Vulnerability Name:

CVE-2002-1277 (CCN-10560)

Assigned:2002-11-07
Published:2002-11-07
Updated:2008-09-05
Summary:Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: SGI Security Advisory 20031002-01-U
SGI Advanced Linux Environment security update #3

Source: MITRE
Type: CNA
CVE-2002-1277

Source: CONECTIVA
Type: UNKNOWN
CLA-2002:548

Source: CCN
Type: Conectiva Linux Announcement CLSA-2002:548
Integer buffer overflow vulnerability

Source: CCN
Type: RHSA-2003-009
WindowMaker security update

Source: CCN
Type: RHSA-2003-043
Updated WindowMaker packages fix vulnerability in theme-loading

Source: CCN
Type: Sun Alert ID: 55881
Sun Linux 5.0 Buffer Overflow in Window Maker 0.80.0 and Earlier

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-190

Source: DEBIAN
Type: DSA-190
wmaker -- buffer overflow

Source: XF
Type: Vendor Advisory
window-maker-image-bo(10560)

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2002:085

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2003:009

Source: REDHAT
Type: UNKNOWN
RHSA-2003:043

Source: BID
Type: Patch, Vendor Advisory
6119

Source: CCN
Type: BID-6119
WindowMaker Image Handling Buffer Overflow Vulnerability

Source: CCN
Type: Window Maker Web site
Window Maker - Your Next Window Manager

Source: XF
Type: UNKNOWN
window-maker-image-bo(10560)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:windowmaker:windowmaker:0.20.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:windowmaker:windowmaker:0.52.2:*:*:*:*:*:*:*
  • OR cpe:/a:windowmaker:windowmaker:0.53:*:*:*:*:*:*:*
  • OR cpe:/a:windowmaker:windowmaker:0.61:*:*:*:*:*:*:*
  • OR cpe:/a:windowmaker:windowmaker:0.61.1:*:*:*:*:*:*:*
  • OR cpe:/a:windowmaker:windowmaker:0.62:*:*:*:*:*:*:*
  • OR cpe:/a:windowmaker:windowmaker:0.62.1:*:*:*:*:*:*:*
  • OR cpe:/a:windowmaker:windowmaker:0.63:*:*:*:*:*:*:*
  • OR cpe:/a:windowmaker:windowmaker:0.63.1:*:*:*:*:*:*:*
  • OR cpe:/a:windowmaker:windowmaker:0.64:*:*:*:*:*:*:*
  • OR cpe:/a:windowmaker:windowmaker:0.65:*:*:*:*:*:*:*
  • OR cpe:/a:windowmaker:windowmaker:0.80:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:linux:5.0.7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:sgi:irix:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:190
    V
    		buffer overflow
    2002-11-07
    BACK
    windowmaker windowmaker 0.20.1.3
    windowmaker windowmaker 0.52.2
    windowmaker windowmaker 0.53
    windowmaker windowmaker 0.61
    windowmaker windowmaker 0.61.1
    windowmaker windowmaker 0.62
    windowmaker windowmaker 0.62.1
    windowmaker windowmaker 0.63
    windowmaker windowmaker 0.63.1
    windowmaker windowmaker 0.64
    windowmaker windowmaker 0.65
    windowmaker windowmaker 0.80
    redhat linux 6.2
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    conectiva linux 6.0
    redhat linux 7.1
    mandrakesoft mandrake linux 8.0
    conectiva linux 7.0
    mandrakesoft mandrake linux 8.1
    redhat linux 7.2
    mandrakesoft mandrake linux 8.2
    conectiva linux 8.0
    redhat linux 7.3
    debian debian linux 3.0
    redhat linux 8.0
    mandrakesoft mandrake linux 9.0
    sun linux 5.0.7
    redhat enterprise linux 2.1
    sgi irix 2.3.1
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake linux 8.1
    mandrakesoft mandrake linux 8.2