Vulnerability CVE-2013-1996

Vulnerability Name:

CVE-2013-1996 (CCN-84518)

Assigned:

2013-05-23

Published:

2013-05-23

Updated:

2015-10-16

Summary:

X.org libFS 1.0.4 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the FSOpenServer function.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2013-1996

Source: CCN
Type: SA53576
X.Org libFS "FSOpenServer()" Sign-Extension Vulnerability

Source: DEBIAN
Type: UNKNOWN
DSA-2687

Source: DEBIAN
Type: DSA-2687
libfs -- several vulnerabilities

Source: CCN
Type: oss-sec mailing list, Thu, 23 May 2013 08:10:56 -0700
Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries

Source: MLIST
Type: UNKNOWN
[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries

Source: BID
Type: UNKNOWN
60130

Source: CCN
Type: BID-60130
X.Org libFS 'FSOpenServer()' Memory Corruption Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-1853-1

Source: CCN
Type: X.Org Foundation Web site
X.Org Wiki - Home

Source: CONFIRM
Type: Vendor Advisory
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23

Source: XF
Type: UNKNOWN
libfs-cve20131996-bo(84518)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-1996

Vulnerable Configuration:

Configuration 1:

cpe:/a:x:libfs:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:x:libfs:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:x:libfs:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:x:libfs:*:*:*:*:*:*:*:* (Version <= 1.0.4)

Configuration CCN 1:

cpe:/a:x:libfs:1.0.4:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20131996	V	CVE-2013-1996	2023-06-22
oval:org.opensuse.security:def:7548	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:693	P	Security update for ceph (Important)	2022-08-16
oval:org.opensuse.security:def:94598	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2968	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:109	P	libXinerama-devel-1.1.3-1.22 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:96	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:392	P	xscreensaver-6.03-150400.1.6 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:112549	P	libFS-devel-1.0.7-1.8 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:26172	P	Security update for webkit2gtk3 (Important)	2021-11-23
oval:org.opensuse.security:def:33736	P	Security update for qemu (Important)	2021-11-09
oval:org.opensuse.security:def:33035	P	Security update for transfig (Important)	2021-10-29
oval:org.opensuse.security:def:106038	P	Security update for apache2 (Important)	2021-10-12
oval:org.opensuse.security:def:26144	P	Security update for libqt5-qtsvg (Moderate)	2021-10-11
oval:org.opensuse.security:def:26132	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:89636	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103291	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61481	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96601	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71222	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:32171	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:1025	P	Security update for fetchmail (Moderate)	2021-08-20
oval:org.opensuse.security:def:47691	P	libapr-util1-1.5.3-2.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47629	P	gpgme-1.5.1-1.11 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47545	P	SuSEfirewall2-3.6.312.333-3.13.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47331	P	libarchive13-3.1.2-25.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47183	P	xfsprogs-4.3.0-8.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47091	P	libvdpau1-1.1.1-6.73 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46959	P	groff-1.22.2-5.287 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48141	P	libldap-2_4-2-2.4.41-18.63.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48070	P	libSoundTouch0-1.7.1-5.11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48039	P	gvim-7.4.326-17.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47974	P	coolkey-1.1.0-148.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47912	P	update-alternatives-1.18.4-14.216 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47828	P	minicom-2.7-3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47614	P	gd-2.1.0-24.9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47466	P	perl-HTML-Parser-3.71-1.145 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47374	P	libmicrohttpd10-0.9.30-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47242	P	dosfstools-3.0.26-6.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47049	P	libmpfr4-3.1.2-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46928	P	dovecot22-2.2.13-2.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46914	P	ctags-5.8-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46913	P	cron-4.2-58.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47858	P	powerpc-utils-1.3.5-3.8 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47787	P	libspice-server1-0.12.8-6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47756	P	libopenvswitch-2_8-0-2.8.4-3.36 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:100872	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71855	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62114	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:67539	P	Security update for the Linux Kernel (Important)	2021-07-14
oval:org.opensuse.security:def:32956	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:69680	P	Security update for cryptctl (Important)	2021-06-23
oval:org.opensuse.security:def:49080	P	Security update for Salt (Important)	2021-06-21
oval:org.opensuse.security:def:93749	P	(Important)	2021-06-18
oval:org.opensuse.security:def:32944	P	Security update for libjpeg-turbo (Moderate)	2021-06-11
oval:org.opensuse.security:def:48779	P	imobiledevice-tools-1.2.0-7.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61198	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36583	P	xorg-x11-devel-32bit-7.4-8.26.44.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46766	P	libraptor2-0-2.0.10-3.67 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46645	P	dnsmasq-2.71-8.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46631	P	coreutils-8.22-9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46630	P	coolkey-1.1.0-147.71 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:34458	P	Security update for apache2-mod_auth_openidc (Important)	2021-06-08
oval:org.opensuse.security:def:70879	P	clamav-0.100.0-1.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70939	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48550	P	libsoup-2_4-1-2.54.1-4.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70992	P	libminizip1-1.2.11-1.422 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48496	P	libgnomesu-2.0.0-353.6.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42745	P	xorg-x11-libs-32bit-7.4-8.26.44.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36338	P	xorg-x11-libs-32bit-7.4-8.26.44.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48833	P	gcc48-gij-32bit-4.8.5-30.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:29374	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:34418	P	Security update for curl (Moderate)	2021-04-28
oval:org.opensuse.security:def:26208	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:33780	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:28946	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:69785	P	Security update for webkit2gtk3 (Important)	2021-02-24
oval:org.opensuse.security:def:32258	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:28935	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:28934	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:33712	P	Security update for openvswitch (Important)	2021-02-03
oval:org.opensuse.security:def:26091	P	Security update for MozillaFirefox (Important)	2021-01-29
oval:org.opensuse.security:def:32945	P	Security update for mutt (Moderate)	2021-01-22
oval:org.opensuse.security:def:33673	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:26133	P	Security update for java-1_8_0-ibm (Moderate)	2021-01-05
oval:org.opensuse.security:def:32114	P	Security update for java-1_7_1-ibm (Moderate)	2021-01-04
oval:org.opensuse.security:def:32022	P	Security update for xen (Moderate)	2020-12-29
oval:org.opensuse.security:def:66429	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:33624	P	Security update for openssh (Moderate)	2020-12-16
oval:org.opensuse.security:def:71523	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116686	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107128	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61782	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:100462	P	libFS-devel-1.0.7-1.22 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:26474	P	Security update for znc (Moderate)	2020-12-01
oval:org.opensuse.security:def:26417	P	Security update for Mozilla Thunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:27301	P	sysstat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26336	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:29731	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:67639	P	libFS-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29687	P	Security update for evince	2020-12-01
oval:org.opensuse.security:def:33301	P	xorg-x11-libs-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29669	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:29630	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:33262	P	stunnel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29581	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:29527	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:49134	P	libFS-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27336	P	xorg-x11-libs-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29289	P	Security update for Real Time Linux Kernel	2020-12-01
oval:org.opensuse.security:def:29232	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:27546	P	python-logilab-common on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25887	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:29146	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:32624	P	NetworkManager on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29015	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32580	P	mozilla-xulrunner191 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32558	P	libnetpbm10 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32519	P	ghostscript-fonts-other on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32470	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:32414	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:26663	P	PolicyKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64292	P	libFS-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26619	P	ntp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27581	P	xorg-x11-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26605	P	libtiff3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64205	P	aaa_base on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26566	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30369	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:26517	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31890	P	Security update for exempi (Moderate)	2020-12-01
oval:org.opensuse.security:def:26464	P	Security update for enigmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:31816	P	Security update for apport (Moderate)	2020-12-01
oval:org.opensuse.security:def:26313	P	Security update for python-requests (Moderate)	2020-12-01
oval:org.opensuse.security:def:31805	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26229	P	Security update for xawtv (Moderate)	2020-12-01
oval:org.opensuse.security:def:31804	P	Security update for ant (Moderate)	2020-12-01
oval:org.opensuse.security:def:73002	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:33567	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26908	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25963	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:33410	P	Security update for python-pycrypto (Important)	2020-12-01
oval:org.opensuse.security:def:26864	P	apache2-mod_perl on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30406	P	Security update for xorg-x11-libs	2020-12-01
oval:org.opensuse.security:def:25899	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:33322	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:26850	P	LibVNCServer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66337	P	Mesa on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25888	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:33265	P	syslog-ng on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26811	P	python on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33170	P	libotr2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26762	P	libpython2_6-1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26709	P	gmime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26558	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73120	P	libFS-devel on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:25916	P	SUSE-SU-2013:1183-1 -- Security update for xorg-x11	2015-03-16
oval:org.mitre.oval:def:25958	P	SUSE-SU-2014:0881-1 -- Security update for xorg-x11-libs	2014-09-15
oval:org.mitre.oval:def:25969	P	SUSE-SU-2013:1103-1 -- Security update for xorg-x11-libs	2014-09-08
oval:org.mitre.oval:def:25829	P	SUSE-SU-2013:1103-2 -- Security update for xorg-x11-libs	2014-09-08
oval:org.mitre.oval:def:16878	P	USN-1853-1 -- libfs vulnerability	2014-07-14
oval:org.mitre.oval:def:18576	P	DSA-2687-1 libfs - several	2014-06-23
oval:com.ubuntu.precise:def:20131996000	V	CVE-2013-1996 on Ubuntu 12.04 LTS (precise) - medium.	2013-06-15

BACK