Vulnerability CVE-2007-4568

Vulnerability Name:

CVE-2007-4568 (CCN-36919)

Assigned:

2007-10-02

Published:

2007-10-02

Updated:

2023-02-13

Summary:

Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-190

Vulnerability Consequences:

Gain Access

References:

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: MITRE
Type: CNA
CVE-2007-4568

Source: CCN
Type: Apple Web site
About the security content of Mac OS X 10.5.2 and Security Update 2008-001

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: CCN
Type: RHSA-2008-0029
Important: XFree86 security update

Source: CCN
Type: RHSA-2008-0030
Important: xorg-x11 security update

Source: CCN
Type: SA27040
X.Org X11 X Font Server Multiple Vulnerabilities

Source: CCN
Type: SA27060
XFree86 X Font Server Multiple Vulnerabilities

Source: CCN
Type: SA27176
Sun Solaris X Font Server Multiple Vulnerabilities

Source: CCN
Type: SA28891
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: CCN
Type: SA29420
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: SECTRACK ID: 1018763
X Font Server Overflows in QueryXBitmaps and QueryXExtents Requests Let Remote Users Execute Arbitrary Code

Source: CCN
Type: Sun Alert ID: 103114
Multiple Security Issues Within The X Font Server (xfs(1)) QueryXBitmaps and QueryXExtents Protocol Handlers

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: ASA-2007-444
Multiple Security Issues Within The X Font Server (xfs(1)) QueryXBitmaps and QueryXExtents Protocol Handlers (Sun 103114)

Source: CCN
Type: ASA-2008-035
XFree86 security update (RHSA-2008-0029)

Source: CCN
Type: ASA-2008-036
xorg-x11 security update (RHSA-2008-0030)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: DEBIAN
Type: DSA-1385
xfs -- several vulnerabilities

Source: CCN
Type: GLSA-200710-11
X Font Server: Multiple Vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-25898
X.Org X Font Server Multiple Memory Corruption Vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: US Government Resource
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: X.Org Foundation Web site
X.Org Wiki - Home

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
xfs-protocol-requests-bo(36919)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: iDefense PUBLIC ADVISORY: 10.02.07
Multiple Vendor X Font Server Multiple Vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20074568	V	CVE-2007-4568	2022-06-30
oval:org.opensuse.security:def:113600	P	xorg-x11-7.6_1-16.13 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:26220	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:26186	P	Security update for libqt4 (Important)	2021-12-22
oval:org.opensuse.security:def:42251	P	Security update for p11-kit (Important)	2021-12-22
oval:org.opensuse.security:def:32241	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:31312	P	Security update for java-1_7_0-openjdk (Important)	2021-11-24
oval:org.opensuse.security:def:31311	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:26170	P	Security update for postgresql12 (Important)	2021-11-22
oval:org.opensuse.security:def:26163	P	Security update for bind (Important)	2021-11-11
oval:org.opensuse.security:def:33023	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:106984	P	xorg-x11-7.6_1-16.13 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:26126	P	Security update for Mesa (Moderate)	2021-09-16
oval:org.opensuse.security:def:31678	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:26112	P	Security update for sssd (Important)	2021-08-30
oval:org.opensuse.security:def:32984	P	Security update for python-PyYAML (Important)	2021-08-24
oval:org.opensuse.security:def:32162	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:32136	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:26082	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:32131	P	Security update for ovmf (Important)	2021-06-22
oval:org.opensuse.security:def:31206	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:26073	P	Security update for libjpeg-turbo (Moderate)	2021-06-11
oval:org.opensuse.security:def:36329	P	xorg-x11-7.4-9.65.46 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42736	P	xorg-x11-7.4-9.65.46 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32105	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:31621	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:32087	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:31612	P	Security update for gdm (Important)	2021-04-28
oval:org.opensuse.security:def:26035	P	Security update for apache-commons-io (Moderate)	2021-04-26
oval:org.opensuse.security:def:42059	P	Security update for wpa_supplicant (Moderate)	2021-04-13
oval:org.opensuse.security:def:32065	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:26024	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:32280	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:31730	P	Security update for bind (Important)	2021-02-18
oval:org.opensuse.security:def:31338	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:32249	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:31323	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:31744	P	Security update for MozillaFirefox (Important)	2021-01-12
oval:org.opensuse.security:def:32192	P	Security update for java-1_8_0-ibm (Moderate)	2021-01-05
oval:org.opensuse.security:def:25979	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:32013	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:25971	P	Security update for fontforge (Moderate)	2020-12-04
oval:org.opensuse.security:def:42467	P	xorg-x11-7.4-9.62.46 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35652	P	xorg-x11-7.4-9.24.15 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35844	P	xorg-x11-7.4-9.47.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36060	P	xorg-x11-7.4-9.62.46 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31796	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:32461	P	Security update for xorg-x11-libXdmcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:32615	P	xdg-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25204	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:25488	P	Security update for file-roller (Low)	2020-12-01
oval:org.opensuse.security:def:25833	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25394	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25598	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:25685	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:26327	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27058	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25890	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26557	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27292	P	squid on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31121	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31430	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31786	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31940	P	Recommended update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:31529	P	Security update for rzsz (Moderate)	2020-12-01
oval:org.opensuse.security:def:31921	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:31980	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31807	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32510	P	file-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33253	P	sblim-sfcb on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25215	P	Security update for systemd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25545	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25882	P	Security update for python-tornado (Moderate)	2020-12-01
oval:org.opensuse.security:def:26617	P	nagios on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25395	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25679	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:25609	P	Security update for sysstat (Moderate)	2020-12-01
oval:org.opensuse.security:def:25813	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:26341	P	Security update for fmpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:25954	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:26304	P	Security update for python-keystoneclient (Moderate)	2020-12-01
oval:org.opensuse.security:def:26596	P	libpng12-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27327	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31132	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:31487	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:31835	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:32578	P	mono-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31977	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31526	P	Security update for rsyslog (Moderate)	2020-12-01
oval:org.opensuse.security:def:32302	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:31881	P	Security update for dnsmasq (Important)	2020-12-01
oval:org.opensuse.security:def:32549	P	libdrm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33292	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25279	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25629	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25921	P	Recommended update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26652	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25406	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25736	P	Security update for mozilla-nspr, mozilla-nss (Moderate)	2020-12-01
oval:org.opensuse.security:def:26808	P	postgresql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25610	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25894	P	Security update for gstreamer-0_10-plugins-bad (Moderate)	2020-12-01
oval:org.opensuse.security:def:26239	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:26385	P	Security update for go (Moderate)	2020-12-01
oval:org.opensuse.security:def:25878	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26455	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26610	P	log4net on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31574	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:31874	P	Security update for cyrus-imapd (Important)	2020-12-01
oval:org.opensuse.security:def:32617	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32026	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32769	P	perl-HTML-Parser on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31527	P	Security update for Ruby	2020-12-01
oval:org.opensuse.security:def:31836	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:32346	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31795	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:32405	P	Security update for wavpack (Moderate)	2020-12-01
oval:org.opensuse.security:def:32571	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25203	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25407	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:25780	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25935	P	Security update for libcares2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25470	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:25820	P	Security update for xerces-c (Moderate)	2020-12-01
oval:org.opensuse.security:def:26843	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25621	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:25951	P	Security update for pcsc-lite (Moderate)	2020-12-01
oval:org.opensuse.security:def:26288	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:27023	P	quagga on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25879	P	Security update for pidgin-otr (Important)	2020-12-01
oval:org.opensuse.security:def:26508	P	Security update for phpMyAdmin (Important)	2020-12-01
oval:org.opensuse.security:def:26654	P	xpdf-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31120	P	Security update for krb5	2020-12-01
oval:org.opensuse.security:def:31896	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31397	P	Security update for perl (Low)	2020-12-01
oval:org.opensuse.security:def:31765	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32808	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31538	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:31893	P	Security update for expat (Moderate)	2020-12-01
oval:org.mitre.oval:def:18113	P	DSA-1385-1 xfs	2014-06-23
oval:org.mitre.oval:def:10882	V	Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow.	2013-04-29
oval:com.redhat.rhsa:def:20080029	P	RHSA-2008:0029: XFree86 security update (Important)	2008-03-20
oval:com.redhat.rhsa:def:20080030	P	RHSA-2008:0030: xorg-x11 security update (Important)	2008-03-20
oval:org.debian:def:1385	V	several vulnerabilities	2007-10-09

BACK