Signature Detail

X11: X Font Server Character Swap

This signature detects attempts to exploit a known vulnerability against Solaris XFS. A successful attack can lead to arbitrary code execution.

Extended Description

X.Org X Font Server (XFS) is prone to multiple memory-corruption vulnerabilities, including an integer-overflow issue and a heap-based memory-corruption issue. An attacker could exploit this issue to execute arbitrary code with the privileges of the X Font Server. Failed exploit attempts will likely result in a denial-of-service condition. NOTE: These issues are exploitable remotely only on Solaris operating systems; by default the server is listening on TCP port 7100. For other UNIX-like operating systems, an attacker can exploit these issues only locally. These issues affect X Font Server 1.0.4; prior versions may also be affected.

Affected Products

• Apple Mac OS X 10.4.11
• Apple Mac OS X 10.5
• Apple Mac OS X 10.5.1
• Apple Mac OS X Server 10.4.11
• Apple Mac OS X Server 10.5
• Apple Mac OS X Server 10.5.1
• Avaya Predictive Dialer
• Avaya Proactive Contact
• Debian Linux 3.1.0
• Debian Linux 3.1.0 Alpha
• Debian Linux 3.1.0 Amd64
• Debian Linux 3.1.0 Arm
• Debian Linux 3.1.0 Hppa
• Debian Linux 3.1.0 Ia-32
• Debian Linux 3.1.0 Ia-64
• Debian Linux 3.1.0 M68k
• Debian Linux 3.1.0 Mips
• Debian Linux 3.1.0 Mipsel
• Debian Linux 3.1.0 Ppc
• Debian Linux 3.1.0 S/390
• Debian Linux 3.1.0 Sparc
• Debian Linux 4.0
• Debian Linux 4.0 Alpha
• Debian Linux 4.0 Amd64
• Debian Linux 4.0 Arm
• Debian Linux 4.0 Hppa
• Debian Linux 4.0 Ia-32
• Debian Linux 4.0 Ia-64
• Debian Linux 4.0 M68k
• Debian Linux 4.0 Mips
• Debian Linux 4.0 Mipsel
• Debian Linux 4.0 Powerpc
• Debian Linux 4.0 S/390
• Debian Linux 4.0 Sparc
• Gentoo Linux
• HP HP-UX B.11.11
• HP HP-UX B.11.23
• HP HP-UX B.11.31
• IBM AIX 5.2
• IBM AIX 5.3
• Mandriva Corporate Server 3.0.0
• Mandriva Corporate Server 3.0.0 X86 64
• Mandriva Corporate Server 4.0
• Mandriva Corporate Server 4.0.0 X86 64
• Mandriva Linux Mandrake 2007.0
• Mandriva Linux Mandrake 2007.0 X86 64
• Mandriva Linux Mandrake 2007.1
• Mandriva Linux Mandrake 2007.1 X86 64
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
• Red Hat Desktop 4.0.0
• Red Hat Enterprise Linux AS 2.1
• Red Hat Enterprise Linux AS 2.1 IA64
• Red Hat Enterprise Linux AS 3
• Red Hat Enterprise Linux AS 4
• Red Hat Enterprise Linux ES 2.1
• Red Hat Enterprise Linux ES 2.1 IA64
• Red Hat Enterprise Linux ES 3
• Red Hat Enterprise Linux ES 4
• Red Hat Enterprise Linux WS 2.1
• Red Hat Enterprise Linux WS 2.1 IA64
• Red Hat Enterprise Linux WS 3
• Red Hat Enterprise Linux WS 4
• Red Hat Fedora 7
• rPath rPath Linux 1
• Sun Solaris 10 X86
• Sun Solaris 8 Sparc
• Sun Solaris 8 X86
• Sun Solaris 9 Sparc
• Sun Solaris 9 X86
• SuSE Linux 10.0 Ppc
• SuSE Linux 10.0 X86
• SuSE Linux 10.0 X86-64
• SuSE Linux 10.1 Ppc
• SuSE Linux 10.1 X86
• SuSE Linux 10.1 X86-64
• SuSE openSUSE 10.2
• SuSE openSUSE 10.3
• SuSE SUSE Linux Enterprise Desktop 10 SP1
• SuSE SUSE Linux Enterprise SDK 10.SP1
• SuSE SUSE Linux Enterprise Server 10 SP1
• X.org xfs 1.0.4

References

• BugTraq: 25898
• CVE: CVE-2007-4990