CVE-2006-3739

HIGH

Description

Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.

References

http://secunia.com/advisories/21864

http://secunia.com/advisories/21889

http://secunia.com/advisories/21890

http://secunia.com/advisories/21894

http://secunia.com/advisories/21900

http://secunia.com/advisories/21904

http://secunia.com/advisories/21908

http://secunia.com/advisories/21924

http://secunia.com/advisories/22080

http://secunia.com/advisories/22141

http://secunia.com/advisories/22332

http://secunia.com/advisories/22560

http://secunia.com/advisories/23033

http://secunia.com/advisories/23899

http://secunia.com/advisories/24636

http://security.gentoo.org/glsa/glsa-200609-07.xml

http://securitytracker.com/id?1016828

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102714-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1

http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm

http://www.debian.org/security/2006/dsa-1193

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=412

http://www.mandriva.com/security/advisories?name=MDKSA-2006:164

http://www.novell.com/linux/security/advisories/2006_23_sr.html

http://www.redhat.com/support/errata/RHSA-2006-0665.html

http://www.redhat.com/support/errata/RHSA-2006-0666.html

http://www.securityfocus.com/archive/1/445812/100/0/threaded

http://www.securityfocus.com/archive/1/464268/100/0/threaded

http://www.securityfocus.com/bid/19974

http://www.ubuntu.com/usn/usn-344-1

http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html

http://www.vupen.com/english/advisories/2006/3581

http://www.vupen.com/english/advisories/2006/3582

http://www.vupen.com/english/advisories/2007/0322

http://www.vupen.com/english/advisories/2007/1171

https://exchange.xforce.ibmcloud.com/vulnerabilities/28899

https://issues.rpath.com/browse/RPL-614

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10305

Details

Source: MITRE

Published: 2006-09-13

Updated: 2018-10-17

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (31 total)

IDNameProductFamilySeverity
130510Solaris 10 (x86) : 119060-73NessusSolaris Local Security Checks
high
130508Solaris 10 (sparc) : 119059-74NessusSolaris Local Security Checks
high
107806Solaris 10 (x86) : 119060-71NessusSolaris Local Security Checks
high
107805Solaris 10 (x86) : 119060-70NessusSolaris Local Security Checks
high
107804Solaris 10 (x86) : 119060-69NessusSolaris Local Security Checks
high
107803Solaris 10 (x86) : 119060-68NessusSolaris Local Security Checks
high
107802Solaris 10 (x86) : 119060-65NessusSolaris Local Security Checks
high
107801Solaris 10 (x86) : 119060-64NessusSolaris Local Security Checks
high
107304Solaris 10 (sparc) : 119059-72NessusSolaris Local Security Checks
high
107303Solaris 10 (sparc) : 119059-71NessusSolaris Local Security Checks
high
107302Solaris 10 (sparc) : 119059-70NessusSolaris Local Security Checks
high
107301Solaris 10 (sparc) : 119059-69NessusSolaris Local Security Checks
high
107300Solaris 10 (sparc) : 119059-66NessusSolaris Local Security Checks
high
107299Solaris 10 (sparc) : 119059-65NessusSolaris Local Security Checks
high
82537Solaris 10 (x86) : 119060-45NessusSolaris Local Security Checks
high
82536Solaris 10 (sparc) : 119059-46NessusSolaris Local Security Checks
high
67407Oracle Linux 4 : xorg-x11 (ELSA-2006-0665)NessusOracle Linux Local Security Checks
high
29605SuSE 10 Security Update : xorg-x11-server (ZYPP Patch Number 2062)NessusSuSE Local Security Checks
high
27923Ubuntu 5.04 / 5.10 / 6.06 LTS : libxfont, xorg vulnerabilities (USN-344-1)NessusUbuntu Local Security Checks
high
27494openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-2056)NessusSuSE Local Security Checks
high
24862Solaris 9 (x86) : 124833-02NessusSolaris Local Security Checks
high
23908Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:164-1)NessusMandriva Local Security Checks
high
22985Solaris 10 (x86) : 119060-72 (deprecated)NessusSolaris Local Security Checks
high
22952Solaris 10 (sparc) : 119059-73 (deprecated)NessusSolaris Local Security Checks
high
22734Debian DSA-1193-1 : xfree86 - several vulnerabilitiesNessusDebian Local Security Checks
high
22420Slackware 10.2 / current : x11 (SSA:2006-259-01)NessusSlackware Local Security Checks
high
22352GLSA-200609-07 : LibXfont, monolithic X.org: Multiple integer overflowsNessusGentoo Local Security Checks
high
22347RHEL 2.1 / 3 : XFree86 (RHSA-2006:0666)NessusRed Hat Local Security Checks
high
22346RHEL 4 : xorg-x11 (RHSA-2006:0665)NessusRed Hat Local Security Checks
high
22340CentOS 3 : XFree86 (CESA-2006:0666)NessusCentOS Local Security Checks
high
22339CentOS 4 : xorg-x11 (CESA-2006:0665)NessusCentOS Local Security Checks
high