CVE-2004-0084
CVSS10.0
发布时间 :2004-03-03 00:00:00
修订时间 :2017-10-10 21:29:20
NMCOEPS    

[原文]Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.


[CNNVD]XFree86 CopyISOLatin1Lowered Font_Name本地缓冲区溢出漏洞(CNNVD-200403-016)

        
        XFree86是一款流行的X服务器。
        XFree86 X Windows系统当处理'font.alias'文件时缺少正确的边界检查,本地攻击者可以利用这个漏洞进行缓冲区溢出攻击,可提升权限。
        问题存在于CopyISOLatin1Lowered()函数处理'font_name'缓冲区时。当解析'font.alias'文件时,ReadFontAlias()函数使用输入字符串长度作为拷贝的限制长度来代替存储缓冲区的大小,恶意用户可以构建畸形'font.alias'文件,诱使用户解析,以root用户权限执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:xfree86_project:x11r6:4.1.0
cpe:/a:xfree86_project:x11r6:4.1.11
cpe:/a:xfree86_project:x11r6:4.1.12
cpe:/a:xfree86_project:x11r6:4.2.0
cpe:/a:xfree86_project:x11r6:4.2.1
cpe:/a:xfree86_project:x11r6:4.2.1::errata
cpe:/a:xfree86_project:x11r6:4.3.0
cpe:/o:openbsd:openbsd:3.3OpenBSD 3.3
cpe:/o:openbsd:openbsd:3.4OpenBSD 3.4

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:831XFree86 Buffer Overflow in CopyISOLatin1Lowered Function
oval:org.mitre.oval:def:807Red Hat XFree86 Buffer Overflow in ReadFontAlias II
oval:org.mitre.oval:def:10405Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remot...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0084
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0084
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200403-016
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
(UNKNOWN)  CONECTIVA  CLA-2004:821
http://marc.info/?l=bugtraq&m=107662833512775&w=2
(UNKNOWN)  BUGTRAQ  20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II
http://marc.info/?l=bugtraq&m=110979666528890&w=2
(UNKNOWN)  FEDORA  FLSA:2314
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
(UNKNOWN)  SUNALERT  57768
http://www.debian.org/security/2004/dsa-443
(UNKNOWN)  DEBIAN  DSA-443
http://www.idefense.com/application/poi/display?id=73
(UNKNOWN)  MISC  http://www.idefense.com/application/poi/display?id=73
http://www.kb.cert.org/vuls/id/667502
(UNKNOWN)  CERT-VN  VU#667502
http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
(UNKNOWN)  MANDRAKE  MDKSA-2004:012
http://www.novell.com/linux/security/advisories/2004_06_xf86.html
(UNKNOWN)  SUSE  SuSE-SA:2004:006
http://www.redhat.com/support/errata/RHSA-2004-059.html
(UNKNOWN)  REDHAT  RHSA-2004:059
http://www.redhat.com/support/errata/RHSA-2004-060.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:060
http://www.redhat.com/support/errata/RHSA-2004-061.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:061
http://www.securityfocus.com/bid/9652
(VENDOR_ADVISORY)  BID  9652
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
(UNKNOWN)  SLACKWARE  SSA:2004-043
https://exchange.xforce.ibmcloud.com/vulnerabilities/15200
(UNKNOWN)  XF  xfree86-copyisolatin1lLowered-bo(15200)

- 漏洞信息

XFree86 CopyISOLatin1Lowered Font_Name本地缓冲区溢出漏洞
危急 边界条件错误
2004-03-03 00:00:00 2005-10-28 00:00:00
本地  
        
        XFree86是一款流行的X服务器。
        XFree86 X Windows系统当处理'font.alias'文件时缺少正确的边界检查,本地攻击者可以利用这个漏洞进行缓冲区溢出攻击,可提升权限。
        问题存在于CopyISOLatin1Lowered()函数处理'font_name'缓冲区时。当解析'font.alias'文件时,ReadFontAlias()函数使用输入字符串长度作为拷贝的限制长度来代替存储缓冲区的大小,恶意用户可以构建畸形'font.alias'文件,诱使用户解析,以root用户权限执行任意指令。
        

- 公告与补丁

.1 de XFrearget="_blacocbtfcr /XFree86-Server-4.2.0-apmUpgrade XFree86-Serv86.rplade XFrject:x11r6:4.1.0.1 de XFrearget="_blacocbtfcr /XFree86-Server-4.2.0-arkUpgrade XFree86-Serv86.rplade XFrject:x11r6:4.1.0.1 de XFrearget="_blacocbtfcr /XFree86-Server-4.2.0-atiUpgrade XFree86-Serv86.rplade XFrject:x11r6:4.1.0.1 de XFrearget="_blacocbtfcr /XFree86-Server-4.2.0-atiUdriUpgrade XFree86-Serv86.rplade XFrject:x11r6:4.1.0.1 de XFrearget="_blacocbtfcr /XFree86-Server-4.2.0-benchUpgrade XFree86-Serv86.rplade XFrject:x11r6:4.1.0          lade XFrject:x11r6:4.1.0          lade XFrject:x11r6:4.1.0          lade XFrject:x11r6:4.1.0        ftp://atualizacoes.conectiva.com.br/8/RPMS/XFredevel-4.2.0-21U80_6cl.i386.rpm
        Conectiva Upgrade XFree86-Soesfig-GL-devel-4.2.0-21U80_6cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/XFredesfig-GL-devel-4.2.0-21U80_6cl/a>
        Conectiva Upgrade XFree86-Soyrillic0_6cl.i386.rpm
        
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFredyrillic0_6cl.i386.rpm
  /a>
        Conectiva Upgrade XFree86-Soyrixi386.rpm
        
ftp://atualizacoes.conectiva.com.br/8/RPMS/XFredyrixi386.rpm
  /a>
        Conectiva Upgrade XFree86-Sgrade XFree86-75dpi-fonts-4.2.0-21U80_6cl.i386.rpm
        
ftp://atualizacoes.conectivam.br/8/RPMS/XFree86-75dpi-fonts-4.2.0-21U80_6cl.i386.rpm
        m.br/8 XFree86-75dpi-fonts-4.2.0-21U80_6cl.i386.rpm
        ftp://atualizacoes.conectivam.br/8 XFree86-75dpi-fonts-4.2.s-4.2.0-21U80_6cl.i386.rpm
        mo XFree86-75dpi-fonts-4.2.0-21U80_6cl.i386.rpm
        ftp://atualizacoes.conectivamo XFree86-75dpi-fonts-4.2.s-4.2.0-21U80_6cl.i386.rpm
        mo _06_ XFree86-75dpi-fonts-4.2.0-21U80_6cl.i386.rpm
        ftp://atualizacoes.conectivamo _06_ XFree86-75dpi-fonts-4.2.s-4.2.0-21U80_6cl.i386.rpm
        mp.i386.rpm
        ftp://atualizacoes.conectivamp.i386.rpm
  lade XFrject:x11r6:4.1.0        
ftp://atualizacoes.conectivafbm.bi386.rpm
  lade XFrject:x11r6:4.1.0        
10
        厂商补丁:
        Conectiva
        ---------
        Conectiva已经为此发布了一个安全公告(CLA-2004:821)以及相应补丁:
        CLA-2004:821:XFree86
        链接:
        http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000821

        补丁下载:
        Conectiva Upgrade XFree86-100dpi-fonts-4.2.0-21U80_6cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-100dpi-fonts-4.2.0-21U80_6cl.i386.rpm
        Conectiva Upgrade XFree86-4.2.0-21U80_6cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-4.2.0-21U80_6cl.i386.rpm
        Conectiva Upgrade XFree86-75dpi-fonts-4.2.0-21U80_6cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-75dpi-fonts-4.2.0-21U80_6cl.i386.rpm
        Conectiva Upgrade XFree86-GL-4.2.0-21U80_6cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-GL-4.2.0-21U80_6cl.i386.rpm
        Conectiva Upgrade XFree86-GL-devel-4.2.0-21U80_6cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-GL-devel-4.2.0-21U80_6cl.i386.rpm
        Conectiva Upgrade XFree86-Server-4.2.0-21U80_6cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/XFree86-Server-4.2.0-21U80_6cl.i386.rpm
        Conectiva Upgrade XFree86-Server-common-4.2.0-21U80_6cl.i386.rpm
        .1 de XFrearget="_blacocbtfcr /XFree86-Server-4.2.0-2vfbUpgrade XFree86-Serv86.rplade XFrject:x11r6:4.1.0
用户可llpadcharset="utf-8"
>ww. >ww. >ww. >ww. >ww. >ww. > >ww.
 

 

>关于SCAP>中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[ualizacoeabout.html">关于本站]>ww.。

>版权声明>

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在ualizacoe.conectmeasurablenrabilit.mitre.org" target="_blank">MITRE公司的相关网站>ww.。