X.org X11 up to 7.1-1.1.0 DBE Extension ProcDbeSwapBuffers integer coercion
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.4 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in X.org X11 up to 7.1-1.1.0 and classified as problematic. Affected by this issue is the function ProcDbeSwapBuffers of the component DBE Extension. Performing a manipulation results in integer coercion.
This vulnerability is reported as CVE-2006-6103. No exploit exists.
It is suggested to install a patch to address this issue.
Details
A vulnerability classified as critical has been found in X.org X11 up to 7.1-1.1.0 (Windowing System Software). This affects the function ProcDbeSwapBuffers of the component DBE Extension. The manipulation with an unknown input leads to a integer coercion vulnerability. CWE is classifying the issue as CWE-192. Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.
The bug was discovered 01/09/2007. The weakness was disclosed 01/10/2007 by Sean Larsson with iDefense (Website). The advisory is shared at labs.idefense.com. This vulnerability is uniquely identified as CVE-2006-6103 since 11/24/2006. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are known, but no exploit is available.
It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 24005 (CentOS 3 : XFree86 (CESA-2007:0002)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CentOS Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 156205 (Oracle Enterprise Linux Update for XFree86 (ELSA-2007:0002)).
Applying a patch is able to eliminate this problem. The bugfix is ready for download at x.org. A possible mitigation has been published 1 days after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (31379), Tenable (24005), SecurityFocus (BID 21968†), OSVDB (32086†) and Secunia (SA23670†). The entries VDB-2815, VDB-2816 and VDB-34129 are pretty similar. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.x.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 6.4
VulDB Base Score: 7.3
VulDB Temp Score: 6.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Integer coercionCWE: CWE-192 / CWE-189
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 24005
Nessus Name: CentOS 3 : XFree86 (CESA-2007:0002)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 58133
OpenVAS Name: Slackware Advisory SSA:2007-066-02 x11
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
Exposure Time: 🔍
Patch: x.org
Timeline
11/24/2006 🔍12/31/2006 🔍
12/31/2006 🔍
01/09/2007 🔍
01/09/2007 🔍
01/10/2007 🔍
01/10/2007 🔍
01/10/2007 🔍
01/11/2007 🔍
01/11/2007 🔍
01/12/2007 🔍
01/14/2007 🔍
02/14/2007 🔍
07/13/2019 🔍
Sources
Vendor: x.orgAdvisory: labs.idefense.com⛔
Researcher: Sean Larsson
Organization: iDefense
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2006-6103 (🔍)
GCVE (CVE): GCVE-0-2006-6103
GCVE (VulDB): GCVE-100-2817
OVAL: 🔍
X-Force: 31379 - X.Org and XFree86 X server DBE ProcDbeSwapBuffers() integer overflow, High Risk
SecurityFocus: 21968 - X.Org DBE And Render Extensions Multiple Local Integer Overflow Vulnerabilities
Secunia: 23670 - X.Org X11 "DBE" and "Render" Extensions Vulnerabilities, Less Critical
OSVDB: 32086 - Multiple Vendor DBE Extension ProcDbeSwapBuffers Function Memory Corruption
SecurityTracker: 1017495
SecuriTeam: securiteam.com
Vulnerability Center: 14029 - X.Org DBE Extension Local Code Execution due to an Integer Overflow in ProcDbeSwapBuffers Function, High
Vupen: ADV-2007-0108
See also: 🔍
Entry
Created: 01/12/2007 10:43Updated: 07/13/2019 17:17
Changes: 01/12/2007 10:43 (104), 07/13/2019 17:17 (3)
Complete: 🔍
Cache ID: 216:E7E:103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.