FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Buffer overflows in XFree86 servers

Affected packages
XFree86-Server <= 4.3.0_13
4.3.99 <= XFree86-Server <= 4.3.99.15_1

Details

VuXML ID 3837f462-5d6b-11d8-80e3-0020ed76ef5a
Discovery 2004-02-10
Entry 2004-02-12
Modified 2004-03-29

A number of buffer overflows were recently discovered in XFree86, prompted by initial discoveries by iDEFENSE. These buffer overflows are present in the font alias handling. An attacker with authenticated access to a running X server may exploit these vulnerabilities to obtain root privileges on the machine running the X server.

References

Bugtraq ID 9636
Bugtraq ID 9652
Bugtraq ID 9655
CVE Name CVE-2004-0083
CVE Name CVE-2004-0084
CVE Name CVE-2004-0106
URL http://www.idefense.com/application/poi/display?id=72
URL http://www.idefense.com/application/poi/display?id=73

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.