漏洞信息详情
XFree86 CopyISOLatin1Lowered Font_Name本地缓冲区溢出漏洞
- CNNVD编号:CNNVD-200403-016
- 危害等级: 超危
![图片[1]-XFree86 CopyISOLatin1Lowered Font_Name本地缓冲区溢出漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-17/c4e67a37c54aee8c0e1983d8333a9158.png)
- CVE编号:
CVE-2004-0084
- 漏洞类型:
边界条件错误
- 发布时间:
2004-02-12
- 威胁类型:
远程
- 更新时间:
2005-10-28
- 厂 商:
openbsd - 漏洞来源:
Greg MacManus -
漏洞简介
XFree86是一款流行的X服务器。
XFree86 X Windows系统当处理\’\’font.alias\’\’文件时缺少正确的边界检查,本地攻击者可以利用这个漏洞进行缓冲区溢出攻击,可提升权限。
问题存在于CopyISOLatin1Lowered()函数处理\’\’font_name\’\’缓冲区时。当解析\’\’font.alias\’\’文件时,ReadFontAlias()函数使用输入字符串长度作为拷贝的限制长度来代替存储缓冲区的大小,恶意用户可以构建畸形\’\’font.alias\’\’文件,诱使用户解析,以root用户权限执行任意指令。
漏洞公告
厂商补丁:
Conectiva
———
Conectiva已经为此发布了一个安全公告(CLA-2004:821)以及相应补丁:
CLA-2004:821:XFree86
链接:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000821” target=”_blank”>
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000821
补丁下载:
Conectiva Upgrade XFree86-100dpi-fonts-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-100dpi-fonts-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-75dpi-fonts-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-75dpi-fonts-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-GL-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-GL-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-GL-devel-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-GL-devel-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-Server-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-Server-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-Server-common-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-Server-common-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-Speedo-fonts-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-Speedo-fonts-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-Type1-fonts-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-Type1-fonts-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-Xnest-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-Xnest-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-Xprt-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-Xprt-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-Xvfb-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-Xvfb-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-apm-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-apm-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-ark-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-ark-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-ati-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-ati-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-ati-dri-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-ati-dri-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-bench-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-bench-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-chips-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-chips-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-cid-fonts-support-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-cid-fonts-support-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-cirrus-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-cirrus-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-common-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-common-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-config-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-config-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-cyrillic-fonts-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-cyrillic-fonts-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-cyrix-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-cyrix-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-devel-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-devel-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-devel-static-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-devel-static-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-doc-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-doc-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-doc-html-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-doc-html-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-dps-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-dps-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-fbdev-4.2.0-21U80_6cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-fbdev-4.2.0-21U80_6cl.i386.rpm
Conectiva Upgrade XFree86-glide-4.2.0-21U80_6cl.i386.rpm
来源:US-CERT Vulnerability Note: VU#667502
名称: VU#667502
链接:http://www.kb.cert.org/vuls/id/667502
来源: BID
名称: 9652
链接:http://www.securityfocus.com/bid/9652
来源: REDHAT
名称: RHSA-2004:061
链接:http://www.redhat.com/support/errata/RHSA-2004-061.html
来源: REDHAT
名称: RHSA-2004:060
链接:http://www.redhat.com/support/errata/RHSA-2004-060.html
来源: XF
名称: xfree86-copyisolatin1lLowered-bo(15200)
链接:http://xforce.iss.net/xforce/xfdb/15200
来源: SLACKWARE
名称: SSA:2004-043
链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
来源: REDHAT
名称: RHSA-2004:059
链接:http://www.redhat.com/support/errata/RHSA-2004-059.html
来源: SUSE
名称: SuSE-SA:2004:006
链接:http://www.novell.com/linux/security/advisories/2004_06_xf86.html
来源: www.idefense.com
链接:http://www.idefense.com/application/poi/display?id=73
来源: DEBIAN
名称: DSA-443
链接:http://www.debian.org/security/2004/dsa-443
来源: OVAL
名称: oval:org.mitre.oval:def:10405
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10405
来源: FEDORA
名称: FLSA:2314
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110979666528890&w=2
来源: CONECTIVA
名称: CLA-2004:821
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
来源: MANDRAKE
名称: MDKSA-2004:012
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
来源: SUNALERT
名称: 57768
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
来源: BUGTRAQ
名称: 20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=107662833512775&w=2
来源: US Government Resource: oval:org.mitre.oval:def:831
名称: oval:org.mitre.oval:def:831
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:831
来源: US Government Resource: oval:org.mitre.oval:def:807
名称: oval:org.mitre.oval:def:807
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:807
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
