Bug 10897

Summary: X11 font server vulnerability
Product: [Retired] Red Hat Linux Reporter: smedina
Component: abootAssignee: Cristian Gafton <gafton>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-04-18 19:27:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description smedina 2000-04-18 18:33:26 UTC 
The purpose of this email is twofold: 1) to inform you of a reported
vulnerability by a third party, not myself,  involving one of your
products, and 2) to obtain confirmation/clarification and knowledge of any
measures taken to address this in the event it is viable.

Below is the report (snipped):

--- Begin report ---

A denial of service exists in the X11 font server shipped with RedHat
Linux 6.x. Due to improper input validation, it is possible for any user
to crash the X fontserver. This will prevent the X server from functioning
properly

--- End report ---


An explanation of my query - I work for Infrastructure Defense, Inc.,
which provides private publications to fortune 500 companies about
information/computer security trends, vulnerabilities, etc. I strive to
contact the appropriate parties whenever there is a question as to the
veracity of a post, claim, other. Hence, my email to you.

I hope to hear from you soon.


Servio Medina - smedina
Information Security Analyst
www.idefense.com
Comment 1 Bill Nottingham 2000-04-18 19:27:59 UTC 
*** This bug has been marked as a duplicate of 10877 ***