CVE-2007-4990

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

References

http://bugs.freedesktop.org/show_bug.cgi?id=12299

http://bugs.gentoo.org/show_bug.cgi?id=194606

http://docs.info.apple.com/article.html?artnum=307562

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01323725

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html

http://secunia.com/advisories/27040

http://secunia.com/advisories/27052

http://secunia.com/advisories/27060

http://secunia.com/advisories/27176

http://secunia.com/advisories/27228

http://secunia.com/advisories/27240

http://secunia.com/advisories/27560

http://secunia.com/advisories/28004

http://secunia.com/advisories/28514

http://secunia.com/advisories/28536

http://secunia.com/advisories/28542

http://secunia.com/advisories/29420

http://security.gentoo.org/glsa/glsa-200710-11.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103114-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200642-1

http://www.mandriva.com/security/advisories?name=MDKSA-2007:210

http://www.novell.com/linux/security/advisories/2007_54_xorg.html

http://www.redhat.com/support/errata/RHSA-2008-0029.html

http://www.redhat.com/support/errata/RHSA-2008-0030.html

http://www.securityfocus.com/archive/1/481432/100/0/threaded

http://www.securityfocus.com/bid/25898

http://www.securitytracker.com/id?1018763

http://www.vupen.com/english/advisories/2007/3337

http://www.vupen.com/english/advisories/2007/3338

http://www.vupen.com/english/advisories/2007/3467

http://www.vupen.com/english/advisories/2008/0149

http://www.vupen.com/english/advisories/2008/0924/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/36920

https://issues.rpath.com/browse/RPL-1756

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11599

https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html

Details

Source: MITRE

Published: 2007-10-05

Updated: 2018-10-15

Type: CWE-189

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:x.org:x_font_server:*:*:*:*:*:*:*:* versions up to 1.0.4 (inclusive)

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
67635Oracle Linux 4 : xorg-x11 (ELSA-2008-0030)NessusOracle Linux Local Security Checks
high
67634Oracle Linux 3 : XFree86 (ELSA-2008-0029)NessusOracle Linux Local Security Checks
high
60349Scientific Linux Security Update : XFree86 on SL3.x i386/x86_64NessusScientific Linux Local Security Checks
high
60347Scientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
43667CentOS 4 : xorg-x11 (CESA-2008:0030)NessusCentOS Local Security Checks
high
31605Mac OS X Multiple Vulnerabilities (Security Update 2008-002)NessusMacOS X Local Security Checks
critical
4373Mac OS X < 10.5.2 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
30047HP-UX PHSS_37226 : HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code (HPSBUX02303 SSRT071468 rev.1)NessusHP-UX Local Security Checks
high
30046HP-UX PHSS_37225 : HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code (HPSBUX02303 SSRT071468 rev.1)NessusHP-UX Local Security Checks
high
30045HP-UX PHSS_37224 : HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code (HPSBUX02303 SSRT071468 rev.1)NessusHP-UX Local Security Checks
high
30022CentOS 3 : XFree86 (CESA-2008:0029)NessusCentOS Local Security Checks
high
30002RHEL 4 : xorg-x11 (RHSA-2008:0030)NessusRed Hat Local Security Checks
high
30001RHEL 2.1 / 3 : XFree86 (RHSA-2008:0029)NessusRed Hat Local Security Checks
high
29603SuSE 10 Security Update : X.org X11 (ZYPP Patch Number 4485)NessusSuSE Local Security Checks
high
29278Fedora 7 : xorg-x11-xfs-1.0.5-1.fc7 (2007-4263)NessusFedora Local Security Checks
high
27817Mandrake Linux Security Advisory : xfs (MDKSA-2007:210)NessusMandriva Local Security Checks
high
27046GLSA-200710-11 : X Font Server: Multiple VulnerabilitiesNessusGentoo Local Security Checks
high