CVE-2006-3739

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.

References

http://secunia.com/advisories/21864

http://secunia.com/advisories/21889

http://secunia.com/advisories/21890

http://secunia.com/advisories/21894

http://secunia.com/advisories/21900

http://secunia.com/advisories/21904

http://secunia.com/advisories/21908

http://secunia.com/advisories/21924

http://secunia.com/advisories/22080

http://secunia.com/advisories/22141

http://secunia.com/advisories/22332

http://secunia.com/advisories/22560

http://secunia.com/advisories/23033

http://secunia.com/advisories/23899

http://secunia.com/advisories/24636

http://security.gentoo.org/glsa/glsa-200609-07.xml

http://securitytracker.com/id?1016828

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102714-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1

http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm

http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm

http://www.debian.org/security/2006/dsa-1193

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=412

http://www.mandriva.com/security/advisories?name=MDKSA-2006:164

http://www.novell.com/linux/security/advisories/2006_23_sr.html

http://www.redhat.com/support/errata/RHSA-2006-0665.html

http://www.redhat.com/support/errata/RHSA-2006-0666.html

http://www.securityfocus.com/archive/1/445812/100/0/threaded

http://www.securityfocus.com/archive/1/464268/100/0/threaded

http://www.securityfocus.com/bid/19974

http://www.ubuntu.com/usn/usn-344-1

http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html

http://www.vupen.com/english/advisories/2006/3581

http://www.vupen.com/english/advisories/2006/3582

http://www.vupen.com/english/advisories/2007/0322

http://www.vupen.com/english/advisories/2007/1171

https://exchange.xforce.ibmcloud.com/vulnerabilities/28899

https://issues.rpath.com/browse/RPL-614

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10305

Details

Source: MITRE

Published: 2006-09-13

Updated: 2018-10-17

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (31 total)

IDNameProductFamilySeverity
130510Solaris 10 (x86) : 119060-73NessusSolaris Local Security Checks
high
130508Solaris 10 (sparc) : 119059-74NessusSolaris Local Security Checks
high
107806Solaris 10 (x86) : 119060-71NessusSolaris Local Security Checks
high
107805Solaris 10 (x86) : 119060-70NessusSolaris Local Security Checks
high
107804Solaris 10 (x86) : 119060-69NessusSolaris Local Security Checks
high
107803Solaris 10 (x86) : 119060-68NessusSolaris Local Security Checks
high
107802Solaris 10 (x86) : 119060-65NessusSolaris Local Security Checks
high
107801Solaris 10 (x86) : 119060-64NessusSolaris Local Security Checks
high
107304Solaris 10 (sparc) : 119059-72NessusSolaris Local Security Checks
high
107303Solaris 10 (sparc) : 119059-71NessusSolaris Local Security Checks
high
107302Solaris 10 (sparc) : 119059-70NessusSolaris Local Security Checks
high
107301Solaris 10 (sparc) : 119059-69NessusSolaris Local Security Checks
high
107300Solaris 10 (sparc) : 119059-66NessusSolaris Local Security Checks
high
107299Solaris 10 (sparc) : 119059-65NessusSolaris Local Security Checks
high
82537Solaris 10 (x86) : 119060-45NessusSolaris Local Security Checks
high
82536Solaris 10 (sparc) : 119059-46NessusSolaris Local Security Checks
high
67407Oracle Linux 4 : xorg-x11 (ELSA-2006-0665)NessusOracle Linux Local Security Checks
high
29605SuSE 10 Security Update : xorg-x11-server (ZYPP Patch Number 2062)NessusSuSE Local Security Checks
high
27923Ubuntu 5.04 / 5.10 / 6.06 LTS : libxfont, xorg vulnerabilities (USN-344-1)NessusUbuntu Local Security Checks
high
27494openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-2056)NessusSuSE Local Security Checks
high
24862Solaris 9 (x86) : 124833-02NessusSolaris Local Security Checks
high
23908Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:164-1)NessusMandriva Local Security Checks
high
22985Solaris 10 (x86) : 119060-72 (deprecated)NessusSolaris Local Security Checks
high
22952Solaris 10 (sparc) : 119059-73 (deprecated)NessusSolaris Local Security Checks
high
22734Debian DSA-1193-1 : xfree86 - several vulnerabilitiesNessusDebian Local Security Checks
high
22420Slackware 10.2 / current : x11 (SSA:2006-259-01)NessusSlackware Local Security Checks
high
22352GLSA-200609-07 : LibXfont, monolithic X.org: Multiple integer overflowsNessusGentoo Local Security Checks
high
22347RHEL 2.1 / 3 : XFree86 (RHSA-2006:0666)NessusRed Hat Local Security Checks
high
22346RHEL 4 : xorg-x11 (RHSA-2006:0665)NessusRed Hat Local Security Checks
high
22340CentOS 3 : XFree86 (CESA-2006:0666)NessusCentOS Local Security Checks
high
22339CentOS 4 : xorg-x11 (CESA-2006:0665)NessusCentOS Local Security Checks
high