CVE-2006-6101 - Vulnerability Details

Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux
X.org	X.org
Xfree86 Project	Xfree86

Configuration 1 [-]

OR	cpe:2.3:a:x.org:x.org:6.8.2:::::::*
	cpe:2.3:a:x.org:x.org:6.9.0:::::::*
	cpe:2.3:a:x.org:x.org:7.0:::::::*
	cpe:2.3:a:x.org:x.org:7.1:::::::*
	cpe:2.3:a:xfree86_project:xfree86::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
XFree86-0:4.1.0-78.EL	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2007:0002	2007-01-10T00:00:00Z
Red Hat Enterprise Linux 3
XFree86-0:4.3.0-115.EL	cpe:/o:redhat:enterprise_linux:3	RHSA-2007:0002	2007-01-10T00:00:00Z
Red Hat Enterprise Linux 4
xorg-x11-0:6.8.2-1.EL.13.37.5	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:0003	2007-01-10T00:00:00Z

References

Link	Providers
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-002.txt.asc
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=463
http://lists.freedesktop.org/archives/xorg-announce/2007-January/000235.html
http://osvdb.org/32084
http://secunia.com/advisories/23633
http://secunia.com/advisories/23670
http://secunia.com/advisories/23684
http://secunia.com/advisories/23689
http://secunia.com/advisories/23698
http://secunia.com/advisories/23705
http://secunia.com/advisories/23758
http://secunia.com/advisories/23789
http://secunia.com/advisories/23966
http://secunia.com/advisories/24168
http://secunia.com/advisories/24210
http://secunia.com/advisories/24247
http://secunia.com/advisories/24401
http://secunia.com/advisories/25802
http://security.gentoo.org/glsa/glsa-200701-25.xml
http://securitytracker.com/id?1017495
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.393555
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1
http://support.avaya.com/elmodocs2/security/ASA-2007-066.htm
http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2007:005
http://www.novell.com/linux/security/advisories/2007_08_x.html
http://www.redhat.com/support/errata/RHSA-2007-0002.html
http://www.redhat.com/support/errata/RHSA-2007-0003.html
http://www.securityfocus.com/bid/21968
http://www.ubuntu.com/usn/usn-403-1
http://www.vupen.com/english/advisories/2007/0108
http://www.vupen.com/english/advisories/2007/0109
http://www.vupen.com/english/advisories/2007/0589
http://www.vupen.com/english/advisories/2007/0669
http://www.vupen.com/english/advisories/2007/2233
https://exchange.xforce.ibmcloud.com/vulnerabilities/31337
https://issues.rpath.com/browse/RPL-920
https://nvd.nist.gov/vuln/detail/CVE-2006-6101
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10490
https://www.cve.org/CVERecord?id=CVE-2006-6101
https://www.debian.org/security/2007/dsa-1249

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2007-01-09T23:00:00

Updated: 2024-08-07T20:12:31.636Z

Reserved: 2006-11-24T00:00:00

Link: CVE-2006-6101

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-12-31T05:00:00.000

Modified: 2024-11-21T00:21:48.000

Link: CVE-2006-6101

Redhat

Severity : Important

Publid Date: 2006-01-09T00:00:00Z

Links: CVE-2006-6101 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-09T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "ADV-2007-0108", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0108"}, {"name": "ADV-2007-0669", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0669"}, {"name": "SUSE-SA:2007:008", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_08_x.html"}, {"name": "21968", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21968"}, {"name": "23789", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23789"}, {"name": "HPSBUX02225", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678"}, {"name": "24168", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24168"}, {"name": "23633", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23633"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm"}, {"name": "23670", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23670"}, {"name": "32084", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/32084"}, {"name": "xorg-xserver-render-overflow(31337)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31337"}, {"name": "24401", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24401"}, {"name": "oval:org.mitre.oval:def:10490", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10490"}, {"name": "23684", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23684"}, {"name": "RHSA-2007:0002", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0002.html"}, {"name": "ADV-2007-0589", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0589"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-920"}, {"name": "20070109 Multiple Vendor X Server Render Extension ProcRenderAddGlyphs Memory Corruption Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=463"}, {"name": "ADV-2007-0109", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0109"}, {"name": "23966", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23966"}, {"name": "GLSA-200701-25", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200701-25.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-066.htm"}, {"name": "SSRT071295", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678"}, {"name": "23698", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23698"}, {"name": "25802", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25802"}, {"name": "23758", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23758"}, {"name": "23705", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23705"}, {"name": "23689", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23689"}, {"name": "102803", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1"}, {"name": "1017495", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017495"}, {"name": "24210", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24210"}, {"name": "SSA:2007-066-02", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.393555"}, {"name": "RHSA-2007:0003", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0003.html"}, {"name": "NetBSD-SA2007-002", "tags": ["vendor-advisory", "x_refsource_NETBSD"], "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-002.txt.asc"}, {"name": "MDKSA-2007:005", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:005"}, {"name": "DSA-1249", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2007/dsa-1249"}, {"name": "24247", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24247"}, {"name": "[x-org announce] 20070109 X.Org Security Advisory: multiple integer overflows in dbe and render extensions", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-January/000235.html"}, {"name": "USN-403-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-403-1"}, {"name": "ADV-2007-2233", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2233"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:12:31.636Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2007-0108", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0108"}, {"name": "ADV-2007-0669", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0669"}, {"name": "SUSE-SA:2007:008", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_08_x.html"}, {"name": "21968", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21968"}, {"name": "23789", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23789"}, {"name": "HPSBUX02225", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678"}, {"name": "24168", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24168"}, {"name": "23633", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23633"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm"}, {"name": "23670", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23670"}, {"name": "32084", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/32084"}, {"name": "xorg-xserver-render-overflow(31337)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31337"}, {"name": "24401", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24401"}, {"name": "oval:org.mitre.oval:def:10490", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10490"}, {"name": "23684", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23684"}, {"name": "RHSA-2007:0002", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0002.html"}, {"name": "ADV-2007-0589", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0589"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-920"}, {"name": "20070109 Multiple Vendor X Server Render Extension ProcRenderAddGlyphs Memory Corruption Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=463"}, {"name": "ADV-2007-0109", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0109"}, {"name": "23966", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23966"}, {"name": "GLSA-200701-25", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200701-25.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-066.htm"}, {"name": "SSRT071295", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678"}, {"name": "23698", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23698"}, {"name": "25802", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25802"}, {"name": "23758", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23758"}, {"name": "23705", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23705"}, {"name": "23689", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23689"}, {"name": "102803", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1"}, {"name": "1017495", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017495"}, {"name": "24210", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24210"}, {"name": "SSA:2007-066-02", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.393555"}, {"name": "RHSA-2007:0003", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0003.html"}, {"name": "NetBSD-SA2007-002", "tags": ["vendor-advisory", "x_refsource_NETBSD", "x_transferred"], "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-002.txt.asc"}, {"name": "MDKSA-2007:005", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:005"}, {"name": "DSA-1249", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2007/dsa-1249"}, {"name": "24247", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24247"}, {"name": "[x-org announce] 20070109 X.Org Security Advisory: multiple integer overflows in dbe and render extensions", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-January/000235.html"}, {"name": "USN-403-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-403-1"}, {"name": "ADV-2007-2233", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2233"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2006-6101", "datePublished": "2007-01-09T23:00:00", "dateReserved": "2006-11-24T00:00:00", "dateUpdated": "2024-08-07T20:12:31.636Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x.org:x.org:6.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "F86D1247-A4A5-4868-9A58-1905E34240A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:x.org:x.org:6.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "689B8780-1D8D-4B80-B93D-F9C03868B999", "vulnerable": true}, {"criteria": "cpe:2.3:a:x.org:x.org:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "99BC0C37-EF29-44F3-ACE3-61D298B9EAD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:x.org:x.org:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "91B71A40-7EA5-4AA1-8609-0DDAC70D22BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:xfree86_project:xfree86:*:*:*:*:*:*:*:*", "matchCriteriaId": "11B50724-87F2-4250-BB69-C20E050C3146", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures."}, {"lang": "es", "value": "Desbordamiento de Entero en la funci\u00f3n ProcRenderAddGlyphs en la extensi\u00f3n Render para X.Org 6.8.2, 6.9.0, 7.0, y 7.1, y Servidor XFree86 X, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n de protocolo X manipulada que dispara corrupci\u00f3n de memoria durante el procesado del manejo de estructuras de datos para la representaci\u00f3n f\u00edsica de caracteres."}], "id": "CVE-2006-6101", "lastModified": "2024-11-21T00:21:48.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 2.7, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-31T05:00:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-002.txt.asc"}, {"source": "secalert@redhat.com", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678"}, {"source": "secalert@redhat.com", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=463"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-January/000235.html"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/32084"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23633"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23670"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23684"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23689"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23698"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23705"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23758"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23789"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/23966"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24168"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24210"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24247"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/24401"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/25802"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200701-25.xml"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1017495"}, {"source": "secalert@redhat.com", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.393555"}, {"source": "secalert@redhat.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1"}, {"source": "secalert@redhat.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-066.htm"}, {"source": "secalert@redhat.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:005"}, {"source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2007_08_x.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0002.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0003.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/21968"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/usn-403-1"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/0108"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/0109"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/0589"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/0669"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/2233"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31337"}, {"source": "secalert@redhat.com", "url": "https://issues.rpath.com/browse/RPL-920"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10490"}, {"source": "secalert@redhat.com", "url": "https://www.debian.org/security/2007/dsa-1249"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-002.txt.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=463"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.freedesktop.org/archives/xorg-announce/2007-January/000235.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/32084"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23633"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23670"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23684"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23689"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23698"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23705"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23758"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23789"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23966"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24168"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24210"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24247"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24401"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25802"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200701-25.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017495"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.393555"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-066.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:005"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_08_x.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/21968"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-403-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0108"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0109"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0589"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0669"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2233"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31337"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-920"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10490"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2007/dsa-1249"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "lastModified": "2007-03-14T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2007:0002", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "XFree86-0:4.1.0-78.EL", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2007-01-10T00:00:00Z"}, {"advisory": "RHSA-2007:0002", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "XFree86-0:4.3.0-115.EL", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2007-01-10T00:00:00Z"}, {"advisory": "RHSA-2007:0003", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "xorg-x11-0:6.8.2-1.EL.13.37.5", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-01-10T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1618238", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618238"}, "csaw": false, "details": ["Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures."], "name": "CVE-2006-6101", "public_date": "2006-01-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2006-6101\nhttps://nvd.nist.gov/vuln/detail/CVE-2006-6101"], "statement": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "threat_severity": "Important"}

Metrics

Access Vector Local

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object