CVE-2008-0006

CVSS V2 High 7.5 CVSS V3 None
Description
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.
Overview
  • CVE ID
  • CVE-2008-0006
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2008-01-18T23:00:00
  • Last Modified Date
  • 2018-10-15T21:56:41
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:sun:solaris_libfont:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:sun:solaris_libxfont:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:x.org:xserver:*:*:*:*:*:*:*:* 1 OR 1.4
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 7.5
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1 Patch
http://www.kb.cert.org/vuls/id/203220 US Government Resource
http://www.securityfocus.com/bid/27336 Patch
http://www.redhat.com/support/errata/RHSA-2008-0029.html
http://www.redhat.com/support/errata/RHSA-2008-0030.html
http://www.redhat.com/support/errata/RHSA-2008-0064.html
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html
http://www.securityfocus.com/bid/27352
http://securitytracker.com/id?1019232
http://secunia.com/advisories/28532 Vendor Advisory
http://secunia.com/advisories/28535 Vendor Advisory
http://secunia.com/advisories/28536 Vendor Advisory
http://secunia.com/advisories/28540 Vendor Advisory
http://secunia.com/advisories/28542 Vendor Advisory
http://secunia.com/advisories/28544 Vendor Advisory
http://secunia.com/advisories/28550 Vendor Advisory
http://bugs.gentoo.org/show_bug.cgi?id=204362
https://bugzilla.redhat.com/show_bug.cgi?id=428044
http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html
http://security.gentoo.org/glsa/glsa-200801-09.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:021
http://www.mandriva.com/security/advisories?name=MDVSA-2008:022
http://www.mandriva.com/security/advisories?name=MDVSA-2008:024
http://secunia.com/advisories/28273 Vendor Advisory
http://secunia.com/advisories/28500 Vendor Advisory
http://secunia.com/advisories/28592 Vendor Advisory
http://secunia.com/advisories/28571 Vendor Advisory
http://secunia.com/advisories/28621 Vendor Advisory
https://issues.rpath.com/browse/RPL-2010
http://secunia.com/advisories/28718
http://www.openbsd.org/errata41.html#012_xorg
http://www.openbsd.org/errata42.html#006_xorg
http://secunia.com/advisories/28843
http://secunia.com/advisories/28885
http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm
http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1
http://secunia.com/advisories/28941
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities
http://secunia.com/advisories/29139
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://secunia.com/advisories/29420
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
http://secunia.com/advisories/29622
http://security.gentoo.org/glsa/glsa-200804-05.xml
http://secunia.com/advisories/29707
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://secunia.com/advisories/30161
http://www.vupen.com/english/advisories/2008/3000
http://secunia.com/advisories/32545
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html
http://jvn.jp/en/jp/JVN88935101/index.html
http://www.vupen.com/english/advisories/2008/0184
http://www.vupen.com/english/advisories/2008/0179
http://www.vupen.com/english/advisories/2008/0497/references
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/0703
https://exchange.xforce.ibmcloud.com/vulnerabilities/39767
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10021
https://usn.ubuntu.com/571-1/
http://www.securityfocus.com/archive/1/487335/100/0/threaded
History
Created Old Value New Value Data Type Notes
2022-05-10 18:19:02 Added to TrackCVE