Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against X.Org X Font Server Handlers Integer Overflow

Subscribe

Check Point Reference: CPAI-2007-370
Date Published:
Severity:
Last Updated:
Source: Secunia Advisory: SA27040
Industry Reference(s): CVE-2007-4568
Protection Provided by: Security Gateway
  • R75
Who is Vulnerable?
X.Org Foundation X Font Server 1.0.4 (X11R7.3) and prior
Vulnerability Description
X.Org foundation's X Window System (commonly X11 or X Window) is a networking and display protocol which provides windowing on bitmap displays. It provides the standard toolkit and protocol to build graphical user interfaces (GUIs) on Unix-like operating systems and OpenVMS, and is supported by almost all other modern operating systems.
Vulnerability Details
There exists multiple vulnerabilities in the way X.Org Font Server handles incoming QueryXExtents8, QueryXExtents16, QueryXBitmaps8 and QueryXBitmaps1 protocol requests. More specifically, the vulnerability is due to lack of proper validation on the NumberOfRanges field of the mentioned requests. By sending specially crafted requests, an unauthenticated remote attacker can leverage this flaw to execute arbitrary code on the target host with root or System level privileges.
In an attack case where code injection is not successful, the affected service will terminate unexpectedly. This will create a denial of service condition of the affected service.
In a more sophisticated attack where code injection results in successful process flow diverting, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the running process, normally System.

Protection Overview
This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R75

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > IPS Software Blade > Application Intelligence > Application Servers.
2. In the right pane, double-click the X.Org X Font Server Handlers Integer Overflow protection.
3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Application Servers Protection Violation
Attack Information: X.Org X Font Server handlers integer overflow