| VID |
23043 |
| Severity |
40 |
| Port |
7101 |
| Protocol |
TCP |
| Class |
X11 |
| Detailed Description |
The X Font Service for TrueType (xfstt) is running. X Font Server for TrueType (xfstt) is a server for Linux and Unix-based operating systems. xfstt versions 1.4 and earlier are vulnerable to a buffer overflow in xfstt.cc, caused by improper bounds checking of user-supplied input. A remote attacker could use this flaw to execute arbitrary code on the system or to cause the xfstt daemon to crash.
* Note: This check doesn't perform an actually test to assess this vulnerability but solely relied on the presence of xfstt daemon for the remote server, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2003-07/0178.html
* Platforms Affected:
X Font Service for TrueType (xfstt) 1.4 or prior
Debian Linux 3.0
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of xfstt (1.5 or later), available from the Xfstt Developer's Official Web site at http://developer.berlios.de/projects/xfstt
For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest version of xfstt (1.2.1-3 or later), as listed in Debian Security Advisory DSA-360-1 at http://www.debian.org/security/2003/dsa-360
For other distributions:
Contact your vendor for upgrade or patch information. |
| Related URL |
CVE-2003-0581,CVE-2003-0625 (CVE) |
| Related URL |
8182 (SecurityFocus) |
| Related URL |
12655 (ISS) |
|
