CVE - CVE-2006-6101

CVE-ID
CVE-2006-6101	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
IDEFENSE:20070109 Multiple Vendor X Server Render Extension ProcRenderAddGlyphs Memory Corruption Vulnerability URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=463 MLIST:[x-org announce] 20070109 X.Org Security Advisory: multiple integer overflows in dbe and render extensions URL:http://lists.freedesktop.org/archives/xorg-announce/2007-January/000235.html CONFIRM:https://issues.rpath.com/browse/RPL-920 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-066.htm CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm DEBIAN:DSA-1249 URL:https://www.debian.org/security/2007/dsa-1249 GENTOO:GLSA-200701-25 URL:http://security.gentoo.org/glsa/glsa-200701-25.xml HP:HPSBUX02225 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678 HP:SSRT071295 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678 MANDRIVA:MDKSA-2007:005 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:005 NETBSD:NetBSD-SA2007-002 URL:http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-002.txt.asc REDHAT:RHSA-2007:0002 URL:http://www.redhat.com/support/errata/RHSA-2007-0002.html REDHAT:RHSA-2007:0003 URL:http://www.redhat.com/support/errata/RHSA-2007-0003.html SLACKWARE:SSA:2007-066-02 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.393555 SUNALERT:102803 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1 SUSE:SUSE-SA:2007:008 URL:http://www.novell.com/linux/security/advisories/2007_08_x.html UBUNTU:USN-403-1 URL:http://www.ubuntu.com/usn/usn-403-1 BID:21968 URL:http://www.securityfocus.com/bid/21968 OVAL:oval:org.mitre.oval:def:10490 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10490 VUPEN:ADV-2007-0108 URL:http://www.vupen.com/english/advisories/2007/0108 VUPEN:ADV-2007-0109 URL:http://www.vupen.com/english/advisories/2007/0109 VUPEN:ADV-2007-0589 URL:http://www.vupen.com/english/advisories/2007/0589 VUPEN:ADV-2007-0669 URL:http://www.vupen.com/english/advisories/2007/0669 VUPEN:ADV-2007-2233 URL:http://www.vupen.com/english/advisories/2007/2233 OSVDB:32084 URL:http://osvdb.org/32084 SECTRACK:1017495 URL:http://securitytracker.com/id?1017495 SECUNIA:23633 URL:http://secunia.com/advisories/23633 SECUNIA:23670 URL:http://secunia.com/advisories/23670 SECUNIA:23684 URL:http://secunia.com/advisories/23684 SECUNIA:23689 URL:http://secunia.com/advisories/23689 SECUNIA:23705 URL:http://secunia.com/advisories/23705 SECUNIA:23698 URL:http://secunia.com/advisories/23698 SECUNIA:23758 URL:http://secunia.com/advisories/23758 SECUNIA:23789 URL:http://secunia.com/advisories/23789 SECUNIA:23966 URL:http://secunia.com/advisories/23966 SECUNIA:24168 URL:http://secunia.com/advisories/24168 SECUNIA:24210 URL:http://secunia.com/advisories/24210 SECUNIA:24247 URL:http://secunia.com/advisories/24247 SECUNIA:24401 URL:http://secunia.com/advisories/24401 SECUNIA:25802 URL:http://secunia.com/advisories/25802 XF:xorg-xserver-render-overflow(31337) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/31337
Assigning CNA
N/A
Date Entry Created
20061124	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061124)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures (CVE®) List and the associated references from this website are subject to the terms of use. CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. For more information, please contact us.