Title: XFree86 fbglyph Denial of Service Vulnerability
Severity: MODERATE
Description:
XFree86 4.x is vulnerable to a potential memory corruption / buffer overflow attack. This vulnerability has been demonstrated using the KDE Web Browser / File Management application "Konqueror", and represents at the very least a denial of service. This may also indicate an exploitable buffer overflow that could be used by an attacker to gain privileges on the machine running the X server, and may or may not be remotely exploitable (depending on which applications expose it). This is a vulnerability in the XFree86 server itself and not the client applications that can be used to initiate it. This has been reported under the following circumstances:
1. When the Konqueror browser processes excessively long strings in the actual browser window (ie, pasting these to a remote site from within the browser).
2. Double clicking on excessively long filenames in the file manager of Konqueror
Technical details are not yet available, although a patch for fbglyph.c has been released.
Linux and other systems may be compromised if this vulnerability is successfully exploited to execute arbitrary code.
Affected Products:
- RedHat Linux 7.0.0
- RedHat Linux 7.1.0
- XFree86 X11R6 4.0.0
- XFree86 X11R6 4.0.1
- XFree86 X11R6 4.0.3
References:
- Konqueror: Konqueror Web Page
- XFree86: XFree86 Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
