Vulnerabilities > CVE-2004-0914 - Multiple Unspecified vulnerability in LibXPM

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

Vulnerable Configurations

Part	Description	Count
Application	Lesstif Lesstif Lesstif 0.93 Lesstif Lesstif 0.93.12 Lesstif Lesstif 0.93.18 Lesstif Lesstif 0.93.34 Lesstif Lesstif 0.93.36 Lesstif Lesstif 0.93.40 Lesstif Lesstif 0.93.91 Lesstif Lesstif 0.93.94 Lesstif Lesstif 0.93.96	9
Application	X.Org X.Org X11R6 6.7.0 X.Org X11R6 6.8 X.Org X11R6 6.8.1	3
Application	Xfree86_Project Xfree86 Project X11R6 3.3 Xfree86 Project X11R6 3.3.2 Xfree86 Project X11R6 3.3.3 Xfree86 Project X11R6 3.3.4 Xfree86 Project X11R6 3.3.5 Xfree86 Project X11R6 3.3.6 Xfree86 Project X11R6 4.0 Xfree86 Project X11R6 4.0.1 Xfree86 Project X11R6 4.0.2.11 Xfree86 Project X11R6 4.0.3 Xfree86 Project X11R6 4.1.0 Xfree86 Project X11R6 4.1.11 Xfree86 Project X11R6 4.1.12 Xfree86 Project X11R6 4.2.0 Xfree86 Project X11R6 4.2.1 Xfree86 Project X11R6 4.3.0	17
OS	Gentoo Gentoo Linux *	1
OS	Redhat Redhat Fedora Core Core_2.0 Redhat Fedora Core Core_3.0	2
OS	Suse Suse Suse Linux 1.0 Suse Suse Linux 8 Suse Suse Linux 8.1 Suse Suse Linux 8.2 Suse Suse Linux 9.0 Suse Suse Linux 9.1 Suse Suse Linux 9.2	8

Nessus

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-83-1.NASL
description	Several vulnerabilities have been found in the XPM image decoding functions of the LessTif library. If an attacker tricked a user into loading a malicious XPM image with an application that uses LessTif, he could exploit this to execute arbitrary code in the context of the user opening the image. Ubuntu does not contain any server applications using LessTif, so there is no possibility of privilege escalation. Please note that this update only fixes lesstif2. The older lesstif1 version is also affected. A proper fix for lesstif1 will still take some time and will be done in a separate USN. However, no Ubuntu application uses lesstif1, so this could only affect you if you use third-party software which depends on this library. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	20707
published	2006-01-15
reporter	Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20707
title	Ubuntu 4.10 : lesstif1-1 vulnerabilities (USN-83-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-83-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20707); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2004-0914"); script_xref(name:"USN", value:"83-1"); script_name(english:"Ubuntu 4.10 : lesstif1-1 vulnerabilities (USN-83-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been found in the XPM image decoding functions of the LessTif library. If an attacker tricked a user into loading a malicious XPM image with an application that uses LessTif, he could exploit this to execute arbitrary code in the context of the user opening the image. Ubuntu does not contain any server applications using LessTif, so there is no possibility of privilege escalation. Please note that this update only fixes lesstif2. The older lesstif1 version is also affected. A proper fix for lesstif1 will still take some time and will be done in a separate USN. However, no Ubuntu application uses lesstif1, so this could only affect you if you use third-party software which depends on this library. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lesstif-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lesstif-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lesstif-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lesstif1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lesstif2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lesstif2-dev"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10"); script_set_attribute(attribute:"patch_publication_date", value:"2005/02/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(4\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"4.10", pkgname:"lesstif-bin", pkgver:"0.93.94-4ubuntu1.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"lesstif-dev", pkgver:"0.93.94-4ubuntu1.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"lesstif-doc", pkgver:"0.93.94-4ubuntu1.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"lesstif1", pkgver:"0.93.94-4ubuntu1.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"lesstif2", pkgver:"0.93.94-4ubuntu1.1")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"lesstif2-dev", pkgver:"0.93.94-4ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lesstif-bin / lesstif-dev / lesstif-doc / lesstif1 / lesstif2 / etc"); }

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200502-07.NASL
description	The remote host is affected by the vulnerability described in GLSA-200502-07 (OpenMotif: Multiple vulnerabilities in libXpm) Multiple vulnerabilities, such as buffer overflows, out of bounds memory access or directory traversals, have been discovered in libXpm that is shipped as a part of the X Window System (see GLSA 200409-34 and 200411-28). OpenMotif, an application that includes this library, suffers from the same issues. Impact : A carefully-crafted XPM file could crash applications making use of the OpenMotif toolkit, potentially allowing the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	16444
published	2005-02-14
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/16444
title	GLSA-200502-07 : OpenMotif: Multiple vulnerabilities in libXpm
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200502-07. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(16444); script_version("1.20"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2004-0687", "CVE-2004-0688", "CVE-2004-0914"); script_xref(name:"GLSA", value:"200502-07"); script_name(english:"GLSA-200502-07 : OpenMotif: Multiple vulnerabilities in libXpm"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200502-07 (OpenMotif: Multiple vulnerabilities in libXpm) Multiple vulnerabilities, such as buffer overflows, out of bounds memory access or directory traversals, have been discovered in libXpm that is shipped as a part of the X Window System (see GLSA 200409-34 and 200411-28). OpenMotif, an application that includes this library, suffers from the same issues. Impact : A carefully-crafted XPM file could crash applications making use of the OpenMotif toolkit, potentially allowing the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200409-34" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200411-28" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200502-07" ); script_set_attribute( attribute:"solution", value: "All OpenMotif users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose x11-libs/openmotif Note: You should run 'revdep-rebuild' to ensure that all applications linked to OpenMotif are properly rebuilt." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openmotif"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/02/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"x11-libs/openmotif", unaffected:make_list("ge 2.2.3-r1", "rge 2.1.30-r7"), vulnerable:make_list("lt 2.2.3-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenMotif"); }

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200502-06.NASL
description	The remote host is affected by the vulnerability described in GLSA-200502-06 (LessTif: Multiple vulnerabilities in libXpm) Multiple vulnerabilities, including buffer overflows, out of bounds memory access and directory traversals, have been discovered in libXpm, which is shipped as a part of the X Window System. LessTif, an application that includes libXpm, suffers from the same issues. Impact : A carefully-crafted XPM file could crash applications making use of the LessTif toolkit, potentially allowing the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	16443
published	2005-02-14
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16443
title	GLSA-200502-06 : LessTif: Multiple vulnerabilities in libXpm
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200502-06. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(16443); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2004-0914"); script_xref(name:"GLSA", value:"200502-06"); script_name(english:"GLSA-200502-06 : LessTif: Multiple vulnerabilities in libXpm"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200502-06 (LessTif: Multiple vulnerabilities in libXpm) Multiple vulnerabilities, including buffer overflows, out of bounds memory access and directory traversals, have been discovered in libXpm, which is shipped as a part of the X Window System. LessTif, an application that includes libXpm, suffers from the same issues. Impact : A carefully-crafted XPM file could crash applications making use of the LessTif toolkit, potentially allowing the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"http://www.lesstif.org/ReleaseNotes.html" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200502-06" ); script_set_attribute( attribute:"solution", value: "All LessTif users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-libs/lesstif-0.94.0'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:lesstif"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/02/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"x11-libs/lesstif", unaffected:make_list("ge 0.94.0"), vulnerable:make_list("lt 0.94.0"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "LessTif"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2004-612.NASL
description	Updated XFree86 packages that fix several security flaws in libXpm are now available for Red Hat Enterprise Linux 3. XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. Several integer overflow flaws in the X.Org libXpm library used to decode XPM (X PixMap) images have been found and addressed. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0914 to this issue. Users are advised to upgrade to these erratum packages, which contain backported security patches as well as other bug fixes.
last seen	2020-06-01
modified	2020-06-02
plugin id	16019
published	2004-12-21
reporter	This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/16019
title	RHEL 3 : XFree86 (RHSA-2004:612)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:612. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(16019); script_version ("1.23"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2004-0914"); script_xref(name:"RHSA", value:"2004:612"); script_name(english:"RHEL 3 : XFree86 (RHSA-2004:612)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated XFree86 packages that fix several security flaws in libXpm are now available for Red Hat Enterprise Linux 3. XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. Several integer overflow flaws in the X.Org libXpm library used to decode XPM (X PixMap) images have been found and addressed. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0914 to this issue. Users are advised to upgrade to these erratum packages, which contain backported security patches as well as other bug fixes." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0914" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:612" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-14-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-14-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-15-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-15-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-2-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-2-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-9-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-9-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Mesa-libGL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Mesa-libGLU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-base-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-cyrillic-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-font-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-libs-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-sdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-syriac-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-truetype-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-twm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-xauth"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-xdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-xfs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/10"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:612"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"XFree86-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-100dpi-fonts-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-75dpi-fonts-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-14-100dpi-fonts-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-14-75dpi-fonts-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-15-100dpi-fonts-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-15-75dpi-fonts-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-2-100dpi-fonts-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-2-75dpi-fonts-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-9-100dpi-fonts-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-9-75dpi-fonts-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-Mesa-libGL-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-Mesa-libGLU-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-Xnest-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-Xvfb-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-base-fonts-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-cyrillic-fonts-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-devel-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"XFree86-doc-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"XFree86-doc-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-font-utils-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-libs-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-libs-data-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"XFree86-sdk-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"XFree86-sdk-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-syriac-fonts-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-tools-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-truetype-fonts-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-twm-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-xauth-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-xdm-4.3.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-xfs-4.3.0-78.EL")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "XFree86 / XFree86-100dpi-fonts / XFree86-75dpi-fonts / etc"); } }

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2004-137.NASL
description	The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows, out-of-bounds memory access, shell command execution, path traversal, and endless loops. These bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges, by using a specially crafted xpm image. Update : The previous libxpm4 update had a linking error that resulted in a missing s_popen symbol error running applications dependent on the library. In addition, the file path checking in the security updates prevented some applications, like gimp-2.0 from being able to save xpm format images. Updated packages are patched to correct all these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	15793
published	2004-11-23
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15793
title	Mandrake Linux Security Advisory : libxpm4 (MDKSA-2004:137-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:137. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(15793); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2004-0914"); script_xref(name:"MDKSA", value:"2004:137-1"); script_name(english:"Mandrake Linux Security Advisory : libxpm4 (MDKSA-2004:137-1)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows, out-of-bounds memory access, shell command execution, path traversal, and endless loops. These bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges, by using a specially crafted xpm image. Update : The previous libxpm4 update had a linking error that resulted in a missing s_popen symbol error running applications dependent on the library. In addition, the file path checking in the security updates prevented some applications, like gimp-2.0 from being able to save xpm format images. Updated packages are patched to correct all these issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xpm4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xpm4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxpm4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxpm4-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/11/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64xpm4-3.4k-27.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64xpm4-devel-3.4k-27.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libxpm4-3.4k-27.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libxpm4-devel-3.4k-27.3.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64xpm4-3.4k-28.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64xpm4-devel-3.4k-28.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libxpm4-3.4k-28.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libxpm4-devel-3.4k-28.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64xpm4-3.4k-27.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64xpm4-devel-3.4k-27.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libxpm4-3.4k-27.3.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libxpm4-devel-3.4k-27.3.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-83-2.NASL
description	USN-83-1 fixed some vulnerabilities in the
last seen	2020-06-01
modified	2020-06-02
plugin id	20708
published	2006-01-15
reporter	Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20708
title	Ubuntu 4.10 : lesstif1-1 vulnerabilities (USN-83-2)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2004-138.NASL
description	The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows, out-of-bounds memory access, shell command execution, path traversal, and endless loops. These bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges, by using a specially crafted xpm image. Updated packages are patched to correct all these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	15794
published	2004-11-23
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15794
title	Mandrake Linux Security Advisory : XFree86 (MDKSA-2004:138)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-004.NASL
description	An updated lesstif package that fixes flaws in the Xpm library is now available for Red Hat Enterprise Linux 2.1. LessTif provides libraries which implement the Motif industry standard graphical user interface. During a source code audit, Chris Evans discovered several stack overflow flaws and an integer overflow flaw in the libXpm library used to decode XPM (X PixMap) images. A vulnerable version of this library was found within Lesstif. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0687,CVE-2004-0688, and CVE-2004-0914 to these issues. Users of LessTif are advised to upgrade to this erratum package, which contains backported security patches to the embedded libXpm library.
last seen	2020-06-01
modified	2020-06-02
plugin id	16144
published	2005-01-13
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/16144
title	RHEL 2.1 : lesstif (RHSA-2005:004)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2004-610.NASL
description	Updated XFree86 packages that fix several security flaws in libXpm are now available for Red Hat Enterprise Linux 2.1. XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs), such as GNOME and KDE are designed upon. Several integer overflow flaws in the X.Org libXpm library used to decode XPM (X PixMap) images have been found and addressed. An attacker could create a carefully crafted XP file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0914 to this issue. Users are advised to upgrade to these erratum packages, which contain backported security patches and other bug fixes.
last seen	2020-06-01
modified	2020-06-02
plugin id	16009
published	2004-12-20
reporter	This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/16009
title	RHEL 2.1 : XFree86 (RHSA-2004:610)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2004-537.NASL
description	Updated openmotif packages that fix flaws in the Xpm image library are now available. OpenMotif provides libraries which implement the Motif industry standard graphical user interface. During a source code audit, Chris Evans and others discovered several stack overflow flaws and an integer overflow flaw in the libXpm library used to decode XPM (X PixMap) images. A vulnerable version of this library was found within OpenMotif. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0687, CVE-2004-0688, and CVE-2004-0914 to these issues. Users of OpenMotif are advised to upgrade to these erratum packages, which contain backported security patches to the embedded libXpm library.
last seen	2020-06-01
modified	2020-06-02
plugin id	15943
published	2004-12-13
reporter	This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/15943
title	RHEL 2.1 / 3 : openmotif (RHSA-2004:537)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200411-28.NASL
description	The remote host is affected by the vulnerability described in GLSA-200411-28 (X.Org, XFree86: libXpm vulnerabilities) Several issues were discovered in libXpm, including integer overflows, out-of-bounds memory accesses, insecure path traversal and an endless loop. Impact : An attacker could craft a malicious pixmap file and entice a user to use it with an application linked against libXpm. This could lead to Denial of Service or arbitrary code execution. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	15776
published	2004-11-22
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15776
title	GLSA-200411-28 : X.Org, XFree86: libXpm vulnerabilities

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-607.NASL
description	Several developers have discovered a number of problems in the libXpm library which is provided by X.Org, XFree86 and LessTif. These bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges, by using a specially crafted XPM image.
last seen	2020-06-01
modified	2020-06-02
plugin id	15932
published	2004-12-11
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15932
title	Debian DSA-607-1 : xfree86 - several vulnerabilities

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0524.NASL
description	Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	43837
published	2010-01-10
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43837
title	RHEL 3 / 4 : Satellite Server (RHSA-2008:0524)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2004-434.NASL
description	Several integer overflow flaws in the X.Org libXpm library used to decode XPM (X PixMap) images have been found and addressed. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0914 to this issue. Users are advised to upgrade to these erratum packages, which contain backported security patches as well as other bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	15748
published	2004-11-18
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15748
title	Fedora Core 3 : xorg-x11-6.8.1-12.FC3.1 (2004-434)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_BF2E7483D3FA440D8C6E8F1F2F018818.NASL
description	Trevor Johnson reported that the Red Hat Linux RPMs used by linux_base contained multiple older vulnerabilities, such as a DNS resolver issue and critical bugs in X font handling and XPM image handling.
last seen	2020-06-01
modified	2020-06-02
plugin id	19106
published	2005-07-13
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/19106
title	FreeBSD : linux_base -- vulnerabilities in Red Hat 7.1 libraries (bf2e7483-d3fa-440d-8c6e-8f1f2f018818)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SA_2004_041.NASL
description	The remote host is missing the patch for the advisory SUSE-SA:2004:041 (xshared, XFree86-libs, xorg-x11-libs). The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. The bug types are: - integer overflows - out-of-bounds memory access - shell command execution - path traversal - endless loops By providing a special image these bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges.
last seen	2020-06-01
modified	2020-06-02
plugin id	15755
published	2004-11-18
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15755
title	SUSE-SA:2004:041: xshared, XFree86-libs, xorg-x11-libs

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2004-433.NASL
description	Several integer overflow flaws in the X.Org libXpm library used to decode XPM (X PixMap) images have been found and addressed. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0914 to this issue. Users are advised to upgrade to these erratum packages, which contain backported security patches as well as other bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	15747
published	2004-11-18
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15747
title	Fedora Core 2 : xorg-x11-6.7.0-10 (2004-433)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-816.NASL
description	Soren Sandmann discovered a bug in memory allocation for pixmap images, that can cause a crash of the X server or to execute arbitrary code. The update for the old stable distribution (woody) also contains a different correction for multiple vulnerabilities in libXpm ( DSA 607, CAN-2004-0914, Bug#309143), since the old fix contained a regression.
last seen	2020-06-01
modified	2020-06-02
plugin id	19785
published	2005-10-05
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/19785
title	Debian DSA-816-1 : xfree86 - integer overflow

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2005-815.NASL
description	- Fri May 6 2005 Thomas Woerner <twoerner at redhat.com> 0.93-36-6.FC3.2 - fixed possible libXpm overflows (#151640) - allow to write XPM files with absolute path names again (#140815) - Fri Nov 26 2004 Thomas Woerner <twoerner at redhat.com> 0.93.36-6.FC3.1 - fixed CVE-2004-0687 (integer overflows) and CVE-2004-0688 (stack overflows) in embedded Xpm library (#135080) - latest Xpm patches: CVE-2004-0914 (#135081) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	19721
published	2005-09-17
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/19721
title	Fedora Core 3 : lesstif-0.93.36-6.FC3.2 (2005-815)

Oval

accepted

2013-04-29T04:23:30.970-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651

description

family

unix

oval:org.mitre.oval:def:9943

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

rhsa
id RHSA-2004:537
rhsa
id RHSA-2004:610
rhsa
id RHSA-2005:004

rpms

openmotif-0:2.2.3-4.RHEL3.4
openmotif-debuginfo-0:2.2.3-4.RHEL3.4
openmotif-devel-0:2.2.3-4.RHEL3.4
openmotif21-0:2.1.30-9.RHEL3.4
openmotif21-debuginfo-0:2.1.30-9.RHEL3.4
XFree86-0:4.3.0-78.EL
XFree86-100dpi-fonts-0:4.3.0-78.EL
XFree86-75dpi-fonts-0:4.3.0-78.EL
XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-78.EL
XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-78.EL
XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-78.EL
XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-78.EL
XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-78.EL
XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-78.EL
XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-78.EL
XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-78.EL
XFree86-Mesa-libGL-0:4.3.0-78.EL
XFree86-Mesa-libGLU-0:4.3.0-78.EL
XFree86-Xnest-0:4.3.0-78.EL
XFree86-Xvfb-0:4.3.0-78.EL
XFree86-base-fonts-0:4.3.0-78.EL
XFree86-cyrillic-fonts-0:4.3.0-78.EL
XFree86-devel-0:4.3.0-78.EL
XFree86-doc-0:4.3.0-78.EL
XFree86-font-utils-0:4.3.0-78.EL
XFree86-libs-0:4.3.0-78.EL
XFree86-libs-data-0:4.3.0-78.EL
XFree86-sdk-0:4.3.0-78.EL
XFree86-syriac-fonts-0:4.3.0-78.EL
XFree86-tools-0:4.3.0-78.EL
XFree86-truetype-fonts-0:4.3.0-78.EL
XFree86-twm-0:4.3.0-78.EL
XFree86-xauth-0:4.3.0-78.EL
XFree86-xdm-0:4.3.0-78.EL
XFree86-xfs-0:4.3.0-78.EL
jabberd-0:2.0s10-3.37.rhn
jabberd-0:2.0s10-3.38.rhn
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3
java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
jfreechart-0:0.9.20-3.rhn
openmotif21-0:2.1.30-11.RHEL4.6
openmotif21-0:2.1.30-9.RHEL3.8
openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
openmotif21-debuginfo-0:2.1.30-9.RHEL3.8
perl-Crypt-CBC-0:2.24-1.el3
perl-Crypt-CBC-0:2.24-1.el4
rhn-apache-0:1.3.27-36.rhn.rhel3
rhn-apache-0:1.3.27-36.rhn.rhel4
rhn-modjk-ap13-0:1.2.23-2rhn.rhel3
rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
rhn-modperl-0:1.29-16.rhel3
rhn-modperl-0:1.29-16.rhel4
rhn-modssl-0:2.8.12-8.rhn.10.rhel3
rhn-modssl-0:2.8.12-8.rhn.10.rhel4
tomcat5-0:5.0.30-0jpp_10rh

Statements

contributor	Mark J Cox
lastmodified	2007-03-14
organization	Red Hat
statement	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

Statements

References