Intrusion Prevention

X.Org.XFS.Swap.Char2b.Function.Buffer.Overflow

Description

This indicates an attempt to exploit a heap corruption vulnerability in X.Org X Font Server (xfs).
The vulnerability is caused by an error that occurs in the swap_char2b() function when it handles "QueryXBitmaps" and "QueryXExtents" protocol requests. It allows remote attackers to execute arbitrary code by sending a crafted "QueryXBitmaps" or "QueryXExtents" request packet.

Affected Products

X.org xfs 1.0.4

Impact

System Compromise: Remote attackers can gain control of vulnerable systems

Recommended Actions

Apply the appropriate patch, available from the Web sites below.
Sun Solaris 10_x86
Sun 119060-31
x86
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -119060-31-1
Sun Solaris 10
Sun 119059-32
Sparc
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -119059-32-1
Sun Solaris 9
Sun 113923-04
Sparc
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -113923-04-1
IBM AIX 5.2
IBM xfs_ifix.tar
ftp://aix.software.ibm.com/aix/efixes/security/xfs_ifix.tar
IBM IZ06001
http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html
Sun Solaris 9_x86
Sun 113924-04
x86
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -113924-04-1
IBM AIX 5.3
IBM xfs_ifix.tar
ftp://aix.software.ibm.com/aix/efixes/security/xfs_ifix.tar
IBM IZ06648
http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html
X.org xfs 1.0.4
X.org xorg-xfs-1.0.4-query.diff
ftp://ftp.freedesktop.org/pub/X11R7.3/patches/xorg-xfs-1.0.4-query.dif f

CVE References

CVE-2007-4990