Red Hat Bugzilla – Bug 322961
CVE-2007-4990 xfs heap overflow in the swap_char2b function
Last modified: 2015-02-19 04:15:53 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4990 to the following vulnerability:
The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows
context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and
(2) QueryXExtents protocol requests with crafted size values that specify an
arbitrary number of bytes to be swapped on the heap, which triggers heap
For justification of security impact, see:
This issue was addressed in:
Red Hat Enterprise Linux:
For Red Hat Enterprise Linux 5:
We believe that additional checks performed by glibc on data structures used
by heap memory management functions make this issue harder to exploit on RHEL5.
Moreover, successful exploitation will only allow attacker to get privileges
of unprivileged xfs user. Moreover, xfs server is be default confined by the
SELinux policy, which further restricts privileges of the xfs user.
Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.