JVN/CVE Demo: Cveinfos

CVE

Id: 27925
CVE No.: CVE-2007-4568
Status: Candidate
Description: Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow.
Phase: Assigned (20070828)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
288119	27925	CVE-2007-4568	IDEFENSE:20071002 Multiple Vendor X Font Server Multiple Vulnerabilities	View
288120	27925	CVE-2007-4568	URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602	View
288121	27925	CVE-2007-4568	BUGTRAQ:20071003 rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs	View
288122	27925	CVE-2007-4568	URL:http://www.securityfocus.com/archive/1/archive/1/481432/100/0/threaded	View
288123	27925	CVE-2007-4568	MLIST:[xorg-announce] 20071002 [ANNOUNCE] X.Org security advisory: multiple vulnerabilities in X font server	View
288124	27925	CVE-2007-4568	URL:http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html	View
288125	27925	CVE-2007-4568	CONFIRM:https://issues.rpath.com/browse/RPL-1756	View
288126	27925	CVE-2007-4568	CONFIRM:http://bugs.freedesktop.org/show_bug.cgi?id=12298	View
288127	27925	CVE-2007-4568	CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=194606	View
288128	27925	CVE-2007-4568	CONFIRM:http://docs.info.apple.com/article.html?artnum=307430	View
288129	27925	CVE-2007-4568	CONFIRM:http://docs.info.apple.com/article.html?artnum=307562	View
288130	27925	CVE-2007-4568	APPLE:APPLE-SA-2008-02-11	View
288131	27925	CVE-2007-4568	URL:http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html	View
288132	27925	CVE-2007-4568	APPLE:APPLE-SA-2008-03-18	View
288133	27925	CVE-2007-4568	URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	View
288134	27925	CVE-2007-4568	DEBIAN:DSA-1385	View
288135	27925	CVE-2007-4568	URL:http://www.debian.org/security/2007/dsa-1385	View
288136	27925	CVE-2007-4568	FEDORA:FEDORA-2007-4263	View
288137	27925	CVE-2007-4568	URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html	View
288138	27925	CVE-2007-4568	GENTOO:GLSA-200710-11	View
288139	27925	CVE-2007-4568	URL:http://security.gentoo.org/glsa/glsa-200710-11.xml	View
288140	27925	CVE-2007-4568	MANDRIVA:MDKSA-2007:210	View
288141	27925	CVE-2007-4568	URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:210	View
288142	27925	CVE-2007-4568	REDHAT:RHSA-2008:0029	View
288143	27925	CVE-2007-4568	URL:http://www.redhat.com/support/errata/RHSA-2008-0029.html	View
288144	27925	CVE-2007-4568	REDHAT:RHSA-2008:0030	View
288145	27925	CVE-2007-4568	URL:http://www.redhat.com/support/errata/RHSA-2008-0030.html	View
288146	27925	CVE-2007-4568	SUNALERT:103114	View
288147	27925	CVE-2007-4568	URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103114-1	View
288148	27925	CVE-2007-4568	SUNALERT:200642	View
288149	27925	CVE-2007-4568	URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200642-1	View
288150	27925	CVE-2007-4568	SUSE:SUSE-SA:2007:054	View
288151	27925	CVE-2007-4568	URL:http://www.novell.com/linux/security/advisories/2007_54_xorg.html	View
288152	27925	CVE-2007-4568	CERT:TA08-043B	View
288153	27925	CVE-2007-4568	URL:http://www.us-cert.gov/cas/techalerts/TA08-043B.html	View
288154	27925	CVE-2007-4568	BID:25898	View
288155	27925	CVE-2007-4568	URL:http://www.securityfocus.com/bid/25898	View
288156	27925	CVE-2007-4568	OVAL:oval:org.mitre.oval:def:10882	View
288157	27925	CVE-2007-4568	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10882	View
288158	27925	CVE-2007-4568	VUPEN:ADV-2007-3337	View
288159	27925	CVE-2007-4568	URL:http://www.vupen.com/english/advisories/2007/3337	View
288160	27925	CVE-2007-4568	VUPEN:ADV-2007-3338	View
288161	27925	CVE-2007-4568	URL:http://www.vupen.com/english/advisories/2007/3338	View
288162	27925	CVE-2007-4568	VUPEN:ADV-2007-3467	View
288163	27925	CVE-2007-4568	URL:http://www.vupen.com/english/advisories/2007/3467	View
288164	27925	CVE-2007-4568	VUPEN:ADV-2008-0495	View
288165	27925	CVE-2007-4568	URL:http://www.vupen.com/english/advisories/2008/0495/references	View
288166	27925	CVE-2007-4568	VUPEN:ADV-2008-0924	View
288167	27925	CVE-2007-4568	URL:http://www.vupen.com/english/advisories/2008/0924/references	View
288168	27925	CVE-2007-4568	SECTRACK:1018763	View
288169	27925	CVE-2007-4568	URL:http://www.securitytracker.com/id?1018763	View
288170	27925	CVE-2007-4568	SECUNIA:27040	View
288171	27925	CVE-2007-4568	URL:http://secunia.com/advisories/27040	View
288172	27925	CVE-2007-4568	SECUNIA:27052	View
288173	27925	CVE-2007-4568	URL:http://secunia.com/advisories/27052	View
288174	27925	CVE-2007-4568	SECUNIA:27060	View
288175	27925	CVE-2007-4568	URL:http://secunia.com/advisories/27060	View
288176	27925	CVE-2007-4568	SECUNIA:27168	View
288177	27925	CVE-2007-4568	URL:http://secunia.com/advisories/27168	View
288178	27925	CVE-2007-4568	SECUNIA:27176	View
288179	27925	CVE-2007-4568	URL:http://secunia.com/advisories/27176	View
288180	27925	CVE-2007-4568	SECUNIA:27240	View
288181	27925	CVE-2007-4568	URL:http://secunia.com/advisories/27240	View
288182	27925	CVE-2007-4568	SECUNIA:27560	View
288183	27925	CVE-2007-4568	URL:http://secunia.com/advisories/27560	View
288184	27925	CVE-2007-4568	SECUNIA:27228	View
288185	27925	CVE-2007-4568	URL:http://secunia.com/advisories/27228	View
288186	27925	CVE-2007-4568	SECUNIA:28004	View
288187	27925	CVE-2007-4568	URL:http://secunia.com/advisories/28004	View
288188	27925	CVE-2007-4568	SECUNIA:28536	View
288189	27925	CVE-2007-4568	URL:http://secunia.com/advisories/28536	View
288190	27925	CVE-2007-4568	SECUNIA:28542	View
288191	27925	CVE-2007-4568	URL:http://secunia.com/advisories/28542	View
288192	27925	CVE-2007-4568	SECUNIA:28891	View
288193	27925	CVE-2007-4568	URL:http://secunia.com/advisories/28891	View
288194	27925	CVE-2007-4568	SECUNIA:29420	View
288195	27925	CVE-2007-4568	URL:http://secunia.com/advisories/29420	View
288196	27925	CVE-2007-4568	XF:xfs-protocol-requests-bo(36919)	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
52247	JVNDB-2007-000937	mcstrans におけるサービス運用妨害 (DoS) の脆弱性	Red Hat Enterprise Linux に含まれる mcstrans には、MCS translation デーモンにおいて、機密レベルの区分範囲の処理に不備が存在するために、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。	CVE-2007-4570	27925	1.9		http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000937.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.39 MB
View render complete	2.92 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.64
Event: Controller.initialize	0.02
Event: Controller.startup	0.05
Controller action	426.36
Event: Controller.beforeRender	4.88
» Processing toolbar data	4.78
Rendering View	50.35
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	49.07
» Event: View.afterRender	0.03
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.75
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.15
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/27925
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/27925
Remote Port	47246
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.223
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.148.26
Http Via	1.1 squid-proxy-5b5d847c96-7f7gz (squid/6.13)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.223
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.223
Unique Id	aOPImKDDFy79ajSlRCgwHQAAAi4
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.223
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.223
Redirect Unique Id	aOPImKDDFy79ajSlRCgwHQAAAi4
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.223
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.223
Redirect Redirect Unique Id	aOPImKDDFy79ajSlRCgwHQAAAi4
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1759758488.2443
Request Time	1759758488

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files