Impact
local privilege escalation
Solution
Please Install the Updated Packages.
Insight
The Xorg server was updated to fix 2 problems in the X FontServer found in Xorg versions starting with 6.8 and in the Composite extension.
SUSE Linux 10.0,10.1, openSUSE 10.2, 10.3 and SUSE Linux Enterprise 10 are affected by these 3 problems, older distributions are not.
Following issues were fixed:
IDEF2708 / CVE-2007-4989: X Font Server build_range() Integer Overflow Vulnerability.
IDEF2709 / CVE-2007-4990: X Font Server swap_char2b() Heap Overflow Vulnerability CVE-2007-4730: A buffer overflow in the Composite extension.
These can be exploited by logged in users to potentially execute code in the X server or xfs, which are running as root.
Affected
XOrg on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-4568, CVE-2007-4730, CVE-2007-4990 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities