Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.

The remote Solaris system is missing necessary patches to address security updates :

  - Stack-based buffer overflow in the bdfReadCharacters     function in bitmap/ bdfread.c in X.Org libXfont 1.1     through 1.4.6 allows remote attackers to cause a denial     of service (crash) or possibly execute arbitrary code     via a long string in a character name in a BDF font     file. (CVE-2013-6462)

The remote OracleVM system is missing necessary patches to address critical security updates :

  - CVE-2014-0209: integer overflow of allocations in font     metadata file parsing (bug 1163602, bug 1163601)

  - CVE-2014-0210: unvalidated length fields when parsing     xfs protocol replies (bug 1163602, bug 1163601)

  - CVE-2014-0211: integer overflows calculating memory     needs for xfs replies (bug 1163602, bug 1163601)

  - CVE-2013-6462.patch: sscanf overflow (bug 1049684)

  - sscanf-hardening.patch: Some other sscanf hardening     fixes (1049684)

-     U_CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.p     atch 

  - unlimited sscanf overflows stack buffer in     bdfReadCharacters() (CVE-2013-6462, bnc#854915)

The remote host has a version of Oracle Secure Global Desktop that is version 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by the following vulnerabilities :

  - A buffer overflow flaw exists in the 'bdfReadCharacters'     function within 'bitmap/bdfread.c' of the included X.Org     libXfont. This could allow a remote attacker to cause a     denial of service attack or possibly execute arbitrary     code. (CVE-2013-6462)

  - A flaw exists with the Workspace Web Application. This     could allow a remote attacker to impact the integrity of     the application. Note this only affects versions     5.0 and 5.1 of Oracle Secure Global Desktop.
    (CVE-2014-2439)

  - A flaw exists with the Workspace Web Application. This     could allow a remote attacker to impact the     confidentiality and integrity of the application.
    (CVE-2014-2463)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported patch information.

The remote host is affected by the vulnerability described in GLSA-201402-23 (libXfont: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in libXfont. Please review       the CVE identifiers referenced below for details.
  Impact :

    A local attacker could use a specially crafted file to gain privileges       or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

This update fixes a stack-based buffer overflow in xorg-x11 in the function bdfReadCharacters(). CVE-2013-6462 has been assigned to this issue.

A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server.
(CVE-2013-6462)

A vulnerability has been discovered and corrected in libxfont :

Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file (CVE-2013-6462).

The updated packages have been patched to correct this issue.

New libXfont packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server.
(CVE-2013-6462)

All running X.Org server instances must be restarted for the update to take effect.

Updated libXfont packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The libXfont packages provide the X.Org libXfont runtime library.
X.Org is an open source implementation of the X Window System.

A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server.
(CVE-2013-6462)

Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-0018 advisory.

    [1.4.5-3]
    - cve-2013-6462.patch: sscanf overflow (bug 1049684)
    - sscanf-hardening.patch: Some other sscanf hardening fixes (1049684)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

freedesktop.org reports :

A BDF font file containing a longer than expected string can cause a buffer overflow on the stack. Testing in X servers built with Stack Protector restulted in an immediate crash when reading a user-proveded specially crafted font.

As libXfont is used to read user-specified font files in all X servers distributed by X.Org, including the Xorg server which is often run with root privileges or as setuid-root in order to access hardware, this bug may lead to an unprivileged user acquiring root privileges in some systems.

It was discovered that libXfont incorrectly handled certain malformed BDF fonts. An attacker could use a specially crafted font file to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that a buffer overflow in the processing of Glyph Bitmap Distribution fonts (BDF) could result in the execution of arbitrary code.

ID	Name	Product	Family	Severity
80820	Oracle Solaris Third-Party Patch Update : xorg (cve_2013_6462_buffer_errors)	Nessus	Solaris Local Security Checks	high
79557	OracleVM 3.3 : libXfont (OVMSA-2014-0080)	Nessus	OracleVM Local Security Checks	high
75391	openSUSE Security Update : libXfont (openSUSE-SU-2014:0073-1)	Nessus	SuSE Local Security Checks	high
73596	Oracle Secure Global Desktop Multiple Vulnerabilities (April 2014 CPU)	Nessus	Misc.	high
72637	GLSA-201402-23 : libXfont: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
72456	SuSE 11.2 / 11.3 Security Update : xorg-x11 (SAT Patch Numbers 8723 / 8724)	Nessus	SuSE Local Security Checks	high
72300	Amazon Linux AMI : libXfont (ALAS-2014-282)	Nessus	Amazon Linux Local Security Checks	high
72081	Mandriva Linux Security Advisory : libxfont (MDVSA-2014:013)	Nessus	Mandriva Local Security Checks	high
71929	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : libXfont (SSA:2014-013-01)	Nessus	Slackware Local Security Checks	high
71910	Scientific Linux Security Update : libXfont on SL5.x, SL6.x i386/x86_64 (20140110)	Nessus	Scientific Linux Local Security Checks	high
71909	RHEL 5 / 6 : libXfont (RHSA-2014:0018)	Nessus	Red Hat Local Security Checks	high
71908	Oracle Linux 5 / 6 : libxfont (ELSA-2014-0018)	Nessus	Oracle Linux Local Security Checks	critical
71901	CentOS 5 / 6 : libXfont (CESA-2014:0018)	Nessus	CentOS Local Security Checks	high
71874	FreeBSD : libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont (28c575fa-784e-11e3-8249-001cc0380077)	Nessus	FreeBSD Local Security Checks	high
71855	Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : libxfont vulnerability (USN-2078-1)	Nessus	Ubuntu Local Security Checks	high
71850	Debian DSA-2838-1 : libxfont - buffer overflow	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2013-6462

critical

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

critical

high

high

high

high