XFree86字体信息文件缓冲区溢出漏洞-一一网

漏洞信息详情

XFree86字体信息文件缓冲区溢出漏洞

CNNVD编号：CNNVD-200403-013

危害等级：超危
CVE编号：
CVE-2004-0083
漏洞类型：

缓冲区溢出
发布时间：

2004-03-03
威胁类型：

远程
更新时间：

2005-10-28
厂商：

xfree86_project
漏洞来源：
Discovery is credi…

漏洞简介

XFree86 4.1.0到4.3.0版本中dirfile.c的ReadFontAlias存在缓冲区溢出漏洞。本地用户和远程攻击者可以借助一个带有超长标记的字体别名文件(font.alias)执行任意代码，该漏洞与CVE-2004-0084和CVE-2004-0106不同。

漏洞公告

The XFree86 Project has released a patch dealing with this issue.
SCO has released advisory SCOSA-2004.2 and updates to address this issue. Please see the referenced advisory for further details regarding obtaining and applying appropriate updates.
IBM have released an updated advisory (2004-06-08 – A buffer overflow exists in the X server.) and APAR fixes to address this issue. Affected users are advised to apply the appropriate APARs as soon as possible. Further information regarding obtaining and applying these APARs can be found in the referenced advisory.
SGI has released an advisory 20040203-01-U to address this and other issues in SGI ProPack 2.4 and ProPack 2.3. Please see the referenced advisory for more information. Fixes are available below.
Turbolinux have released an advisory (TLSA-2004-5) and fixes to address this issue. Affected users are advised to apply the appropriate updates as soon as possible. Further information regarding obtaining and applying these updates can be found in the referenced advisory.
OpenBSD Project has released fixes to address this issue. Fixes are linked below.
Red Hat has released an advisory (RHSA-2004:060-16) and fixes to address this issue in enterprise products. Customers who are subscribed to the Red Hat Network may run “up2date” to obtain fixes. Further details pertaining to obtaining and applying appropriate fixes can be found in the referenced advisory.
Red Hat has released a Fedora advisory (FEDORA-2004-069) and fixes to address this issue. Users who are running Fedora may run “up2date” to obtain fixes. Further details pertaining to obtaining and applying appropriate fixes can be found in the referenced advisory.
Mandrake has released an advisory (MDKSA-2004:012) and fixes to address this issue. Further details pertaining to obtaining and applying appropriate fixes can be found in the referenced advisory.
Immunix have released an advisory (IMNX-2004-73-002-01) and fixes to address this issue. Customers who are running Immunix 7.3 may run “up2date -u”, to obtain fixes. Further details pertaining to obtaining and applying appropriate fixes can be found in the referenced advisory.
Slackware have released an advisory (SSA:2004-043-02) and fixes to address this issue. Please see referenced advisory for further details regarding the application of relevant fixes.
Gentoo has released advisory GLSA 200402-02 dealing with this issue. See the advisory for details on upgrading.
RedHat has released an advisory (RHSA-2004:059-01) to address this issue. See the referenced advisory for links to fixed packages.
Debian has released an advisory (DSA 443-1) and fixes to address this issue. See the referenced advisory for fix information.
Conectiva advisory CLA-2004:821 has bee released dealing with this issue. Please see the reference section for more information.
SuSE has released advisory SuSE-SA:2004:006 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.
HP has released an advisory (HPSBUX01018) with fixes to address this issue. The advisory can be obtained from the following location, however, IT resource center authentication credentials are required:
http://your.hp.com/m/S.asp?HB13370677735X3451007X362981
The XFree86 Project has released version 4.3.0.2 to address this issue. This version is available from CVS, or via patches from version 4.3.0 to 4.3.0.1, and then from 4.3.0.1 to 4.3.0.2.
Fedora Legacy has released advisory FLSA-2005:2314 dealing with this and other issues for the Fedora Core 1 and RedHat Linux packages. Please see the referenced advisory for more information.
Sun has released Sun Alert ID: 57768 dealing with this and other issues. Please see the referenced advisory for more details. Please note that the Solaris 8 patch is not yet available.
Avaya has released advisory ASA-2005-113 and fixes for this issue. Please see the referenced advisory for additional details.
OpenBSD OpenBSD 3.4

OpenBSD 012_font.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/012_font.patch

IBM AIX 5.1

IBM libfont_efix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/libfont_efix.tar.Z
IBM IY53673
https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?m
ode=8&ID=99

Sun Solaris 9

Sun 112785-34

http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=112785&rev=34

IBM AIX 5.2

IBM libfont_efix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/libfont_efix.tar.Z
IBM IY53519
https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?m
ode=8&ID=99

OpenBSD OpenBSD 3.3

OpenBSD 017_font.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/017_font.patch

Sun Solaris 9_x86

Sun 112786-36

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21
-112786-36-1

HP HP-UX 11.0 4

HP PHSS_30586Patch is available from: HP-UX Security Patch Matrix
HP PHSS_30706Patch is available from: HP-UX Security Patch Matrix

HP HP-UX 11.0

HP PHSS_30181Patch is available from: HP-UX Security Patch Matrix
HP PHSS_30477Patch is available from: HP-UX Security Patch Matrix

HP HP-UX 11.11

HP PHSS_30173 Patch is available from: HP-UX Security Patch Matrix
HP PHSS_30478Patch is available from: HP-UX Security Patch Matrix

HP HP-UX 11.22

HP PHSS_30172Patch is available from: HP-UX Security Patch Matrix
HP PHSS_30479Patch is available from: HP-UX Security Patch Matrix

HP HP-UX 11.23

HP PHSS_30171Patch is available from: HP-UX Security Patch Matrix
HP PHSS_30480Patch is available from: HP-UX Security Patch Matrix

SGI ProPack 2.3

SGI patch10051.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/patch1
0051.tar.gz

SGI ProPack 2.4

SGI patch10051.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1
0051.tar.gz

XFree86 X11R6 4.1 .0

Debian lbxproxy_4.1.0-16woody2_mips.debDebian GNU/Linux 3.0 (woody)

http://security.debian.

参考网址

来源:US-CERT Vulnerability Note: VU#820006
名称: VU#820006
链接:http://www.kb.cert.org/vuls/id/820006

来源: BID
名称: 9636
链接:http://www.securityfocus.com/bid/9636

来源: BUGTRAQ
名称: 20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=107644835523678&w=2

来源: XF
名称: xfree86-fontalias-bo(15130)
链接:http://xforce.iss.net/xforce/xfdb/15130

来源: www.xfree86.org
链接:http://www.xfree86.org/cvs/changes

来源: REDHAT
名称: RHSA-2004:061
链接:http://www.redhat.com/support/errata/RHSA-2004-061.html

来源: REDHAT
名称: RHSA-2004:060
链接:http://www.redhat.com/support/errata/RHSA-2004-060.html

来源: REDHAT
名称: RHSA-2004:059
链接:http://www.redhat.com/support/errata/RHSA-2004-059.html

来源: SUSE
名称: SuSE-SA:2004:006
链接:http://www.novell.com/linux/security/advisories/2004_06_xf86.html

来源: www.idefense.com
链接:http://www.idefense.com/application/poi/display?id=72

来源: DEBIAN
名称: DSA-443
链接:http://www.debian.org/security/2004/dsa-443

来源: GENTOO
名称: GLSA-200402-02
链接:http://security.gentoo.org/glsa/glsa-200402-02.xml

来源: OVAL
名称: oval:org.mitre.oval:def:9612
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9612

来源: SLACKWARE
名称: SSA:2004-043
链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053

来源: MANDRAKE
名称: MDKSA-2004:012
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:012

来源: SUNALERT
名称: 57768
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1

来源: FEDORA
名称: FLSA:2314
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110979666528890&w=2

来源: BUGTRAQ
名称: 20040211 XFree86 vulnerability exploit
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=107653324115914&w=2

来源: CONECTIVA
名称: CLA-2004:821
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821

来源: US Government Resource: oval:org.mitre.oval:def:830
名称: oval:org.mitre.oval:def:830
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:830

来源: US Government Resource: oval:org.mitre.oval:def:806
名称: oval:org.mitre.oval:def:806
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:806