Vulnerability Details : CVE-2008-0006
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.
Vulnerability category: OverflowExecute code
Products affected by CVE-2008-0006
- cpe:2.3:a:sun:solaris_libfont:*:*:*:*:*:*:*:*
- cpe:2.3:a:sun:solaris_libxfont:*:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:xserver:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-0006
88.95%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-0006
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2008-0006
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0006
-
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html
[SECURITY] Fedora 7 Update: libXfont-1.2.9-3.fc7
-
https://bugzilla.redhat.com/show_bug.cgi?id=428044
428044 – (CVE-2008-0006) CVE-2008-0006 Xorg / XFree86 PCF font parser buffer overflow
-
https://issues.rpath.com/browse/RPL-2010
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:022
Mandriva
-
http://bugs.gentoo.org/show_bug.cgi?id=204362
204362 – x11-base/xorg-server|x11-libs/libXfont Multiple vulnerabilities (CVE-2007-{5760,5958,6427,6428,6429}CVE-2008-0006)
-
http://www.vupen.com/english/advisories/2008/0497/references
Site en construction
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:024
Mandriva
-
http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm
ASA-2008-077 (SUN 201230, Previous, ID:, 103192)
-
http://www.securityfocus.com/bid/27336
Patch
-
http://jvn.jp/en/jp/JVN88935101/index.html
JVN#88935101: X.Org Foundation X server buffer overflow vulnerability
-
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html
modular -> monolithicPatch
-
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
Linux Terminal Server Project: Multiple vulnerabilities (GLSA 200805-07) — Gentoo security
-
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html
[security-announce] SUSE Security Announcement: Xorg and XFree (SUSE-SA:2008:003) - openSUSE Security Announce - openSUSE Mailing Lists
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1
-
http://www.vupen.com/english/advisories/2008/0184
Site en construction
-
http://securitytracker.com/id?1019232
GoDaddy Domain Name Search
-
http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm
ASA-2008-038 (SUN 103192)
-
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
-
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html
[SECURITY] Fedora 8 Update: libXfont-1.3.1-2.fc8
-
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities
404 Not Found
-
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html
JVNDB-2008-001043 - JVN iPedia - 脆弱性対策情報データベース
-
http://www.vupen.com/english/advisories/2008/0179
Site en construction
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1
Patch
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10021
404 Not Found
-
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
[security-announce] SUSE Security Summary Report SUSE-SR:2008:08 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.vupen.com/english/advisories/2008/0703
Site en construction
-
http://www.securityfocus.com/bid/27352
-
http://security.gentoo.org/glsa/glsa-200804-05.xml
NX: User-assisted execution of arbitrary code (GLSA 200804-05) — Gentoo security
-
http://security.gentoo.org/glsa/glsa-200801-09.xml
X.Org X server and Xfont library: Multiple vulnerabilities (GLSA 200801-09) — Gentoo security
-
https://usn.ubuntu.com/571-1/
404: Page not found | Ubuntu
-
http://www.redhat.com/support/errata/RHSA-2008-0064.html
Support
-
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html
[SECURITY] Fedora 7 Update: xorg-x11-server-1.3.0.0-15.fc7
-
http://docs.info.apple.com/article.html?artnum=307562
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:021
Mandriva
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39767
X.Org X11 PCF font buffer overflow CVE-2008-0006 Vulnerability Report
-
http://www.securityfocus.com/archive/1/487335/100/0/threaded
-
http://www.openbsd.org/errata42.html#006_xorg
OpenBSD 4.2 Errata
-
http://www.redhat.com/support/errata/RHSA-2008-0029.html
Support
-
http://www.vupen.com/english/advisories/2008/3000
Site en construction
-
http://www.openbsd.org/errata41.html#012_xorg
OpenBSD 4.1 Errata
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
-
http://www.redhat.com/support/errata/RHSA-2008-0030.html
Support
-
http://www.vupen.com/english/advisories/2008/0924/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html
[SECURITY] Fedora 8 Update: xorg-x11-server-1.3.0.0-39.fc8
Jump to