CVE-2006-6102 | Vulnerability Database | Aqua Security

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.

Affected Software

Name	Vendor	Start Version	End Version
X.org	X.org	6.8.2 (including)	6.8.2 (including)
X.org	X.org	6.9.0 (including)	6.9.0 (including)
X.org	X.org	7.0 (including)	7.0 (including)
X.org	X.org	7.1 (including)	7.1 (including)
Xfree86_x_server	Xfree86_project	*	*
Red Hat Enterprise Linux 2.1	RedHat	XFree86-0:4.1.0-78.EL	*
Red Hat Enterprise Linux 3	RedHat	XFree86-0:4.3.0-115.EL	*
Red Hat Enterprise Linux 4	RedHat	xorg-x11-0:6.8.2-1.EL.13.37.5	*
Xorg-server	Ubuntu	dapper	*
Xorg-server	Ubuntu	devel	*
Xorg-server	Ubuntu	edgy	*
Xorg-server	Ubuntu	feisty	*

References

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-002.txt.asc
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01075678
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=464
http://lists.freedesktop.org/archives/xorg-announce/2007-January/000235.html
http://osvdb.org/32085
http://secunia.com/advisories/23633
http://secunia.com/advisories/23670
http://secunia.com/advisories/23684
http://secunia.com/advisories/23689
http://secunia.com/advisories/23698
http://secunia.com/advisories/23705
http://secunia.com/advisories/23758
http://secunia.com/advisories/23789
http://secunia.com/advisories/23966
http://secunia.com/advisories/24168
http://secunia.com/advisories/24210
http://secunia.com/advisories/24247
http://secunia.com/advisories/24401
http://secunia.com/advisories/25802
http://security.gentoo.org/glsa/glsa-200701-25.xml
http://securitytracker.com/id?1017495
http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.393555
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1
http://support.avaya.com/elmodocs2/security/ASA-2007-066.htm
http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2007:005
http://www.novell.com/linux/security/advisories/2007_08_x.html
http://www.redhat.com/support/errata/RHSA-2007-0002.html
http://www.redhat.com/support/errata/RHSA-2007-0003.html
http://www.securityfocus.com/bid/21968
http://www.ubuntu.com/usn/usn-403-1
http://www.vupen.com/english/advisories/2007/0108
http://www.vupen.com/english/advisories/2007/0109
http://www.vupen.com/english/advisories/2007/0589
http://www.vupen.com/english/advisories/2007/0669
http://www.vupen.com/english/advisories/2007/2233
https://exchange.xforce.ibmcloud.com/vulnerabilities/31376
https://issues.rpath.com/browse/RPL-920
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9991
https://www.debian.org/security/2007/dsa-1249

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-6102
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html