| Vulnerability Name: | CVE-2001-0955 (CCN-7673) | ||||||||
| Assigned: | 2001-09-22 | ||||||||
| Published: | 2001-09-22 | ||||||||
| Updated: | 2017-12-19 | ||||||||
| Summary: | Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Fri Dec 07 2001 - 15:26:53 CST Crashing X Source: CCN Type: BugTraq Mailing List, Sat Dec 08 2001 - 14:13:20 CST Re: Crashing X Source: MITRE Type: CNA CVE-2001-0955 Source: MISC Type: UNKNOWN http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c Source: BUGTRAQ Type: UNKNOWN 20011207 Crashing X Source: BUGTRAQ Type: UNKNOWN 20011208 Re: Crashing X Source: VULN-DEV Type: UNKNOWN 20010922 XFree86 DOS / Buffer overflow local and remote. Source: CCN Type: Konqueror Web site Konqueror Source: BID Type: Patch, Vendor Advisory 3657 Source: CCN Type: BID-3657 XFree86 fbglyph Denial of Service Vulnerability Source: BID Type: Vendor Advisory 3663 Source: CCN Type: BID-3663 XTerm Title Bar Buffer Overflow Vulnerability Source: CCN Type: XFree86 Web site The XFree86 Project,Inc. Source: CONFIRM Type: UNKNOWN http://www.xfree86.org/4.2.0/RELNOTES2.html#2 Source: CONFIRM Type: UNKNOWN http://www.xfree86.org/security/ Source: XF Type: UNKNOWN xfree86-konqueror-bo(7673) Source: XF Type: UNKNOWN xfree86-konqueror-bo(7673) Source: XF Type: UNKNOWN xfree86-xterm-title-bo(7683) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2001-0955 (CCN-7683) | ||||||||
| Assigned: | 2001-12-08 | ||||||||
| Published: | 2001-12-08 | ||||||||
| Updated: | 2001-12-08 | ||||||||
| Summary: | XFree86 is vulnerable to a denial of service attack, caused by a buffer overflow in xterm. By sending a string containing 9000 characters or more to xterm using the -title command line option, a local attacker could overflow a buffer to cause the X Server to crash or execute arbitrary commands on the system with root privileges. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Fri Dec 07 2001 - 17:49:30 CST Re: Crashing X Source: CCN Type: BugTraq Mailing List, Thu Dec 31 1903 - 18:17:23 CST Re: Crashing X Source: MITRE Type: CNA CVE-2001-0955 Source: CCN Type: BID-3657 XFree86 fbglyph Denial of Service Vulnerability Source: CCN Type: BID-3663 XTerm Title Bar Buffer Overflow Vulnerability Source: XF Type: UNKNOWN xfree86-xterm-title-bo(7683) | ||||||||
| BACK | |||||||||