MidnightBSD

Advisories for xfree86_project

CVE-1999-0126 HIGH

SGI IRIX buffer overflow in xterm and Xaw allows root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project xfree86 *
CVE-1999-0241 HIGH

Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun solaris 7.0
xfree86_project x11r6 *
sun solaris 2.5.1
sgi irix *
sun sunos -
CVE-1999-0433 MEDIUM

XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 5.1
netbsd netbsd 1.3.3
redhat linux 5.2
slackware slackware_linux 3.3
redhat linux 5.1
slackware slackware_linux 3.5
suse suse_linux 6.1
xfree86_project x11r6 3.3.3
netbsd netbsd 1.3.2
suse suse_linux 5.2
slackware slackware_linux 4.0
suse suse_linux 6.0
slackware slackware_linux 3.4
slackware slackware_linux 3.6
CVE-2000-0285 HIGH

Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.0
xfree86_project x11r6 3.3.6
CVE-2000-0453 MEDIUM

XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.0
xfree86_project x11r6 3.3.6
xfree86_project x11r6 3.3.5
CVE-2000-0476 MEDIUM

xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
putty putty 0.48
michael_jennings eterm 0.8.10
rxvt rxvt 2.6.1
xfree86_project x11r6 4.0
xfree86_project x11r6 3.3.3
CVE-2000-0504 MEDIUM

libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
open_group x 11.0r6
xfree86_project x11r6 3.3.6
xfree86_project x11r6 3.3.4
open_group x 11.0r6.4
gnome gdm 1.1
gnome gdm 1.0
xfree86_project x11r6 3.3.3
open_group x 11.0r6.2
open_group x 11.0r6.1
xfree86_project x11r6 4.0
xfree86_project x11r6 3.3.5
open_group x 11.0r5
open_group x 11.0r6.3
CVE-2000-0620 MEDIUM

libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
open_group x 11.0r6
open_group x 11.0r6.2
open_group x 11.0r6.1
xfree86_project x11r6 4.0
xfree86_project x11r6 3.3.6
xfree86_project x11r6 3.3.5
xfree86_project x11r6 3.3.4
open_group x 11.0r6.3
open_group x 11.0r6.4
xfree86_project x11r6 3.3.3
CVE-2000-0976 MEDIUM

Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project xlib 3.3x
CVE-2000-1060 MEDIUM

The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project xfce 3.5.1
CVE-2001-0955 HIGH

Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.0.3
xfree86_project x11r6 4.0
xfree86_project x11r6 4.0.1
CVE-2001-1086 HIGH

XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 3.3
xfree86_project x11r6 3.3.3
CVE-2001-1178 HIGH

Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 3.3.2
CVE-2001-1179 HIGH

xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 3.3.2
CVE-2001-1409 LOW

dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project xfree86_x_server 4.1.0.2
CVE-2002-1317 HIGH

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11.00
sgi irix 6.5.5
sgi irix 6.5.9
sgi irix 6.5.12
sun solaris 2.5.1
sgi irix 6.5.3
sun sunos 5.8
xfree86_project x11r6 3.3.3
xfree86_project x11r6 3.3.2
sgi irix 6.5.4
sun sunos 5.5.1
sun solaris 7.0
sun sunos 5.7
sgi irix 6.5.13
sgi irix 6.5.2
hp hp-ux 10.10
sgi irix 6.5.1
xfree86_project x11r6 3.3.4
sgi irix 6.5.10
sgi irix 6.5.8
hp hp-ux 11.22
hp hp-ux 11.04
sun sunos -
sgi irix 6.5.11
hp hp-ux 10.20
sgi irix 6.5.6
sgi irix 6.5.7
xfree86_project x11r6 3.3.5
xfree86_project x11r6 3.3
sgi irix 6.5
hp hp-ux 10.24
sun solaris 2.6
sun solaris 8.0
sun solaris 9.0
hp hp-ux 11.11
CVE-2002-1472 HIGH

Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.1.0
xfree86_project x11r6 4.2.0
CVE-2002-1510 HIGH

xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 *
CVE-2003-0063 HIGH

The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.1.0
xfree86_project x11r6 4.0.3
xfree86_project x11r6 4.0
xfree86_project x11r6 4.0.1
xfree86_project x11r6 4.2.0
xfree86_project x11r6 4.2.1
CVE-2003-0071 LOW

The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.1.0
xfree86_project x11r6 4.0.3
xfree86_project x11r6 4.0
xfree86_project x11r6 4.0.1
xfree86_project x11r6 4.2.0
xfree86_project x11r6 4.2.1
CVE-2003-0730 HIGH

Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netbsd netbsd 1.5.3
netbsd netbsd 1.5.2
netbsd netbsd 1.6
netbsd netbsd 1.6.1
netbsd netbsd 1.5.1
netbsd netbsd 1.5
xfree86_project x11r6 4.2.1
xfree86_project x11r6 4.3.0
CVE-2004-0083 HIGH

Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.1.0
openbsd openbsd 3.3
xfree86_project x11r6 4.1.12
xfree86_project x11r6 4.1.11
openbsd openbsd 3.4
xfree86_project x11r6 4.2.0
xfree86_project x11r6 4.2.1
xfree86_project x11r6 4.3.0
CVE-2004-0084 HIGH

Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.1.0
openbsd openbsd 3.3
xfree86_project x11r6 4.1.12
xfree86_project x11r6 4.1.11
openbsd openbsd 3.4
xfree86_project x11r6 4.2.0
xfree86_project x11r6 4.2.1
xfree86_project x11r6 4.3.0
CVE-2004-0093 HIGH

XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.1.0
xfree86_project x11r6 4.1.12
xfree86_project x11r6 4.1.11
xfree86_project x11r6 4.2.0
xfree86_project x11r6 4.2.1
xfree86_project x11r6 4.3.0
CVE-2004-0094 HIGH

Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.1.0
xfree86_project x11r6 4.1.12
xfree86_project x11r6 4.1.11
xfree86_project x11r6 4.2.0
xfree86_project x11r6 4.2.1
xfree86_project x11r6 4.3.0
CVE-2004-0106 HIGH

Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.1.0
openbsd openbsd 3.3
xfree86_project x11r6 4.1.12
xfree86_project x11r6 4.1.11
openbsd openbsd 3.4
xfree86_project x11r6 4.2.0
xfree86_project x11r6 4.2.1
xfree86_project x11r6 4.3.0
CVE-2004-0419 HIGH

XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
x.org x11r6 6.7.0
xfree86_project xdm cvs
gentoo linux 1.4
CVE-2004-0687 HIGH

Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.0.2.11
suse suse_linux 8.1
xfree86_project x11r6 3.3.6
openbsd openbsd 3.5
x.org x11r6 6.8
xfree86_project x11r6 4.1.11
openbsd openbsd 3.4
suse suse_linux 8
xfree86_project x11r6 4.2.0
suse suse_linux 9.0
x.org x11r6 6.7.0
xfree86_project x11r6 4.1.0
xfree86_project x11r6 4.0.3
xfree86_project x11r6 4.0
xfree86_project x11r6 4.1.12
suse suse_linux 9.1
xfree86_project x11r6 4.0.1
xfree86_project x11r6 4.2.1
xfree86_project x11r6 4.3.0
suse suse_linux 8.2
CVE-2004-0688 HIGH

Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 4.0.2.11
suse suse_linux 8.1
xfree86_project x11r6 3.3.6
openbsd openbsd 3.5
x.org x11r6 6.8
xfree86_project x11r6 4.1.11
openbsd openbsd 3.4
suse suse_linux 8
xfree86_project x11r6 4.2.0
suse suse_linux 9.0
x.org x11r6 6.7.0
xfree86_project x11r6 4.1.0
xfree86_project x11r6 4.0.3
xfree86_project x11r6 4.0
xfree86_project x11r6 4.1.12
suse suse_linux 9.1
xfree86_project x11r6 4.0.1
xfree86_project x11r6 4.2.1
xfree86_project x11r6 4.3.0
suse suse_linux 8.2
CVE-2004-0914 HIGH

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat fedora_core core_2.0
lesstif lesstif 0.93.96
xfree86_project x11r6 3.3.6
lesstif lesstif 0.93.12
x.org x11r6 6.8
xfree86_project x11r6 4.1.11
suse suse_linux 9.0
lesstif lesstif 0.93.91
xfree86_project x11r6 3.3.3
xfree86_project x11r6 3.3.2
lesstif lesstif 0.93.36
xfree86_project x11r6 4.1.12
suse suse_linux 9.1
lesstif lesstif 0.93
x.org x11r6 6.8.1
xfree86_project x11r6 4.0.1
xfree86_project x11r6 4.3.0
suse suse_linux 8.2
xfree86_project x11r6 4.0.2.11
suse suse_linux 8.1
suse suse_linux 9.2
xfree86_project x11r6 3.3.4
suse suse_linux 8
xfree86_project x11r6 4.2.0
x.org x11r6 6.7.0
xfree86_project x11r6 4.1.0
suse suse_linux 1.0
redhat fedora_core core_3.0
lesstif lesstif 0.93.94
xfree86_project x11r6 4.0.3
lesstif lesstif 0.93.34
lesstif lesstif 0.93.18
xfree86_project x11r6 4.0
xfree86_project x11r6 3.3.5
gentoo linux *
xfree86_project x11r6 3.3
lesstif lesstif 0.93.40
xfree86_project x11r6 4.2.1
CVE-2005-0605 HIGH

scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mandrakesoft mandrake_linux 10.1
redhat fedora_core core_2.0
xfree86_project x11r6 4.3.0.2
xfree86_project x11r6 3.3.6
sgi propack 3.0
suse suse_linux 8.0
xfree86_project x11r6 4.1.11
suse suse_linux 9.0
mandrakesoft mandrake_linux_corporate_server 2.1
suse suse_linux 9.1
xfree86_project x11r6 4.3.0
suse suse_linux 8.2
mandrakesoft mandrake_linux_corporate_server 3.0
suse suse_linux 6.3
suse suse_linux 7.1
suse suse_linux 8.1
mandrakesoft mandrake_linux 10.2
suse suse_linux 6.4
mandrakesoft mandrake_linux 10.0
x.org x11r6 6.7.0
xfree86_project x11r6 4.1.0
redhat fedora_core core_3.0
lesstif lesstif 0.93.94
xfree86_project x11r6 4.0
xfree86_project x11r6 3.3
suse suse_linux 7.0
suse suse_linux 7.3
xfree86_project x11r6 4.3.0.1
x.org x11r6 6.8
suse suse_linux 6.1
xfree86_project x11r6 3.3.3
xfree86_project x11r6 3.3.2
redhat enterprise_linux 3.0
xfree86_project x11r6 4.1.12
altlinux alt_linux 2.3
x.org x11r6 6.8.1
suse suse_linux 6.2
xfree86_project x11r6 4.0.1
xfree86_project x11r6 4.0.2.11
suse suse_linux 9.2
xfree86_project x11r6 3.3.4
xfree86_project x11r6 4.2.0
redhat enterprise_linux 4.0
redhat enterprise_linux_desktop 4.0
redhat enterprise_linux_desktop 3.0
xfree86_project x11r6 4.0.3
suse suse_linux 7.2
xfree86_project x11r6 3.3.5
xfree86_project x11r6 4.2.1
CVE-2005-2495 MEDIUM

Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
xfree86_project xfree86 4.0.2
xfree86_project xfree86 4.1.0
xfree86_project xfree86 4.2.1
xfree86_project xfree86 3.3.6
xfree86_project xfree86 4.2.0
xfree86_project xfree86 4.0.3
xfree86_project xfree86 4.0.0
xfree86_project xfree86 4.0.1