http://www.vupen.com/english/advisories/2008/0924/references - () http://www.vupen.com/english/advisories/2008/0924/references -
References () http://www.vupen.com/english/advisories/2008/3000 - () http://www.vupen.com/english/advisories/2008/3000 -
References () http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities - () http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities -
References () https://bugzilla.redhat.com/show_bug.cgi?id=428044 - () https://bugzilla.redhat.com/show_bug.cgi?id=428044 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/39767 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/39767 -
References () https://issues.rpath.com/browse/RPL-2010 - () https://issues.rpath.com/browse/RPL-2010 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10021 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10021 -
References () https://usn.ubuntu.com/571-1/ - () https://usn.ubuntu.com/571-1/ -
References () https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html - () https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html -
References () https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html - () https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html -
References () https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html - () https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html -
References () https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html - () https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html -
Information

Published : 2008-01-18 23:00

Updated : 2024-11-21 00:40

NVD link : CVE-2008-0006

Mitre link : CVE-2008-0006

CVE.ORG link : CVE-2008-0006

JSON object : View

Products Affected

sun

  • solaris_libfont
  • solaris_libxfont

x.org

  • xserver
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024