exploits , vulnerabilities , articles , X.Org X Font Server Multiple Memory Corruption Vulnerabilities

Title	X.Org X Font Server Multiple Memory Corruption Vulnerabilities
Published	2007-10-02-12:00AM
Updated	2008-03-19-02:10AM
Class	Unknown
CVE	CVE-2007-4568 E-2007-4990
Remote	Yes
Local	Yes
Credit	These vulnerabilities were discovered by Sean Larsson of VeriSign iDefense Labs.
Vulnerable	X.org xfs 1.0.4 Sun Solaris 10.0 _x86 Sun Solaris 10.0 Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8 Sun Solaris 10_x86 Sun Solaris 10 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. SLE SDK 10.SP1 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. Linux Enterprise Server 10.SP1 S.u.S.E. Linux 10.1 x8664 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x8664 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc rPath rPath Linux 1 RedHat Fedora 7 0 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 IA64 RedHat Enterprise Linux AS 2.1 RedHat Desktop 4.0 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 IBM AIX 5.3 IBM AIX 5.2 HP HPUX B.11.31 HP HPUX B.11.23 HP HPUX B.11.11 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia64 Debian Linux 3.1 ia32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia64 Debian Linux 4.0 ia32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Avaya Proactive Contact 0 Avaya Predictive Dialer 0 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.5
Not Vulnerable	X.org xfs 1.0.5 Apple Mac OS X Server 10.5.2 Apple Mac OS X 10.5.2
Code	The following exploit module, which is reported to work on Solaris 8 and 10 installations, is available for members of the Immunity Partner's program:https://www.immunityinc.com/downloads/immpartners/xfs_swapchar2b.tgz
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities
• 2009-12-16 IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability
• 2009-12-16 Horde Application Framework Administration Interface Cross-Site Scripting Vulnerability
• 2009-12-16 Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Multiple Vulnerabilities
• 2009-12-16 Merkaartor Insecure Temporary File Creation Vulnerability
• 2009-12-15 TYPO3 Watchdog (aba_watchdog) Unspecified Information Disclosure Vulnerability
• 2009-12-15 PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
• 2009-12-15 PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
• 2009-12-15 IBM DB2 prior to 9.5 Fix Pack 5 Multiple Unspecified Security Vulnerabilities
• 2009-12-15 Sun Ray Server Software Desktop Session Handling Local Security Bypass Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Wed, 16 Dec 2009 23:03:46 +0000