HTTP: X11 Oversize Font DoS
This signature detects attempts to exploit a known vulnerability in Xfree86. Versions 4.3.0 and prior are vulnerable. Attackers can submit an oversize font (Ex. via a style-sheet) to an X11 server to cause Xfree86 to consume exorbitant amounts of memory.
Extended Description
X Window System behaves unpredictably when handling an overly large font size. If an attacker can pass an overly large font size to X Window System, it is possible to cause a denial of service condition. Remote exploitation of this issue is possible via web clients or other applications which do not check that the font size is sane before passing it to the X Window System. This is reported to be a problem with xfs (X Font Server) and the libXfont component. This is reported to affect various X Window System implementations, including XFree86.
Affected Products
Xfree86 x11r6
Short Name
HTTP:STC:X11-OVERSIZE-FONT
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
DoS Font Oversize X11 bid:4966
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Sgi
Mozilla
Xfree86