Support > Knowledge Base

Knowledge Base

Search the Knowledge Base:

Guided Search

Products:

Search In:

Security Response to XFree86 and X Server Integer Overflow Flaws

Details

VMware Security Response
CVE identifiers	CVE-2007-1003 CVE-2007-1351 CVE-2007-1352 CVE-2007-1667
CVE URLs	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667

Summary

iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003)

iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352)

An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667)

All these vulnerabilities require a malicious local user.

Solution

ESX Server 2.x ships with X server, but does not install it. ESX Server 3.x does not ship with X server.

Because ESX Server 2.x doesn't install an X server, ESX Server systems are not usually affected by the issues described in CVE-2007-1003, CVE-2007-1351, and CVE-2007-1352. However, if an administrator manually installed the X server from media, the system could be vulnerable to these issues.

The CVE-2007-1667 issue can be exploited only if X11 client binaries with elevated privileges (that is, a setuid binary) exist on the ESX Server host. ESX Server 2.x doesn't install any X clients by default. Your ESX Server system is not vulnerable unless an administrator has manually installed X clients.

Action: The following patches were issued June 28, 2007. Download and install the relevant patches if they have not already been applied to your system.

ESX Server 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200706-patch.html
ESX Server 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200706-patch.html
ESX Server 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200706-patch.html
ESX Server 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200706-patch.html

Keywords

alertz; urlz; OVAL; com.redhat.rhsa-20070125.xml; RHSA-2007:0125;

Feedback

Actions

KB Article: 1000190
Updated: Aug 14, 2009

Products:
VMware ESX
Product Versions:
VMware ESX 2.0.x
VMware ESX 2.1.x
VMware ESX 2.5.x

Did this article help you?
This article resolved my issue. This article did not resolve my issue. This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (2000 or fewer characters)