Bug 10897 - X11 font server vulnerability
Summary: X11 font server vulnerability
Status: CLOSED DUPLICATE of bug 10877
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: aboot   
(Show other bugs)
Version: 6.0
Hardware: All Linux
Target Milestone: ---
Assignee: Cristian Gafton
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2000-04-18 18:33 UTC by smedina
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-04-18 19:27:29 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2001:071 high SHIPPED_LIVE : New updated XFree86 packages available 2001-05-24 04:00:00 UTC

Description smedina 2000-04-18 18:33:26 UTC
The purpose of this email is twofold: 1) to inform you of a reported
vulnerability by a third party, not myself,  involving one of your
products, and 2) to obtain confirmation/clarification and knowledge of any
measures taken to address this in the event it is viable.

Below is the report (snipped):

--- Begin report ---

A denial of service exists in the X11 font server shipped with RedHat
Linux 6.x. Due to improper input validation, it is possible for any user
to crash the X fontserver. This will prevent the X server from functioning

--- End report ---

An explanation of my query - I work for Infrastructure Defense, Inc.,
which provides private publications to fortune 500 companies about
information/computer security trends, vulnerabilities, etc. I strive to
contact the appropriate parties whenever there is a question as to the
veracity of a post, claim, other. Hence, my email to you.

I hope to hear from you soon.

Servio Medina - smedina@idefense.com
Information Security Analyst

Comment 1 Bill Nottingham 2000-04-18 19:27:59 UTC
*** This bug has been marked as a duplicate of 10877 ***

Note You need to log in before you can comment on or make changes to this bug.