CVE-2017-16611
published 2017-12-01CVE-2017-16611: In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs…
PriorityP421medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
0.42%
33.6th percentile
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxfont | < libxfont 1:2.0.3-1 (bookworm) | libxfont 1:2.0.3-1 (bookworm) |
| x.org | libxfont | >= 0 < 1:2.0.3-1 | 1:2.0.3-1 |
| x.org | libxfont | >= 0 < 1:2.0.3-1 | 1:2.0.3-1 |
| x.org | libxfont | >= 0 < 1:2.0.3-1 | 1:2.0.3-1 |
| x.org | libxfont | >= 0 < 1:2.0.3-1 | 1:2.0.3-1 |
| x | libxfont | >= 1.0.0 < 1.5.4 | 1.5.4 |
| x | libxfont | >= 2.0.0 < 2.0.3 | 2.0.3 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
osv5.5MEDIUM
vendor_debian5.5LOW
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libXfont vulnerability
vendor_ubuntu·2017-11-29
CVE-2017-16611 libXfont vulnerability
Title: libXfont vulnerability
Summary: libXfont could be made to access arbitrary files, including special device
files.
It was discovered that libXfont incorrectly followed symlinks when opening
font files. A local unprivileged user could use this issue to cause the X
server to access arbitrary files, including special device files.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
libXfont: User can trigger arbitrary file read by X server causing a DoS
vendor_redhat·2017-11-25·CVSS 5.5
CVE-2017-16611 [MEDIUM] CWE-59 libXfont: User can trigger arbitrary file read by X server causing a DoS
libXfont: User can trigger arbitrary file read by X server causing a DoS
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
Package: libXfont (Red Hat Enterprise Linux 5) - Will not fix
Package: libXfont (Red Hat Enterprise Linux 6) - Will not fix
Package: libXfont (Red Hat Enterprise Linux 7) - Will not fix
Package: libXfont2 (Red Hat Enterprise Linux 7) - Will not fix
Debian
CVE-2017-16611: libxfont - In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (...
vendor_debian·2017·CVSS 5.5
CVE-2017-16611 [MEDIUM] CVE-2017-16611: libxfont - In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (...
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
Scope: local
bookworm: resolved (fixed in 1:2.0.3-1)
bullseye: resolved (fixed in 1:2.0.3-1)
forky: resolved (fixed in 1:2.0.3-1)
sid: resolved (fixed in 1:2.0.3-1)
trixie: resolved (fixed in 1:2.0.3-1)
GHSA
GHSA-vjcj-64vh-89f7: In libXfont before 1
ghsa_unreviewed·2022-05-13
CVE-2017-16611 [MEDIUM] CWE-59 GHSA-vjcj-64vh-89f7: In libXfont before 1
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
OSV
CVE-2017-16611: In libXfont before 1
osv·2017-12-01·CVSS 5.5
CVE-2017-16611 [MEDIUM] CVE-2017-16611: In libXfont before 1
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-16611 libXfont: User can trigger arbitrary file read by X server causing a DoS
bugzilla·2017-11-30·CVSS 5.5
CVE-2017-16611 [MEDIUM] CVE-2017-16611 libXfont: User can trigger arbitrary file read by X server causing a DoS
CVE-2017-16611 libXfont: User can trigger arbitrary file read by X server causing a DoS
A low privileged user can create symlinks to trigger arbitrary file reads by X server. Under certain configurations, a user can create a symlink to special files (e.g. /dev/watchdog) to cause a denial of service.
A non-privileged X client can instruct X server running under root to open any file by creating a directory with symlinks(s) named "fonts.dir", "fonts.alias" or any font file to link to any other file in the system. X server will follow the symlink and open and read the file. When opened and under certain configurations, special files like /dev/watchdog can trigger system operations (e.g. reboot).
References:
http://openwall.com/lists/oss-security/2017/11/28/7
https://cgit.freedesktop.org/xo
Bugzilla
CVE-2017-16611 libXfont: User can trigger arbitrary file read by X server causing a DoS [fedora-all]
bugzilla·2017-11-30·CVSS 5.5
CVE-2017-16611 [MEDIUM] CVE-2017-16611 libXfont: User can trigger arbitrary file read by X server causing a DoS [fedora-all]
CVE-2017-16611 libXfont: User can trigger arbitrary file read by X server causing a DoS [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mult
Bugzilla
CVE-2017-16611 libXfont2: libXfont: User can trigger arbitrary file read by X server causing a DoS [fedora-all]
bugzilla·2017-11-30·CVSS 5.5
CVE-2017-16611 [MEDIUM] CVE-2017-16611 libXfont2: libXfont: User can trigger arbitrary file read by X server causing a DoS [fedora-all]
CVE-2017-16611 libXfont2: libXfont: User can trigger arbitrary file read by X server causing a DoS [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue a
http://security.cucumberlinux.com/security/details.php?id=155http://www.openwall.com/lists/oss-security/2017/11/28/7http://www.ubuntu.com/usn/USN-3500-1https://bugzilla.suse.com/show_bug.cgi?id=1050459https://lists.debian.org/debian-lts-announce/2022/01/msg00028.htmlhttps://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2https://security.gentoo.org/glsa/201801-10http://security.cucumberlinux.com/security/details.php?id=155http://www.openwall.com/lists/oss-security/2017/11/28/7http://www.ubuntu.com/usn/USN-3500-1https://bugzilla.suse.com/show_bug.cgi?id=1050459https://lists.debian.org/debian-lts-announce/2022/01/msg00028.htmlhttps://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2https://security.gentoo.org/glsa/201801-10
2017-12-01
Published