Info

Disclosure

Sep 15, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in libXpm. The xpmParseColors function fails to validate user-supplied XPMv2/3 image files resulting in a stack overflow. With a specially crafted request, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 6.8.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

X.Org Foundation	libXpm	6.1
		6.3
		6.4
		6.5.1
		6.6
		6.7
		6.8.0

References

Related OSVDB ID: 10026 10027 10028 10030 10031 10032 10033 10034 10035
Secunia Advisory ID: 12549 12553 12554 12574 12579 12583 12652 12653 12727 12763 12777 12781 12782 13098 13347 13350 13351 13353 13835 14156 14301 15227 16601 20235
Bugtraq ID: 13480
ISS X-Force ID: 17414
CVE ID: 2004-0687 (see also: NVD)
CERT VU: 882750
Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000924
http://docs.info.apple.com/article.html?artnum=301528
http://rhn.redhat.com/errata/RHSA-2004-537.html
http://scary.beasts.org/security/CESA-2004-003.txt
http://security.gentoo.org/glsa/glsa-200410-09.xml
http://security.gentoo.org/glsa/glsa-200502-07.xml
http://sourceforge.net/mailarchive/forum.php?thread_id=5594360&forum_id=30340
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1
http://www.debian.org/security/2004/dsa-560
http://www.debian.org/security/2004/dsa-561
http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml
http://www.ics.com/developers/index.php?cont=xpm_security_alert
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:098
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:099
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:124
http://www.suse.de/de/security/2004_34_xfree86_libs_xshared.html
http://www.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch
Vendor Specific Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00600177
Vendor URL: http://www.x.org/
RedHat RHSA: RHSA-2004:478 RHSA-2005:004-12

Credit

Chris Evans - chrisscary.beasts.org -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

X.Org Foundation

libXpm

References

Credit