Published:2008/06/10  Last Updated:2008/07/17

JVN#88935101
X.Org Foundation X server buffer overflow vulnerability

Overview

X server provided by the X.Org Foundation contains a buffer overflow vulnerability.

Products Affected

For more information, refer to each vendor's website.

Description

The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font (PCF) format fonts that can be exploited to cause a buffer overflow.

Impact

An attacker with an established, authenticated connection to the X server could execute arbitrary code with the privilege of X server process or cause the server to crash.

Solution

Update the Software
Apply the latest updates provided by the vendors.

Vendor Status

Vendor Status Last Update Vendor Notes
FUJITSU LIMITED Vulnerable 2008/07/01
Allied Telesis K.K. Not Vulnerable 2009/03/03
Vendor Link
Fedora Project Fedora 8 Update: xorg-x11-server-1.3.0.0-39.fc8
Fedora 8 Update: libXfont-1.3.1-2.fc8
Fedora 7 Update: xorg-x11-server-1.3.0.0-15.fc7
Fedora 7 Update: libXfont-1.2.9-3.fc7
Gentoo Linux X.Org X server and Xfont library: Multiple vulnerabilities
Mandriva, Inc. Updated XFree86 packages fix multiple vulnerabilities
Updated xorg-x11 packages fix multiple vulnerabilities
OpenBSD OpenBSD 4.1 errata
OpenBSD 4.2 errata
Red Hat, Inc. XFree86 security update
xorg-x11 security update
libXfont security update
SUSE Linux SUSE Security Announcement: Xorg and XFree (SUSE-SA:2008:003)
Ubuntu libxfont, xorg-server vulnerabilities
X.Org Foundation X.Org security advisory: multiple vulnerabilities in the X server

References

  1. US-CERT Vulnerability Note VU#203220
    X.Org PCF font parser buffer overflow
  2. IPA
    Security Alert for X.Org Foundation X Server Vulnerability

JPCERT/CC Addendum

X.Org Foundation released the X.Org security advisory on January 17, 2008, and CERT/CC released VU#203220 on March 19, 2008 regarding this vulnerability issue.

Vulnerability Analysis by JPCERT/CC

Analyzed on 2008.06.10

Measures Conditions Severity
Access Required Routed - can be attacked over the Internet using packets
  • High
Authentication Standard - login caused to be created by an administrator
  • Low-Medium
User Interaction Required Complex - the user must be convinced to take a difficult or suspicious action. If the honest user must have elevated privileges, they are likely to be more suspicious
  • Low
Exploit Complexity Low - little to no expertise and/or luck required to exploit (cross-site scripting)
  • High

Description of each analysis measures

Credit

Takuya Shiozaki of CODE blog (codeblog.org) reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2008-0006
JVN iPedia JVNDB-2008-001043

Update History

2008/06/12
The first English advisory of this issue was published.
2008/07/17
Information under the section "References" was added.