Vulnerability Description
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xfree86 Project | X11R6 | 4.1.0 |
| Openbsd | Openbsd | 3.3 |
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821
- http://marc.info/?l=bugtraq&m=107644835523678&w=2
- http://marc.info/?l=bugtraq&m=107653324115914&w=2
- http://marc.info/?l=bugtraq&m=110979666528890&w=2
- http://security.gentoo.org/glsa/glsa-200402-02.xmlVendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1
- http://www.debian.org/security/2004/dsa-443
- http://www.idefense.com/application/poi/display?id=72
- http://www.kb.cert.org/vuls/id/820006US Government Resource
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:012
- http://www.novell.com/linux/security/advisories/2004_06_xf86.html
- http://www.redhat.com/support/errata/RHSA-2004-059.html
- http://www.redhat.com/support/errata/RHSA-2004-060.html
- http://www.redhat.com/support/errata/RHSA-2004-061.html
- http://www.securityfocus.com/bid/9636ExploitPatchVendor Advisory
FAQ
What is CVE-2004-0083?
CVE-2004-0083 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a...
How severe is CVE-2004-0083?
CVE-2004-0083 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0083?
Check the references section above for vendor advisories and patch information. Affected products include: Xfree86 Project X11R6, Openbsd Openbsd.