Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1317

4 documents4 sources

Severity

7.5HIGH

EPSS

51.0%

top 2.13%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Hp-ux SGI Irix SUN Solaris +2 more

Timeline

PublishedDec 11

Latest updateMay 3

Description

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

▶NVDsun/solaris5 versions+4

▶NVDhp/hp-ux7 versions+6

▶NVDsgi/irix14 versions+13

▶NVDsun/sunos5.5.1, 5.7, 5.8+2

▶NVDxfree86_project/x11r65 versions+4

Patches

Patch: bvlive01.iss.net ↗Patch: www.iss.net ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-cv2w-7jmr-4jgp: Buffer overflow in Dispatch() routine for XFS font server (fs↗2022-05-03

▶

CVEList

CVE-2002-1317: Buffer overflow in Dispatch() routine for XFS font server (fs↗2004-09-01

▶

💥Exploits & PoCs

Exploit-DB

XFree86 X11R6 3.3.x - Font Server Remote Buffer Overrun↗2002-11-25

▶