| Vulnerability Name: | CVE-2004-0084 (CCN-15200) | ||||||||||||||||||||||||||||
| Assigned: | 2004-02-12 | ||||||||||||||||||||||||||||
| Published: | 2004-02-12 | ||||||||||||||||||||||||||||
| Updated: | 2017-10-11 | ||||||||||||||||||||||||||||
| Summary: | Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106. | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||||||||||||||||||
| References: | Source: CCN Type: SCO Security Advisory SCOSA-2004.3 Xsco contains a buffer overflow that could be exploited to gain root privileges Source: CCN Type: SCO Security Advisory SCOSA-2004.2 Xsco contains a buffer overflow that could be exploited to gain root privileges Source: CCN Type: Sun Security Alert ID: 57768 Multiple Security Vulnerabilities in Xsun and Xprt Server Font Handling Source: MITRE Type: CNA CVE-2004-0084 Source: CONECTIVA Type: UNKNOWN CLA-2004:821 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2004:821 XFree86 Source: BUGTRAQ Type: UNKNOWN 20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II Source: FEDORA Type: UNKNOWN FLSA:2314 Source: CCN Type: RHSA-2004-059 Updated XFree86 packages fix privilege escalation vulnerability Source: CCN Type: RHSA-2004-060 XFree86 security update Source: CCN Type: RHSA-2004-061 XFree86 security update Source: SUNALERT Type: UNKNOWN 57768 Source: CCN Type: CIAC Information Bulletin O-081 Red Hat Updated XFree86 Packages Fix Privilege Escalation Vulnerability Source: DEBIAN Type: UNKNOWN DSA-443 Source: DEBIAN Type: DSA-443 xfree86 -- several vulnerabilities Source: MISC Type: UNKNOWN http://www.idefense.com/application/poi/display?id=73 Source: CCN Type: iDEFENSE Security Advisory 02.12.04: XFree86 Font Information File Buffer Overflow II Source: CCN Type: US-CERT VU#667502 XFree86 vulnerable to buffer overflow via error in `ReadFontAlias()` function Source: CERT-VN Type: US Government Resource VU#667502 Source: CCN Type: Immunix Secured OS Security Advisory IMNX-2004-73-002-01 XFree86 Source: MANDRAKE Type: UNKNOWN MDKSA-2004:012 Source: SUSE Type: UNKNOWN SuSE-SA:2004:006 Source: REDHAT Type: UNKNOWN RHSA-2004:059 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2004:060 Source: REDHAT Type: Patch, Vendor Advisory RHSA-2004:061 Source: BID Type: Exploit, Patch, Vendor Advisory 9652 Source: CCN Type: BID-9652 XFree86 CopyISOLatin1Lowered Font_Name Buffer Overflow Vulnerability Source: SLACKWARE Type: UNKNOWN SSA:2004-043 Source: CCN Type: slackware-security Mailing List, Thu, 12 Feb 2004 12:19:25 -0800 (PST) XFree86 security update (SSA:2004-043-02) Source: CCN Type: TLSA-2004-5 Font file buffer overlows Source: XF Type: UNKNOWN xfree86-copyisolatin1lLowered-bo(15200) Source: XF Type: UNKNOWN xfree86-copyisolatin1lLowered-bo(15200) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10405 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:807 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:831 Source: SUSE Type: SUSE-SA:2004:006 xf86/XFree86: local privilege escalation | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration RedHat 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||