Detections
Analytics

FreeBSD : libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont (28c575fa-784e-11e3-8249-001cc0380077)

high Nessus Plugin ID 71874

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

freedesktop.org reports :

A BDF font file containing a longer than expected string can cause a buffer overflow on the stack. Testing in X servers built with Stack Protector restulted in an immediate crash when reading a user-proveded specially crafted font.

As libXfont is used to read user-specified font files in all X servers distributed by X.Org, including the Xorg server which is often run with root privileges or as setuid-root in order to access hardware, this bug may lead to an unprivileged user acquiring root privileges in some systems.

Solution

Update the affected package.

See Also

https://lists.x.org/archives/xorg-announce/2014-January/002389.html

http://www.nessus.org/u?dc04901a

Plugin Details

Severity: High

ID: 71874

File Name: freebsd_pkg_28c575fa784e11e38249001cc0380077.nasl

Version: 1.8

Type: local

Published: 1/9/2014

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:libxfont, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/8/2014

Vulnerability Publication Date: 12/24/2013

Exploitable With

Core Impact

Reference Information

CVE: CVE-2013-6462