Vulnerabilità: CVE-2007-4568

Integer overflow nella funzione build_range in X.Org X Font Server (xfs) prima 1.0.5 permette attaccanti dipendenti dal contesto di eseguire codice arbitrario con (1) e (2 QueryXBitmaps) QueryXExtents richieste di protocollo con valori di dimensioni artigianali, che innesca un mucchio -Based overflow del buffer.


http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://www.securityfocus.com/bid/25898
http://www.securityfocus.com/archive/1/481432/100/0/threaded
http://www.us-cert.gov/cas/techalerts/TA08-043B.html
http://bugs.freedesktop.org/show_bug.cgi?id=12298
http://bugs.gentoo.org/show_bug.cgi?id=194606
http://docs.info.apple.com/article.html?artnum=307430
http://docs.info.apple.com/article.html?artnum=307562
https://issues.rpath.com/browse/RPL-1756
http://www.debian.org/security/2007/dsa-1385
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html
http://security.gentoo.org/glsa/glsa-200710-11.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602
http://www.mandriva.com/security/advisories?name=MDKSA-2007:210
http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10882
http://www.redhat.com/support/errata/RHSA-2008-0029.html
http://www.redhat.com/support/errata/RHSA-2008-0030.html
http://www.securitytracker.com/id?1018763
http://secunia.com/advisories/27040
http://secunia.com/advisories/27052
http://secunia.com/advisories/27060
http://secunia.com/advisories/27168
http://secunia.com/advisories/27176
http://secunia.com/advisories/27228
http://secunia.com/advisories/27240
http://secunia.com/advisories/27560
http://secunia.com/advisories/28004
http://secunia.com/advisories/28536
http://secunia.com/advisories/28542
http://secunia.com/advisories/28891
http://secunia.com/advisories/29420
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103114-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200642-1
http://www.novell.com/linux/security/advisories/2007_54_xorg.html
http://www.vupen.com/english/advisories/2007/3337
http://www.vupen.com/english/advisories/2007/3338
http://www.vupen.com/english/advisories/2007/3467
http://www.vupen.com/english/advisories/2008/0495/references
http://www.vupen.com/english/advisories/2008/0924/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/36919
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4568


E' possibile lasciare un commento come utenti registrati al sito, accedendo tramite social, account wordpress oppure come utenti anonimi. Nel caso in cui si desideri lasciare un commento come utenti anonimi si verrà avvisati via email di un'eventuale risposta solo se si inserisce l'indirizzo email (facoltativo). L'inserimento di qualsiasi dato nei campi dei commenti è totalmente facoltativo. Chiunque decida di inserire un qualsiasi dato accetta il trattamento di questi ultimi per i fini inerenti al servizio ovvero la risposta al commento e le comunicazioni strettamente necessarie.


Rispondi