Signature Detail
Short Name |
HTTP:STC:X11-OVERSIZE-FONT |
|---|---|
Severity |
Low |
Recommended |
No |
Category |
HTTP |
Keywords |
X11 font dos |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: X11 Oversize Font DoS
This signature detects attempts to exploit a known vulnerability in Xfree86. Versions 4.3.0 and prior are vulnerable. Attackers can submit an oversize font (Ex. via a style-sheet) to an X11 server to cause Xfree86 to consume exorbitant amounts of memory.
Extended Description
X Window System behaves unpredictably when handling an overly large font size. If an attacker can pass an overly large font size to X Window System, it is possible to cause a denial of service condition. Remote exploitation of this issue is possible via web clients or other applications which do not check that the font size is sane before passing it to the X Window System. This is reported to be a problem with xfs (X Font Server) and the libXfont component. This is reported to affect various X Window System implementations, including XFree86.
Affected Products
- Mozilla Browser 1.0.0
- SGI IRIX 6.5.0
- SGI IRIX 6.5.1
- SGI IRIX 6.5.10
- SGI IRIX 6.5.11
- SGI IRIX 6.5.12
- SGI IRIX 6.5.13 f
- SGI IRIX 6.5.13 m
- SGI IRIX 6.5.14 f
- SGI IRIX 6.5.14 m
- SGI IRIX 6.5.15 f
- SGI IRIX 6.5.15 m
- SGI IRIX 6.5.16 f
- SGI IRIX 6.5.16 m
- SGI IRIX 6.5.17 f
- SGI IRIX 6.5.17 m
- SGI IRIX 6.5.2
- SGI IRIX 6.5.3
- SGI IRIX 6.5.4
- SGI IRIX 6.5.5
- SGI IRIX 6.5.6
- SGI IRIX 6.5.7
- SGI IRIX 6.5.8
- SGI IRIX 6.5.9
- XFree86 X11R6 4.0.0
- XFree86 X11R6 4.0.1
- XFree86 X11R6 4.0.2 -11
- XFree86 X11R6 4.0.3
- XFree86 X11R6 4.1.0 .0
- XFree86 X11R6 4.1.0 -11
- XFree86 X11R6 4.1.0 -12
- XFree86 X11R6 4.2.0 .0
- XFree86 xfs 4.0.1
- XFree86 xfs 4.0.3
References