CVE - CVE-2008-0006

CVE-ID
CVE-2008-0006	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2008-03-18 URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BID:27336 URL:http://www.securityfocus.com/bid/27336 BID:27352 URL:http://www.securityfocus.com/bid/27352 BUGTRAQ:20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs URL:http://www.securityfocus.com/archive/1/487335/100/0/threaded CERT-VN:VU#203220 URL:http://www.kb.cert.org/vuls/id/203220 CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=204362 CONFIRM:http://docs.info.apple.com/article.html?artnum=307562 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm CONFIRM:http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=428044 CONFIRM:https://issues.rpath.com/browse/RPL-2010 FEDORA:FEDORA-2008-0760 URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html FEDORA:FEDORA-2008-0794 URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html FEDORA:FEDORA-2008-0831 URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html FEDORA:FEDORA-2008-0891 URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html GENTOO:GLSA-200801-09 URL:http://security.gentoo.org/glsa/glsa-200801-09.xml GENTOO:GLSA-200804-05 URL:http://security.gentoo.org/glsa/glsa-200804-05.xml GENTOO:GLSA-200805-07 URL:http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml HP:HPSBUX02381 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 HP:SSRT080083 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 JVN:JVN#88935101 URL:http://jvn.jp/en/jp/JVN88935101/index.html JVNDB:JVNDB-2008-001043 URL:http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html MANDRIVA:MDVSA-2008:021 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:021~~ (Obsolete source) MANDRIVA:MDVSA-2008:022 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:022~~ (Obsolete source) MANDRIVA:MDVSA-2008:024 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:024~~ (Obsolete source) MLIST:[xorg] 20080117 X.Org security advisory: multiple vulnerabilities in the X server URL:http://lists.freedesktop.org/archives/xorg/2008-January/031918.html OPENBSD:[4.1] 20080208 012: SECURITY FIX: February 8, 2008 URL:http://www.openbsd.org/errata41.html#012_xorg OPENBSD:[4.2] 20080208 006: SECURITY FIX: February 8, 2008 URL:http://www.openbsd.org/errata42.html#006_xorg OVAL:oval:org.mitre.oval:def:10021 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10021 REDHAT:RHSA-2008:0029 URL:http://www.redhat.com/support/errata/RHSA-2008-0029.html REDHAT:RHSA-2008:0030 URL:http://www.redhat.com/support/errata/RHSA-2008-0030.html REDHAT:RHSA-2008:0064 URL:http://www.redhat.com/support/errata/RHSA-2008-0064.html SECTRACK:1019232 URL:http://securitytracker.com/id?1019232 SECUNIA:28273 URL:http://secunia.com/advisories/28273 SECUNIA:28500 URL:http://secunia.com/advisories/28500 SECUNIA:28532 URL:http://secunia.com/advisories/28532 SECUNIA:28535 URL:http://secunia.com/advisories/28535 SECUNIA:28536 URL:http://secunia.com/advisories/28536 SECUNIA:28540 URL:http://secunia.com/advisories/28540 SECUNIA:28542 URL:http://secunia.com/advisories/28542 SECUNIA:28544 URL:http://secunia.com/advisories/28544 SECUNIA:28550 URL:http://secunia.com/advisories/28550 SECUNIA:28571 URL:http://secunia.com/advisories/28571 SECUNIA:28592 URL:http://secunia.com/advisories/28592 SECUNIA:28621 URL:http://secunia.com/advisories/28621 SECUNIA:28718 URL:http://secunia.com/advisories/28718 SECUNIA:28843 URL:http://secunia.com/advisories/28843 SECUNIA:28885 URL:http://secunia.com/advisories/28885 SECUNIA:28941 URL:http://secunia.com/advisories/28941 SECUNIA:29139 URL:http://secunia.com/advisories/29139 SECUNIA:29420 URL:http://secunia.com/advisories/29420 SECUNIA:29622 URL:http://secunia.com/advisories/29622 SECUNIA:29707 URL:http://secunia.com/advisories/29707 SECUNIA:30161 URL:http://secunia.com/advisories/30161 SECUNIA:32545 URL:http://secunia.com/advisories/32545 SUNALERT:103192 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1~~ (Obsolete source) SUNALERT:201230 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1~~ (Obsolete source) SUSE:SUSE-SA:2008:003 URL:http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html SUSE:SUSE-SR:2008:008 URL:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html UBUNTU:USN-571-1 URL:https://usn.ubuntu.com/571-1/ VUPEN:ADV-2008-0179 URL:~~http://www.vupen.com/english/advisories/2008/0179~~ (Obsolete source) VUPEN:ADV-2008-0184 URL:~~http://www.vupen.com/english/advisories/2008/0184~~ (Obsolete source) VUPEN:ADV-2008-0497 URL:~~http://www.vupen.com/english/advisories/2008/0497/references~~ (Obsolete source) VUPEN:ADV-2008-0703 URL:~~http://www.vupen.com/english/advisories/2008/0703~~ (Obsolete source) VUPEN:ADV-2008-0924 URL:~~http://www.vupen.com/english/advisories/2008/0924/references~~ (Obsolete source) VUPEN:ADV-2008-3000 URL:~~http://www.vupen.com/english/advisories/2008/3000~~ (Obsolete source) XF:xorg-pcffont-bo(39767) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/39767
Assigning CNA
Red Hat, Inc.
Date Record Created
20071203	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071203)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)