=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN101
_____________________________________________________________________

DATE                      : 26/03/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running X.Org server.

======================================================================
http://www.kb.cert.org/vuls/id/203220
______________________________________________________________________

Vulnerability Note VU#203220

X.Org PCF font parser buffer overflow


Overview

A vulnerability in the X.Org server could allow a remote attacker to
execute arbitrary code on an affected system.


I. Description

The X.Org project provides an open source implementation of the X Window
System. The server supports bitmapped fonts in various formats,
including Portable Compiled Font (PCF) format. A flaw exists in the
handling of PCF fonts where the difference between lastCol and firstCol
in the PCF_BDF_ENCODINGS table is greater than 255. An attacker with the
ability to cause the X server to open a specially crafted PCF font file
could cause a buffer overflow in the X server.


II. Impact

A remote attacker with an established, authenticated connection to the X
server could execute arbitrary code with the privileges of the X server
or cause the server to crash.


III. Solution

Upgrade or apply a patch from the vendor

Patches and updated versions of the software have been released to
address this issue. Please see the Systems Affected section of this
document for more information.

Users who compile their X.Org system from the original source
distribution should review the X.Org security advisory of January 17th,
2008


Systems Affected

Vendor	Status	Date Updated

Fedora Project	Vulnerable	19-Mar-2008
Gentoo Linux	Vulnerable	19-Mar-2008
Mandriva, Inc.	Vulnerable	19-Mar-2008
OpenBSD	Vulnerable	19-Mar-2008
Red Hat, Inc.	Vulnerable	19-Mar-2008
SUSE Linux	Vulnerable	19-Mar-2008
Ubuntu	Vulnerable	19-Mar-2008
X.org Foundation	Vulnerable	5-Mar-2008
References


http://lists.freedesktop.org/archives/xorg/2008-January/031918.html


Credit

Thanks to Takuya Shiozaki working through JPCERT/CC for reporting
this vulnerability.

This document was written by Chad R Dougherty.


Other Information

Date Public	17/01/2008
Date First Published	19/03/2008 09:53:45
Date Last Updated	19/03/2008
CERT Advisory	
CVE Name	CVE-2008-0006
US-CERT Technical Alerts	
Metric	11,54
Document Revision	9

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================