CVE-2012-1699 - OpenCVE

The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Xfree86	Xfree86
X	X.org X11

Configuration 1 [-]

OR	cpe:2.3:a:x:x.org_x11:6.0:::::::*
	cpe:2.3:a:x:x.org_x11:6.1:::::::*
	cpe:2.3:a:x:x.org_x11:6.3:::::::*
	cpe:2.3:a:x:x.org_x11:6.4:::::::*
	cpe:2.3:a:x:x.org_x11:6.5.1:::::::*
	cpe:2.3:a:x:x.org_x11:6.6:::::::*

Configuration 2 [-]

cpe:2.3:a:xfree86:xfree86:*:*:*:*:*:*:*:*

References

Link	Resource
http://invisible-island.net/ansification/ansify-xfs-cve.html
http://lists.freedesktop.org/archives/xorg-announce/2012-July/002040.html
http://marc.info/?l=bugtraq&m=135765511704334&w=2
http://twitter.com/bsdaemon/status/228958599790071809
https://blogs.oracle.com/sunsecurity/entry/cve_2012_1699_denial_of
https://bugzilla.redhat.com/show_bug.cgi?id=842841
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19369

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: oracle

Published: 2012-12-21T02:00:00

Updated: 2017-09-18T12:57:01

Reserved: 2012-03-16T00:00:00

Link: CVE-2012-1699

JSON object: View

NVD Information

Status : Modified

Published: 2012-12-21T05:46:15.493

Modified: 2017-09-19T01:34:47.323

Link: CVE-2012-1699

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-07-24T00:00:00", "descriptions": [{"lang": "en", "value": "The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"name": "oval:org.mitre.oval:def:19369", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19369"}, {"tags": ["x_refsource_MISC"], "url": "http://twitter.com/bsdaemon/status/228958599790071809"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_1699_denial_of"}, {"name": "HPSBUX02829", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=135765511704334&w=2"}, {"name": "SSRT100883", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=135765511704334&w=2"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=842841"}, {"name": "[xorg-announce] 20120724 X.Org security advisory: DoS/info leak in xfs prior to X11R6.7/XFree86\t3.3.3", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.freedesktop.org/archives/xorg-announce/2012-July/002040.html"}, {"tags": ["x_refsource_MISC"], "url": "http://invisible-island.net/ansification/ansify-xfs-cve.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2012-1699", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:19369", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19369"}, {"name": "http://twitter.com/bsdaemon/status/228958599790071809", "refsource": "MISC", "url": "http://twitter.com/bsdaemon/status/228958599790071809"}, {"name": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_1699_denial_of", "refsource": "CONFIRM", "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_1699_denial_of"}, {"name": "HPSBUX02829", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=135765511704334&w=2"}, {"name": "SSRT100883", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=135765511704334&w=2"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=842841", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=842841"}, {"name": "[xorg-announce] 20120724 X.Org security advisory: DoS/info leak in xfs prior to X11R6.7/XFree86\t3.3.3", "refsource": "MLIST", "url": "http://lists.freedesktop.org/archives/xorg-announce/2012-July/002040.html"}, {"name": "http://invisible-island.net/ansification/ansify-xfs-cve.html", "refsource": "MISC", "url": "http://invisible-island.net/ansification/ansify-xfs-cve.html"}]}}}}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2012-1699", "datePublished": "2012-12-21T02:00:00", "dateReserved": "2012-03-16T00:00:00", "dateUpdated": "2017-09-18T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x:x.org_x11:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "65F124DB-D9B5-4470-AAB9-24DF998D01A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "5CD09288-DCC6-4C43-B31C-8056AB319F1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "938CB0B0-FF9E-418B-93F6-3AC17A5D0D53", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "26097D33-E3CF-4F5D-A4B0-B3EF384A15CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "EA8AEBCE-AD1B-4FE8-A3BA-228D0E5CD1F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:x:x.org_x11:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "ACB34DA6-F07C-4AB4-8356-0CA500A5E609", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xfree86:xfree86:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD050455-8E7E-4BCF-A4AC-60A509762F39", "versionEndIncluding": "3.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference."}, {"lang": "es", "value": "La funci\u00f3n ProcSetEventMask en DEFI/events.c en el servidor de fuentes xfs para X.Org X11R6.6 y X11R6 hasta XFree86 antes de 3.3.3 llama a la funci\u00f3n SendErrToClient con un valor de m\u00e1scara en lugar de un puntero, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda) u obtener informaci\u00f3n sensible de la memoria a trav\u00e9s de una solicitud SetEventMask que dispara una desreferencia de puntero no v\u00e1lido."}], "id": "CVE-2012-1699", "lastModified": "2017-09-19T01:34:47.323", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-12-21T05:46:15.493", "references": [{"source": "secalert_us@oracle.com", "url": "http://invisible-island.net/ansification/ansify-xfs-cve.html"}, {"source": "secalert_us@oracle.com", "url": "http://lists.freedesktop.org/archives/xorg-announce/2012-July/002040.html"}, {"source": "secalert_us@oracle.com", "url": "http://marc.info/?l=bugtraq&m=135765511704334&w=2"}, {"source": "secalert_us@oracle.com", "url": "http://twitter.com/bsdaemon/status/228958599790071809"}, {"source": "secalert_us@oracle.com", "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_1699_denial_of"}, {"source": "secalert_us@oracle.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=842841"}, {"source": "secalert_us@oracle.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19369"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}