Technical Description

Two vulnerabilities have been identified in X.Org X11, which could be exploited by malicious users to obtain elevated privileges or cause a denial of service.

The first issue is due to an integer overflow error in the "CIDAFM()" [Type1/afm.c] function when processing AFM (Adobe Font Metrics) files, which could be exploited by local attackers to execute arbitrary commands with root privileges.

The second flaw is due to an integer overflow error in the "scan_cidfont()" [Type1/scanfont.c] function when processing malformed "CMap" and "CIDFont" font data, which could be exploited by local attackers to execute arbitrary commands with root privileges.

Affected Products

X.Org X11 versions 6.7.0 through 7.1
X.Org libXfont versions 1.2.x

Solution

Upgrade to libXfont version 1.2.2 :
http://xorg.freedesktop.org/releases/individual/lib/

Patch for X.Org 6.8.2 :
http://xorg.freedesktop.org/releases/X11R6.8.2/patches/xorg-68x-cidfonts.patch

Patch for X.Org 6.9.0 :
http://xorg.freedesktop.org/releases/X11R6.9.0/patches/x11r6.9.0-cidfonts.diff

Patch for X.Org 7.0 - libXfont 1.0.0 :
http://xorg.freedesktop.org/releases/X11R7.0/patches/libXfont-1.0.0-cidfonts.diff

Patch for X.Org 7.1 - libXfont 1.1.0 :
http://xorg.freedesktop.org/releases/X11R7.1/patches/libXfont-1.1.0-cidfonts.diff

References

http://www.vupen.com/english/advisories/2006/3581
http://lists.freedesktop.org/archives/xorg/2006-September/018021.html
http://idefense.com/intelligence/vulnerabilities/display.php?id=412
http://idefense.com/intelligence/vulnerabilities/display.php?id=411

Credits

Vulnerabilities reported by iDEFENSE

ChangeLog

2006-09-13 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.