CVE-2006-1861
CVSS7.5
发布时间 :2006-05-23 06:06:00
修订时间 :2011-03-07 00:00:00
NMCOPS    

[原文]Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.


[CNNVD]FreeType PCF字体处理 整数溢出漏洞(CNNVD-200605-433)

        FreeType是一个流行的字体函数库。
        FreeType在处理PCF字体时存在整数溢出,远程攻击者可能利用此漏洞在用户机器上执行任意指令。
        如果用户受骗使用链接到FreeType的应用程序加载了特制的字体文件的话,就会导致拒绝服务或执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-189 [数值错误]

- CPE (受影响的平台与产品)

cpe:/a:freetype:freetype:2.1.10FreeType 2.1.10
cpe:/a:freetype:freetype:2.1.7FreeType 2.1.7
cpe:/a:freetype:freetype:2.1.4FreeType 2.1.4
cpe:/a:freetype:freetype:2.1.3FreeType 2.1.3
cpe:/a:freetype:freetype:2.1.6FreeType 2.1.6
cpe:/a:freetype:freetype:2.1.8_rc1FreeType 2.1.8 rc1
cpe:/a:freetype:freetype:2.0.9FreeType 2.0.9
cpe:/a:freetype:freetype:2.1.8FreeType 2.1.8
cpe:/a:freetype:freetype:2.1.9FreeType 2.1.9
cpe:/a:freetype:freetype:2.1.5FreeType 2.1.5

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9124Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1861
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200605-433
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/26553
(PATCH)  XF  freetype-lwfn-overflow(26553)
http://www.securityfocus.com/bid/18034
(PATCH)  BID  18034
http://sourceforge.net/project/shownotes.php?release_id=416463
(PATCH)  CONFIRM  http://sourceforge.net/project/shownotes.php?release_id=416463
http://secunia.com/advisories/20100
(VENDOR_ADVISORY)  SECUNIA  20100
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html
(UNKNOWN)  FEDORA  FEDORA-2009-5644
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html
(UNKNOWN)  FEDORA  FEDORA-2009-5558
https://issues.rpath.com/browse/RPL-429
(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-429
https://bugzilla.redhat.com/show_bug.cgi?id=502565
(UNKNOWN)  CONFIRM  https://bugzilla.redhat.com/show_bug.cgi?id=502565
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8
(UNKNOWN)  CONFIRM  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593
(UNKNOWN)  CONFIRM  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606
(UNKNOWN)  CONFIRM  https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606
http://www.vupen.com/english/advisories/2007/0381
(VENDOR_ADVISORY)  VUPEN  ADV-2007-0381
http://www.vupen.com/english/advisories/2006/1868
(VENDOR_ADVISORY)  VUPEN  ADV-2006-1868
http://www.ubuntulinux.org/support/documentation/usn/usn-291-1
(UNKNOWN)  UBUNTU  USN-291-1
http://www.securityfocus.com/archive/1/archive/1/436836/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060612 rPSA-2006-0100-1 freetype
http://www.redhat.com/support/errata/RHSA-2009-1062.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2009:1062
http://www.redhat.com/support/errata/RHSA-2009-0329.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2009:0329
http://www.redhat.com/support/errata/RHSA-2006-0500.html
(UNKNOWN)  REDHAT  RHSA-2006:0500
http://www.mandriva.com/security/advisories?name=MDKSA-2006:099
(UNKNOWN)  MANDRIVA  MDKSA-2006:099
http://www.gentoo.org/security/en/glsa/glsa-200710-09.xml
(UNKNOWN)  GENTOO  GLSA-200710-09
http://www.debian.org/security/2006/dsa-1095
(UNKNOWN)  DEBIAN  DSA-1095
http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm
http://support.apple.com/kb/HT3438
(UNKNOWN)  CONFIRM  http://support.apple.com/kb/HT3438
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1
(UNKNOWN)  SUNALERT  102705
http://securitytracker.com/id?1016522
(UNKNOWN)  SECTRACK  1016522
http://security.gentoo.org/glsa/glsa-200607-02.xml
(UNKNOWN)  GENTOO  GLSA-200607-02
http://secunia.com/advisories/35233
(VENDOR_ADVISORY)  SECUNIA  35233
http://secunia.com/advisories/35204
(VENDOR_ADVISORY)  SECUNIA  35204
http://secunia.com/advisories/35200
(VENDOR_ADVISORY)  SECUNIA  35200
http://secunia.com/advisories/33937
(VENDOR_ADVISORY)  SECUNIA  33937
http://secunia.com/advisories/27271
(VENDOR_ADVISORY)  SECUNIA  27271
http://secunia.com/advisories/27167
(VENDOR_ADVISORY)  SECUNIA  27167
http://secunia.com/advisories/27162
(VENDOR_ADVISORY)  SECUNIA  27162
http://secunia.com/advisories/23939
(VENDOR_ADVISORY)  SECUNIA  23939
http://secunia.com/advisories/21701
(VENDOR_ADVISORY)  SECUNIA  21701
http://secunia.com/advisories/21385
(VENDOR_ADVISORY)  SECUNIA  21385
http://secunia.com/advisories/21135
(VENDOR_ADVISORY)  SECUNIA  21135
http://secunia.com/advisories/21062
(VENDOR_ADVISORY)  SECUNIA  21062
http://secunia.com/advisories/21000
(VENDOR_ADVISORY)  SECUNIA  21000
http://secunia.com/advisories/20791
(VENDOR_ADVISORY)  SECUNIA  20791
http://secunia.com/advisories/20638
(VENDOR_ADVISORY)  SECUNIA  20638
http://secunia.com/advisories/20591
(VENDOR_ADVISORY)  SECUNIA  20591
http://secunia.com/advisories/20525
(VENDOR_ADVISORY)  SECUNIA  20525
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html
(UNKNOWN)  SUSE  SUSE-SA:2006:037
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
(UNKNOWN)  SUSE  SUSE-SR:2007:021
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
(UNKNOWN)  APPLE  APPLE-SA-2009-02-12
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
(UNKNOWN)  SGI  20060701-01-U

- 漏洞信息

FreeType PCF字体处理 整数溢出漏洞
高危 缓冲区溢出
2006-05-23 00:00:00 2009-08-19 00:00:00
远程  
        FreeType是一个流行的字体函数库。
        FreeType在处理PCF字体时存在整数溢出,远程攻击者可能利用此漏洞在用户机器上执行任意指令。
        如果用户受骗使用链接到FreeType的应用程序加载了特制的字体文件的话,就会导致拒绝服务或执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.debian.org/security/2006/dsa-1193
        http://lwn.net/Alerts/196520
        ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U.asc
        http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102714-1
        http://prdownloads.sourceforge.net/freetype/freetype-2.2.1.tar.bz2?download

- 漏洞信息 (F90151)

Gentoo Linux Security Advisory 201006-1 (PacketStormID:F90151)
2010-06-02 00:00:00
Gentoo  security.gentoo.org
advisory,remote,arbitrary,vulnerability
linux,gentoo
CVE-2006-1861,CVE-2007-2754
[点击下载]

Gentoo Linux Security Advisory 201006-1 - Multiple vulnerabilities in FreeType might result in the remote execution of arbitrary code. Multiple issues found in FreeType 2 were also discovered in FreeType 1. For details on these issues, please review the Gentoo Linux Security Advisories and CVE identifiers referenced below. Versions less than 1.4_pre20080316-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201006-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: FreeType 1: User-assisted execution of arbitrary code
      Date: June 01, 2010
      Bugs: #271234
        ID: 201006-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities in FreeType might result in the remote
execution of arbitrary code.

Background
==========

FreeType is a True Type Font rendering library.

Affected packages
=================

    -------------------------------------------------------------------
     Package   /       Vulnerable       /                   Unaffected
    -------------------------------------------------------------------
  1  freetype     < 1.4_pre20080316-r2           >= 1.4_pre20080316-r2

Description
===========

Multiple issues found in FreeType 2 were also discovered in FreeType 1.
For details on these issues, please review the Gentoo Linux Security
Advisories and CVE identifiers referenced below.

Impact
======

A remote attacker could entice a user to open a specially crafted TTF
file, possibly resulting in the execution of arbitrary code with the
privileges of the user running FreeType.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All FreeType 1 users should upgrade to an unaffected version:

    # emerge --sync
    # emerge --ask --oneshot --verbose
    ">=media-libs/freetype-1.4_pre20080316-r2"

NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since May 27, 2009. It is likely that your system is already
no longer affected by this issue.

References
==========

  [ 1 ] CVE-2006-1861
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861
  [ 2 ] CVE-2007-2754
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754
  [ 3 ] GLSA 200607-02
        http://www.gentoo.org/security/en/glsa/glsa-200607-02.xml
  [ 4 ] GLSA 200705-22
        http://www.gentoo.org/security/en/glsa/glsa-200705-22.xml

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-201006-01.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2010 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
    

- 漏洞信息 (F59963)

Gentoo Linux Security Advisory 200710-9 (PacketStormID:F59963)
2007-10-10 00:00:00
Gentoo  security.gentoo.org
advisory,overflow
linux,gentoo
CVE-2006-1861
[点击下载]

Gentoo Linux Security Advisory GLSA 200710-09 - Chris Evans reported an integer overflow within the FreeType PCF font file parser. NX and NX Node are vulnerable to this due to shipping XFree86 4.3.0, which includes the vulnerable FreeType code. Versions less than 3.0.0 are affected.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200710-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: NX 2.1: User-assisted execution of arbitrary code
      Date: October 09, 2007
      Bugs: #192712
        ID: 200710-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

NX in the 2.1 series uses XFree86 4.3 code which is prone to an integer
overflow vulnerability.

Background
==========

NoMachine's NX establishes remote connections to X11 desktops over
small bandwidth links. NX and NX Node are the compression core
libraries, whereas NX is used by FreeNX and NX Node by the binary-only
NX servers.

Affected packages
=================

    -------------------------------------------------------------------
     Package          /  Vulnerable  /                      Unaffected
    -------------------------------------------------------------------
  1  net-misc/nx           < 3.0.0                            >= 3.0.0
  2  net-misc/nxnode     < 3.0.0-r3                        >= 3.0.0-r3
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

Chris Evans reported an integer overflow within the FreeType PCF font
file parser (CVE-2006-1861). NX and NX Node are vulnerable to this due
to shipping XFree86 4.3.0, which includes the vulnerable FreeType code.

Impact
======

A remote attacker could exploit these integer overflows by enticing a
user to load a specially crafted PCF font file which might lead to the
execution of arbitrary code with the privileges of the user on the
machine running the NX server.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All NX users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/nx-3.0.0"

All NX Node users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/nxnode-3.0.0-r3"

References
==========

  [ 1 ] CVE-2006-1861
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861
  [ 2 ] GLSA 200607-02
        http://www.gentoo.org/security/en/glsa/glsa-200607-02.xml

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200710-09.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHC//yuhJ+ozIKI5gRAsBMAJ0TAVDKI5lx90rvQD+UrO9B+lOS6gCeNOVg
DaVvikNyWdu++8QxL3WLnzs=
=nHMo
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F48451)

Mandriva Linux Security Advisory 2006.129 (PacketStormID:F48451)
2006-07-24 00:00:00
Mandriva  mandriva.com
advisory,overflow,arbitrary
linux,mandriva
CVE-2006-3467,CVE-2006-1861
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-129 - An additional overflow, similar to those corrected by patches for CVE-2006-1861 was found in libfreetype. If a user loads a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code as the user.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:129
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : freetype2
 Date    : July 20, 2006
 Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 An additional overflow, similar to those corrected by patches for 
 CVE-2006-1861 was found in libfreetype.  If a user loads a carefully 
 crafted font file with a program linked against FreeType, it could cause 
 the application to crash or execute arbitrary code as the user. 
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 58610d57ba81e18fd281de0723377d15  2006.0/RPMS/libfreetype6-2.1.10-9.4.20060mdk.i586.rpm
 acc57dee23d472c2dd67a7dfd4f31178  2006.0/RPMS/libfreetype6-devel-2.1.10-9.4.20060mdk.i586.rpm
 0cb439096b7c68f7b087494f460733ef  2006.0/RPMS/libfreetype6-static-devel-2.1.10-9.4.20060mdk.i586.rpm
 21644362815c06ab64672919b74d4482  2006.0/SRPMS/freetype2-2.1.10-9.4.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 bc9d61266c643afb4c621b69fe773d1f  x86_64/2006.0/RPMS/lib64freetype6-2.1.10-9.4.20060mdk.x86_64.rpm
 7b2e091d9d451c0ca78bc1a30ca65abe  x86_64/2006.0/RPMS/lib64freetype6-devel-2.1.10-9.4.20060mdk.x86_64.rpm
 98930009ac9bc59a90045801db3e9884  x86_64/2006.0/RPMS/lib64freetype6-static-devel-2.1.10-9.4.20060mdk.x86_64.rpm
 58610d57ba81e18fd281de0723377d15  x86_64/2006.0/RPMS/libfreetype6-2.1.10-9.4.20060mdk.i586.rpm
 acc57dee23d472c2dd67a7dfd4f31178  x86_64/2006.0/RPMS/libfreetype6-devel-2.1.10-9.4.20060mdk.i586.rpm
 0cb439096b7c68f7b087494f460733ef  x86_64/2006.0/RPMS/libfreetype6-static-devel-2.1.10-9.4.20060mdk.i586.rpm
 21644362815c06ab64672919b74d4482  x86_64/2006.0/SRPMS/freetype2-2.1.10-9.4.20060mdk.src.rpm

 Corporate 3.0:
 a178787bfed2fb14fa946da97a617cc3  corporate/3.0/RPMS/libfreetype6-2.1.7-4.3.C30mdk.i586.rpm
 1635f5556cadc0cac6d069face4456a2  corporate/3.0/RPMS/libfreetype6-devel-2.1.7-4.3.C30mdk.i586.rpm
 445a95dba634a31197305bc82a87879d  corporate/3.0/RPMS/libfreetype6-static-devel-2.1.7-4.3.C30mdk.i586.rpm
 aae2d49840b8ceed17dd373ecaf1edc3  corporate/3.0/SRPMS/freetype2-2.1.7-4.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 8a7688a1f8ab362b8994cf15babb6a26  x86_64/corporate/3.0/RPMS/lib64freetype6-2.1.7-4.3.C30mdk.x86_64.rpm
 0590279a78710bf68de62333f594ec83  x86_64/corporate/3.0/RPMS/lib64freetype6-devel-2.1.7-4.3.C30mdk.x86_64.rpm
 42fedd6e54d1f483e5f8655b7e1607b2  x86_64/corporate/3.0/RPMS/lib64freetype6-static-devel-2.1.7-4.3.C30mdk.x86_64.rpm
 a178787bfed2fb14fa946da97a617cc3  x86_64/corporate/3.0/RPMS/libfreetype6-2.1.7-4.3.C30mdk.i586.rpm
 aae2d49840b8ceed17dd373ecaf1edc3  x86_64/corporate/3.0/SRPMS/freetype2-2.1.7-4.3.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 1a19681d0cbdcf910097685bd6ea4f49  mnf/2.0/RPMS/libfreetype6-2.1.7-4.3.M20mdk.i586.rpm
 e8d868b0dfc94e945d096896b8b9e0ec  mnf/2.0/SRPMS/freetype2-2.1.7-4.3.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEv2f7mqjQ0CJFipgRAh4KAJ9Zh4S5ATdPwUBE4P8eTH4qvIoA4wCfWT5p
1068arET28g/esaIHIzlrP4=
=Zo9b
-----END PGP SIGNATURE-----

    

- 漏洞信息

25654
FreeType base/ftmac.c read_lwfn() Function LWFN File Handling Overflow
Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

- 时间线

2006-05-02 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

FreeType LWFN Files Buffer Overflow Vulnerability
Boundary Condition Error 18034
Yes No
2006-05-19 12:00:00 2010-06-01 05:50:00
The vendor disclosed this issue.

- 受影响的程序版本

X.org LibXfont 0.99.0
VMWare ESX Server 2.5.4
VMWare ESX Server 2.5.3
VMWare ESX Server 2.1.3
VMWare ESX Server 2.0.2
VMWare ESX Server 2.5.3 Patch 2
VMWare ESX Server 2.1.3 Patch 1
VMWare ESX Server 2.0.2 Patch 1
Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
Trustix Operating System Enterprise Server 2.0
SuSE SUSE Linux Enterprise Server 9
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise SDK 10
SuSE Linux 10.3
SuSE Linux 10.2
Sun Solaris 9_x86
Sun Solaris 9_sparc
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 10_x86
Sun Solaris 10_sparc
Sun Java Desktop System (JDS) 2.0
Slackware Linux 10.2
Slackware Linux -current
SGI ProPack 3.0 SP6
S.u.S.E. UnitedLinux 1.0
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux 10.1
S.u.S.E. Linux 10.0
rPath rPath Linux 1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora 8
Red Hat Fedora 10
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Gentoo media-libs/freetype 2.1.10-r1
Gentoo Linux
FreeType FreeType 2.2.10
FreeType FreeType 2.1.10
FreeType FreeType 2.1.9
FreeType FreeType 2.1.7
FreeType FreeType 2.0.9
FreeType FreeType 1.3.1
FreeType FreeType 2.2
FreeType FreeType 0
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Avaya Voice Portal 4.1
Avaya Voice Portal 4.0
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Proactive Contact 3.0.2
Avaya Proactive Contact 4.1
Avaya Proactive Contact 4.0
Avaya Proactive Contact 3.0
Avaya Proactive Contact 0
Avaya Messaging Storage Server MM3.0
Avaya Messaging Storage Server
Avaya Message Networking MN 3.1
Avaya Message Networking 3.1
Avaya Message Networking
Avaya Intuity AUDIX LX 2.0 SP2
Avaya Intuity AUDIX LX 2.0 SP1
Avaya Intuity AUDIX LX 2.0
Avaya Intuity AUDIX LX 1.0
Avaya Intuity LX
Avaya Interactive Response 1.3
Avaya Interactive Response 2.0
Avaya CMS Server 13.0
Avaya CMS Server 12.0
Avaya CMS Server 11.0
Avaya CMS Server 9.0
Avaya CMS Server 13.1
Avaya Aura Application Enablement Services 4.2.2
Avaya Aura Application Enablement Services 4.2.1
Avaya Aura Application Enablement Services 4.0.1
Avaya Aura Application Enablement Services 3.1.6
Avaya Aura Application Enablement Services 3.1.5
Avaya Aura Application Enablement Services 3.1.4
Avaya Aura Application Enablement Services 3.1.3
Avaya Aura Application Enablement Services 4.2
Avaya Aura Application Enablement Services 4.1
Avaya Aura Application Enablement Services 4.0
Avaya Aura Application Enablement Services 3.1
Avaya Aura Application Enablement Services 3.0
VMWare ESX Server 2.5.4 Patch 1
VMWare ESX Server 2.5.3 Patch 4
VMWare ESX Server 2.1.3 Patch 2
VMWare ESX Server 2.0.2 Patch 2
FreeType FreeType 2.2.1
+ OpenPKG OpenPKG E1.0-Solid
+ Trustix Secure Linux 3.0.5
+ Trustix Secure Linux 3.0
+ Trustix Secure Linux 2.2

- 不受影响的程序版本

VMWare ESX Server 2.5.4 Patch 1
VMWare ESX Server 2.5.3 Patch 4
VMWare ESX Server 2.1.3 Patch 2
VMWare ESX Server 2.0.2 Patch 2
FreeType FreeType 2.2.1
+ OpenPKG OpenPKG E1.0-Solid
+ Trustix Secure Linux 3.0.5
+ Trustix Secure Linux 3.0
+ Trustix Secure Linux 2.2

- 漏洞讨论

FreeType is prone to a buffer-overflow vulnerability because of an integer overflow that causes a buffer to be overrun with attacker-supplied data.

Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts will likely crash applications, denying service to legitimate users.

Versions prior to FreeType 2.2.1 are vulnerable.

- 漏洞利用

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Vendor updates are available. Please see the references for more information.


Sun Solaris 8_sparc

FreeType FreeType 0

FreeType FreeType 2.2

FreeType FreeType 1.3.1

FreeType FreeType 2.1.7

MandrakeSoft Corporate Server 3.0

Trustix Secure Linux 3.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站