Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2007-1352

Disclosure Date: April 06, 2007
CVE-2007-1352
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • mandrakesoft,
  • openbsd,
  • redhat,
  • rpath,
  • slackware,
  • turbolinux,
  • ubuntu,
  • x.org

Products

  • enterprise linux 2.1,
  • enterprise linux 3.0,
  • enterprise linux 4.0,
  • enterprise linux desktop 3.0,
  • enterprise linux desktop 4.0,
  • enterprise linux desktop 5.0,
  • fedora core core 1.0,
  • libxfont 1.2.2,
  • linux 1,
  • linux 9.0,
  • linux advanced workstation 2.1,
  • mandrake multi network firewall 2.0,
  • openbsd 3.9,
  • openbsd 4.0,
  • slackware linux 9.0,
  • slackware linux 9.1,
  • slackware linux current,
  • turbolinux desktop 10.0,
  • ubuntu linux 4.1,
  • ubuntu linux 5.10,
  • ubuntu linux 6.06 lts,
  • ubuntu linux 6.10

References

Canonical
CVE-2007-1352 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352)
BID-23283 (http://www.securityfocus.com/bid/23283)
BID-23300 (http://www.securityfocus.com/bid/23300)
Advisory
SECUNIA-24745 (http://secunia.com/advisories/24745)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10523
SECUNIA-33937 (http://secunia.com/advisories/33937)
SECUNIA-24771 (http://secunia.com/advisories/24771)
SECUNIA-24770 (http://secunia.com/advisories/24770)
SECUNIA-25006 (http://secunia.com/advisories/25006)
SECUNIA-24756 (http://secunia.com/advisories/24756)
http://www.redhat.com/support/errata/RHSA-2007-0126.html
http://support.apple.com/kb/HT3438
GLSA-200705-10 (http://security.gentoo.org/glsa/glsa-200705-10.xml)
USN-448-1 (http://www.ubuntu.com/usn/usn-448-1)
APPLE-SA-2009-02-12 (http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:080
SECUNIA-24758 (http://secunia.com/advisories/24758)
SECTRACK-1017857 (http://www.securitytracker.com/id?1017857)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13243
http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm
SECUNIA-25195 (http://secunia.com/advisories/25195)
http://rhn.redhat.com/errata/RHSA-2007-0125.html
SECUNIA-24741 (http://secunia.com/advisories/24741)
APPLE-SA-2007-11-14 (http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html)
[xorg-announce] 20070403 various integer overflow vulnerabilites in xserver, libX11 and libXfont (http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html)
SECUNIA-24791 (http://secunia.com/advisories/24791)
http://www.novell.com/linux/security/advisories/2007_27_x.html
DSA-1294 (http://www.debian.org/security/2007/dsa-1294)
SECUNIA-24765 (http://secunia.com/advisories/24765)
SECUNIA-25216 (http://secunia.com/advisories/25216)
XF-xorg-fontsdir-bo(33419) (https://exchange.xforce.ibmcloud.com/vulnerabilities/33419)
20070404 rPSA-2007-0065-1 freetype xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (http://www.securityfocus.com/archive/1/464686/100/0/threaded)
20070405 FLEA-2007-0009-1: xorg-x11 freetype (http://www.securityfocus.com/archive/1/464816/100/0/threaded)
ADV-2007-1548 (http://www.vupen.com/english/advisories/2007/1548)
SUNALERT-102886 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1)
ADV-2007-1217 (http://www.vupen.com/english/advisories/2007/1217)
https://issues.rpath.com/browse/RPL-1213
SECUNIA-25004 (http://secunia.com/advisories/25004)
SECUNIA-25305 (http://secunia.com/advisories/25305)
http://www.redhat.com/support/errata/RHSA-2007-0132.html
SECUNIA-24772 (http://secunia.com/advisories/24772)
http://issues.foresightlinux.org/browse/FL-223
http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
Miscellaneous
20070403 Multiple Vendor X Server fonts.dir File Parsing Integer Overflow Vulnerability (http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=502)
[4.0] 011: SECURITY FIX: April 4, 2007 (http://www.openbsd.org/errata40.html#011_xorg)
[3.9] 021: SECURITY FIX: April 4, 2007 (http://www.openbsd.org/errata39.html#021_xorg)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis