CVE-2012-1699 : The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before

The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference.

Published 2012-12-21 05:46:15

Updated 2017-09-19 01:34:47

Source Oracle

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2012-1699

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-1699

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.6	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:P	3.9	4.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2012-1699

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-1699

http://lists.freedesktop.org/archives/xorg-announce/2012-July/002040.html

X.Org security advisory: DoS/info leak in xfs prior to X11R6.7/XFree86 3.3.3
https://bugzilla.redhat.com/show_bug.cgi?id=842841

842841 – (CVE-2012-1699) CVE-2012-1699 xorg-x11: DoS and information leak in xfs prior to X11R6.7
http://marc.info/?l=bugtraq&m=135765511704334&w=2

'[security bulletin] HPSBUX02829 SSRT100883 rev.1 - HP-UX Running X Font Server (xfs) Software, Local' - MARC
https://blogs.oracle.com/sunsecurity/entry/cve_2012_1699_denial_of

CVE-2012-1699 Denial of Service (DoS) vulnerability in X.Org | Oracle Third Party Vulnerability Resolution Blog
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19369

Repository / Oval Repository
http://invisible-island.net/ansification/ansify-xfs-cve.html

ANSI-fication revisited for CVE-2012-1699
http://twitter.com/bsdaemon/status/228958599790071809

Rodrigo Branco on Twitter: "CVE-2012-1699 finally released by Oracle. Solaris 9 http://t.co/96ysMsHm full memleak"

Products affected by CVE-2012-1699

X » X.org X11 » Version: 6.5.1
cpe:2.3:a:x:x.org_x11:6.5.1:*:*:*:*:*:*:*
Matching versions
X » X.org X11 » Version: 6.6
cpe:2.3:a:x:x.org_x11:6.6:*:*:*:*:*:*:*
Matching versions
X » X.org X11 » Version: 6.0
cpe:2.3:a:x:x.org_x11:6.0:*:*:*:*:*:*:*
Matching versions
X » X.org X11 » Version: 6.3
cpe:2.3:a:x:x.org_x11:6.3:*:*:*:*:*:*:*
Matching versions
X » X.org X11 » Version: 6.1
cpe:2.3:a:x:x.org_x11:6.1:*:*:*:*:*:*:*
Matching versions
X » X.org X11 » Version: 6.4
cpe:2.3:a:x:x.org_x11:6.4:*:*:*:*:*:*:*
Matching versions
Xfree86 » Xfree86
Versions up to, including, (<=) 3.3.2
cpe:2.3:a:xfree86:xfree86:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-1699

Exploit prediction scoring system (EPSS) score for CVE-2012-1699

CVSS scores for CVE-2012-1699

CWE ids for CVE-2012-1699

References for CVE-2012-1699

Products affected by CVE-2012-1699