JVN#88935101
X.Org Foundation X server buffer overflow vulnerability
Overview
X server provided by the X.Org Foundation contains a buffer overflow vulnerability.
Products Affected
For more information, refer to each vendor's website.
Description
The X.Org Foundation provides an open source implementation of the X Window System. The X server of this implementation contains a vulnerability in the handling of Portable Compiled Font (PCF) format fonts that can be exploited to cause a buffer overflow.
Impact
An attacker with an established, authenticated connection to the X server could execute arbitrary code with the privilege of X server process or cause the server to crash.
Solution
Update the Software
Apply the latest updates provided by the vendors.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Allied Telesis K.K. | Not Vulnerable | 2009年03月03日 | |
| FUJITSU LIMITED | Vulnerable | 2015年10月13日 |
References
JPCERT/CC Addendum
X.Org Foundation released the X.Org security advisory on January 17, 2008, and CERT/CC released VU#203220 on March 19, 2008 regarding this vulnerability issue.
Vulnerability Analysis by JPCERT/CC
Credit
Takuya Shiozaki of CODE blog (codeblog.org) reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
Update History
- 2008年06月12日
- The first English advisory of this issue was published.
- 2008年07月17日
- Information under the section "References" was added.
- 2015年10月21日
- FUJITSU LIMITED update status