CERTA-2002-AVI-253

Vulnerability from certfr_avis - Published: 2002-11-27 - Updated: 2004-01-20

Une vulnérabilité du service xfs permet à un utilisateur mal intentionné d'exécuter du code arbitraire, à distance, sur la machine vulnérable.

Description

Le serveur xfs (XWindow Font Serveur) est utilisé sur les serveurs X Window pour distribuer les polices de caractères aux clients X Window.

Une vulnérabilité de type débordement de mémoire permet à un utilisateur mal intentionné d'exécuter, à distance, du code arbitraire sur la machine vulnérable.

Contournement provisoire

Filtrer au niveau du pare-feu le port 7100/tcp utilisé par xfs afin d'empêcher l'exploitation de cette vulnérabilité depuis l'Internet.

Solution

Se référer aux bulletins de sécurité des différents éditeurs pour l'obtention des correctifs.

None
Impacted products
Vendor Product Description
N/A N/A HP-UX 10.10, 10.20, 10.24, 11.00, 11.04, 11.11 et 11.22 ;
N/A N/A Solaris versions 2.5.1 à 9 ;
IBM AIX IBM AIX 4.3, 5.1 et 5.2.
N/A N/A SGI IRIX version 6.5.13 et antérieures ;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP-UX 10.10, 10.20, 10.24, 11.00, 11.04, 11.11 et 11.22 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Solaris versions 2.5.1 \u00e0 9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "IBM AIX 4.3, 5.1 et 5.2.",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "SGI IRIX version 6.5.13 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLe serveur xfs (XWindow Font Serveur) est utilis\u00e9 sur les serveurs X\nWindow pour distribuer les polices de caract\u00e8res aux clients X Window.\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire permet \u00e0 un utilisateur\nmal intentionn\u00e9 d\u0027ex\u00e9cuter, \u00e0 distance, du code arbitraire sur la\nmachine vuln\u00e9rable.\n\n## Contournement provisoire\n\nFiltrer au niveau du pare-feu le port 7100/tcp utilis\u00e9 par xfs afin\nd\u0027emp\u00eacher l\u0027exploitation de cette vuln\u00e9rabilit\u00e9 depuis l\u0027Internet.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 des diff\u00e9rents \u00e9diteurs pour\nl\u0027obtention des correctifs.\n",
  "cves": [],
  "initial_release_date": "2002-11-27T00:00:00",
  "last_revision_date": "2004-01-20T00:00:00",
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 \"Solaris fs.auto Remote Compromise    Vulnerability\" d\u0027ISS :",
      "url": "http://bvlive01.iss.net/issEN/delivery/xforce/alertdetail.jsp?oid=21541"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 \"Buffer Overflow Vulnerability in X Font    Server\" de SGI :",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HPSBUX0212-228 de Hewlett-Packard :",
      "url": "http://itrc.hp.com"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 #48879 de Sun :",
      "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM AIX :",
      "url": "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2003.1601.1"
    }
  ],
  "reference": "CERTA-2002-AVI-253",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2002-11-27T00:00:00.000000"
    },
    {
      "description": "ajout r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 #48879 de Sun.",
      "revision_date": "2002-11-28T00:00:00.000000"
    },
    {
      "description": "suppression des mentions sp\u00e9cifiques \u00e0 Solaris, ajout r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 de SGI.",
      "revision_date": "2002-12-05T00:00:00.000000"
    },
    {
      "description": "ajout r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 HPSBUX0212-228 de Hewlett-Packard.",
      "revision_date": "2002-12-10T00:00:00.000000"
    },
    {
      "description": "ajout bulletin IBM et r\u00e9f\u00e9rence CVE.",
      "revision_date": "2004-01-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 du service xfs permet \u00e0 un utilisateur mal intentionn\u00e9\nd\u0027ex\u00e9cuter du code arbitraire, \u00e0 distance, sur la machine vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de XFS (XWindow Font Server)",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 CA-2002-34 du CERT/CC",
      "url": "http://www.cert.org/Advisories/CA-2002-34.html"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.