Vulnerabilities > CVE-2005-0605 - Integer Overflow vulnerability in libXPM Bitmap_unit

Part	Description	Count
Application	Lesstif Lesstif Lesstif 0.93.94	1
Application	Sgi SGI Propack 3.0	1
Application	X.Org X.Org X11R6 6.7.0 X.Org X11R6 6.8 X.Org X11R6 6.8.1	3
Application	Xfree86_Project Xfree86 Project X11R6 3.3 Xfree86 Project X11R6 3.3.2 Xfree86 Project X11R6 3.3.3 Xfree86 Project X11R6 3.3.4 Xfree86 Project X11R6 3.3.5 Xfree86 Project X11R6 3.3.6 Xfree86 Project X11R6 4.0 Xfree86 Project X11R6 4.0.1 Xfree86 Project X11R6 4.0.2.11 Xfree86 Project X11R6 4.0.3 Xfree86 Project X11R6 4.1.0 Xfree86 Project X11R6 4.1.11 Xfree86 Project X11R6 4.1.12 Xfree86 Project X11R6 4.2.0 Xfree86 Project X11R6 4.2.1 Xfree86 Project X11R6 4.3.0 Xfree86 Project X11R6 4.3.0.1 Xfree86 Project X11R6 4.3.0.2	19
OS	Altlinux Altlinux ALT Linux 2.3	2
OS	Mandrakesoft Mandrakesoft Mandrake Linux 10.0 Mandrakesoft Mandrake Linux 10.1 Mandrakesoft Mandrake Linux 10.2 Mandrakesoft Mandrake Linux Corporate Server 2.1 Mandrakesoft Mandrake Linux Corporate Server 3.0	10
OS	Redhat Redhat Enterprise Linux 3.0 Redhat Enterprise Linux 4.0 Redhat Enterprise Linux Desktop 3.0 Redhat Enterprise Linux Desktop 4.0 Redhat Fedora Core Core_2.0 Redhat Fedora Core Core_3.0	10
OS	Suse Suse Suse Linux 6.1 Suse Suse Linux 6.2 Suse Suse Linux 6.3 Suse Suse Linux 6.4 Suse Suse Linux 7.0 Suse Suse Linux 7.1 Suse Suse Linux 7.2 Suse Suse Linux 7.3 Suse Suse Linux 8.0 Suse Suse Linux 8.1 Suse Suse Linux 8.2 Suse Suse Linux 9.0 Suse Suse Linux 9.1 Suse Suse Linux 9.2	36

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200503-15.NASL
description	The remote host is affected by the vulnerability described in GLSA-200503-15 (X.org: libXpm vulnerability) Chris Gilbert has discovered potentially exploitable buffer overflow cases in libXpm that weren
last seen	2020-06-01
modified	2020-06-02
plugin id	17317
published	2005-03-14
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17317
title	GLSA-200503-15 : X.org: libXpm vulnerability

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2005-081.NASL
description	The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. An integer overflow flaw was found in libXPM, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code via a negative bitmap_unit value if opened by a victim using an application linked to the vulnerable library. Updated packages are patched to correct all these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	18235
published	2005-05-11
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18235
title	Mandrake Linux Security Advisory : XFree86 (MDKSA-2005:081)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2005-007.NASL
description	The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2005-007 applied. This security update contains fixes for the following products : - Apache 2 - AppKit - Bluetooth - CoreFoundation - CUPS - Directory Services - HItoolbox - Kerberos - loginwindow - Mail - MySQL - OpenSSL - QuartzComposerScreenSaver - ping - Safari - SecurityInterface - servermgrd - servermgr_ipfilter - SquirelMail - traceroute - WebKit - WebLog Server - X11 - zlib
last seen	2020-06-01
modified	2020-06-02
plugin id	19463
published	2005-08-18
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/19463
title	Mac OS X Multiple Vulnerabilities (Security Update 2005-007)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0261.NASL
description	Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal security review, a cross-site scripting flaw was found that affected the Red Hat Network channel search feature. (CVE-2007-5961) This release also corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Two arbitrary code execution flaws were fixed in the OpenMotif package. (CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	43835
published	2010-01-10
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43835
title	RHEL 4 : Satellite Server (RHSA-2008:0261)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2005-331.NASL
description	Updated XFree86 packages that fix a libXpm integer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. XFree86 is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. An integer overflow flaw was found in libXpm, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code if opened by a victim using an application linked to the vulnerable library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0605 to this issue. The updated XFree86 packages also address the following minor issues : - Updated XFree86-4.3.0-keyboard-disable-ioport-access-v3.patch to make warning messages less alarmist. - Backported XFree86-4.3.0-libX11-stack-overflow.patch from xorg-x11-6.8.1 packaging to fix stack overflow in libX11, which was discovered by new security features of gcc4. Users of XFree86 should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	21804
published	2006-07-03
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/21804
title	CentOS 3 : XFree86 (CESA-2005:331)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-92-1.NASL
description	Several vulnerabilities have been found in the XPM image decoding functions of the LessTif library. If an attacker tricked a user into loading a malicious XPM image with an application that uses LessTif, he could exploit this to execute arbitrary code in the context of the user opening the image. Ubuntu does not contain any server applications using LessTif, so there is no possibility of privilege escalation. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	20718
published	2006-01-15
reporter	Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20718
title	Ubuntu 4.10 : lesstif1-1 vulnerabilities (USN-92-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2005-273.NASL
description	An integer overflow flaw was found in libXpm, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code if opened by a victim using an application linked to the vulnerable library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0605 to this issue. Furthermore, this updates the Fedora Core 3 X.org packages to the 6.8.2 maintenance release, which includes a large number of bug fixes : http://xorg.freedesktop.org/wiki/X11R682Release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	19641
published	2005-09-12
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/19641
title	Fedora Core 3 : xorg-x11-6.8.2-1.FC3.13 (2005-273)

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_119063-01.NASL
description	SunOS 5.10: libXpm patch. Date this patch was last updated by Sun : May/12/05
last seen	2020-06-01
modified	2020-06-02
plugin id	107305
published	2018-03-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107305
title	Solaris 10 (sparc) : 119063-01

NASL family	Solaris Local Security Checks
NASL id	SOLARIS10_X86_119064-01.NASL
description	SunOS 5.10_x86: libXpm patch. Date this patch was last updated by Sun : May/12/05
last seen	2020-06-01
modified	2020-06-02
plugin id	107807
published	2018-03-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/107807
title	Solaris 10 (x86) : 119064-01

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-473.NASL
description	Updated lesstif packages that fix flaws in the Xpm library are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having Moderate security impact by the Red Hat Security Response Team. LessTif provides libraries which implement the Motif industry standard graphical user interface. An integer overflow flaw was found in libXpm; a vulnerable version of this library is found within LessTif. An attacker could create a malicious XPM file that would execute arbitrary code if opened by a victim using an application linked to LessTif. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0605 to this issue. Users of LessTif should upgrade to these updated packages, which contain a backported patch to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	18390
published	2005-05-28
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/18390
title	RHEL 2.1 : lesstif (RHSA-2005:473)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-198.NASL
description	Updated xorg-x11 packages that fix a security issue as well as various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. X.Org X11 is the X Window System which provides the core functionality of the Linux GUI desktop. An integer overflow flaw was found in libXpm, which is used by some applications for loading of XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with libXpm to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0605 to this issue. Since the initial release of Red Hat Enterprise Linux 4, a number of issues have been addressed in the X.Org X11 X Window System. This erratum also updates X11R6.8 to the latest stable point release (6.8.2), which includes various stability and reliability fixes including (but not limited to) the following : - The
last seen	2020-06-01
modified	2020-06-02
plugin id	18443
published	2005-06-10
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/18443
title	RHEL 4 : xorg-x11 (RHSA-2005:198)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2005-412.NASL
description	Updated openmotif packages that fix a flaw in the Xpm image library are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenMotif provides libraries which implement the Motif industry standard graphical user interface. An integer overflow flaw was found in libXpm, which is used to decode XPM (X PixMap) images. A vulnerable version of this library was found within OpenMotif. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0605 to this issue. Users of OpenMotif are advised to upgrade to these erratum packages, which contains a backported security patch to the embedded libXpm library.
last seen	2020-06-01
modified	2020-06-02
plugin id	21820
published	2006-07-03
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/21820
title	CentOS 3 / 4 : openmotif (CESA-2005:412)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-044.NASL
description	Updated XFree86 packages that fix a libXpm integer overflow flaw and a number of bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full-fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. An integer overflow flaw was found in libXpm, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code if opened by a victim using an application linked to the vulnerable library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0605 to this issue. XFree86 4.1.0 was not functional on systems that did not have a legacy keyboard controller (8042). During startup, the X server would attempt to update registers on the 8042 controller, but if that chip was not present, the X server would hang during startup. This new release has a workaround so that the access to those registers time out if they are not present. A bug in libXaw could cause applications to segfault on 64-bit systems under certain circumstances. This has been fixed with a patch backported from XFree86 4.3.0. Xlib contained a memory leak caused by double allocation, which has been fixed in XFree86 4.3.0 using backported patch. All users of XFree86 should upgrade to these updated packages, which resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	17994
published	2005-04-07
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/17994
title	RHEL 2.1 : XFree86 (RHSA-2005:044)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2005-080.NASL
description	The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. An integer overflow flaw was found in libXPM, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code via a negative bitmap_unit value if opened by a victim using an application linked to the vulnerable library. Updated packages are patched to correct all these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	18173
published	2005-05-02
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18173
title	Mandrake Linux Security Advisory : xpm (MDKSA-2005:080)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-331.NASL
description	Updated XFree86 packages that fix a libXpm integer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. XFree86 is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. An integer overflow flaw was found in libXpm, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code if opened by a victim using an application linked to the vulnerable library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0605 to this issue. The updated XFree86 packages also address the following minor issues : - Updated XFree86-4.3.0-keyboard-disable-ioport-access-v3.patch to make warning messages less alarmist. - Backported XFree86-4.3.0-libX11-stack-overflow.patch from xorg-x11-6.8.1 packaging to fix stack overflow in libX11, which was discovered by new security features of gcc4. Users of XFree86 should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	17660
published	2005-03-30
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/17660
title	RHEL 3 : XFree86 (RHSA-2005:331)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0524.NASL
description	Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	43837
published	2010-01-10
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43837
title	RHEL 3 / 4 : Satellite Server (RHSA-2008:0524)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-97-1.NASL
description	Chris Gilbert discovered a buffer overflow in the XPM library shipped with XFree86. If an attacker tricked a user into loading a malicious XPM image with an application that uses libxpm, he could exploit this to execute arbitrary code with the privileges of the user opening the image. These overflows do not allow privilege escalation through the X server; the overflows are in a client-side library. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	20723
published	2006-01-15
reporter	Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20723
title	Ubuntu 4.10 : xfree86 vulnerability (USN-97-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2005-272.NASL
description	An integer overflow flaw was found in libXpm, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code if opened by a victim using an application linked to the vulnerable library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0605 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	18328
published	2005-05-19
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18328
title	Fedora Core 2 : xorg-x11-6.7.0-14 (2005-272)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200503-08.NASL
description	The remote host is affected by the vulnerability described in GLSA-200503-08 (OpenMotif, LessTif: New libXpm buffer overflows) Chris Gilbert discovered potentially exploitable buffer overflow cases in libXpm that weren
last seen	2020-06-01
modified	2020-06-02
plugin id	17274
published	2005-03-06
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/17274
title	GLSA-200503-08 : OpenMotif, LessTif: New libXpm buffer overflows

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-723.NASL
description	A buffer overflow has been discovered in the Xpm library which is used in XFree86. A remote attacker could provide a specially crafted XPM image that could lead to the execution of arbitrary code.
last seen	2020-06-01
modified	2020-06-02
plugin id	18227
published	2005-05-11
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18227
title	Debian DSA-723-1 : xfree86 - buffer overflow

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-412.NASL
description	Updated openmotif packages that fix a flaw in the Xpm image library are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenMotif provides libraries which implement the Motif industry standard graphical user interface. An integer overflow flaw was found in libXpm, which is used to decode XPM (X PixMap) images. A vulnerable version of this library was found within OpenMotif. An attacker could create a carefully crafted XPM file which would cause an application to crash or potentially execute arbitrary code if opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0605 to this issue. Users of OpenMotif are advised to upgrade to these erratum packages, which contains a backported security patch to the embedded libXpm library.
last seen	2020-06-01
modified	2020-06-02
plugin id	18253
published	2005-05-12
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/18253
title	RHEL 2.1 / 3 / 4 : openmotif (RHSA-2005:412)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2005-198.NASL
description	Updated xorg-x11 packages that fix a security issue as well as various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. X.Org X11 is the X Window System which provides the core functionality of the Linux GUI desktop. An integer overflow flaw was found in libXpm, which is used by some applications for loading of XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with libXpm to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0605 to this issue. Since the initial release of Red Hat Enterprise Linux 4, a number of issues have been addressed in the X.Org X11 X Window System. This erratum also updates X11R6.8 to the latest stable point release (6.8.2), which includes various stability and reliability fixes including (but not limited to) the following : - The
last seen	2020-06-01
modified	2020-06-02
plugin id	21921
published	2006-07-05
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/21921
title	CentOS 4 : xorg-x11 (CESA-2005:198)

Oval

accepted

2013-04-29T04:05:25.886-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

family

unix

oval:org.mitre.oval:def:10411

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

version

Redhat

advisories

rhsa
id RHSA-2005:044
rhsa
id RHSA-2005:198
rhsa
id RHSA-2005:331
rhsa
id RHSA-2005:412
rhsa
id RHSA-2005:473
rhsa
id RHSA-2008:0261

rpms

fonts-xorg-100dpi-0:6.8.1.1-1.EL.1
fonts-xorg-75dpi-0:6.8.1.1-1.EL.1
fonts-xorg-ISO8859-14-100dpi-0:6.8.1.1-1.EL.1
fonts-xorg-ISO8859-14-75dpi-0:6.8.1.1-1.EL.1
fonts-xorg-ISO8859-15-100dpi-0:6.8.1.1-1.EL.1
fonts-xorg-ISO8859-15-75dpi-0:6.8.1.1-1.EL.1
fonts-xorg-ISO8859-2-100dpi-0:6.8.1.1-1.EL.1
fonts-xorg-ISO8859-2-75dpi-0:6.8.1.1-1.EL.1
fonts-xorg-ISO8859-9-100dpi-0:6.8.1.1-1.EL.1
fonts-xorg-ISO8859-9-75dpi-0:6.8.1.1-1.EL.1
fonts-xorg-base-0:6.8.1.1-1.EL.1
fonts-xorg-cyrillic-0:6.8.1.1-1.EL.1
fonts-xorg-syriac-0:6.8.1.1-1.EL.1
fonts-xorg-truetype-0:6.8.1.1-1.EL.1
xorg-x11-0:6.8.2-1.EL.13.6
xorg-x11-Mesa-libGL-0:6.8.2-1.EL.13.6
xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.13.6
xorg-x11-Xdmx-0:6.8.2-1.EL.13.6
xorg-x11-Xnest-0:6.8.2-1.EL.13.6
xorg-x11-Xvfb-0:6.8.2-1.EL.13.6
xorg-x11-deprecated-libs-0:6.8.2-1.EL.13.6
xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.13.6
xorg-x11-devel-0:6.8.2-1.EL.13.6
xorg-x11-doc-0:6.8.2-1.EL.13.6
xorg-x11-font-utils-0:6.8.2-1.EL.13.6
xorg-x11-libs-0:6.8.2-1.EL.13.6
xorg-x11-sdk-0:6.8.2-1.EL.13.6
xorg-x11-tools-0:6.8.2-1.EL.13.6
xorg-x11-twm-0:6.8.2-1.EL.13.6
xorg-x11-xauth-0:6.8.2-1.EL.13.6
xorg-x11-xdm-0:6.8.2-1.EL.13.6
xorg-x11-xfs-0:6.8.2-1.EL.13.6
XFree86-0:4.3.0-81.EL
XFree86-100dpi-fonts-0:4.3.0-81.EL
XFree86-75dpi-fonts-0:4.3.0-81.EL
XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-81.EL
XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-81.EL
XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-81.EL
XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-81.EL
XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-81.EL
XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-81.EL
XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-81.EL
XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-81.EL
XFree86-Mesa-libGL-0:4.3.0-81.EL
XFree86-Mesa-libGLU-0:4.3.0-81.EL
XFree86-Xnest-0:4.3.0-81.EL
XFree86-Xvfb-0:4.3.0-81.EL
XFree86-base-fonts-0:4.3.0-81.EL
XFree86-cyrillic-fonts-0:4.3.0-81.EL
XFree86-devel-0:4.3.0-81.EL
XFree86-doc-0:4.3.0-81.EL
XFree86-font-utils-0:4.3.0-81.EL
XFree86-libs-0:4.3.0-81.EL
XFree86-libs-data-0:4.3.0-81.EL
XFree86-sdk-0:4.3.0-81.EL
XFree86-syriac-fonts-0:4.3.0-81.EL
XFree86-tools-0:4.3.0-81.EL
XFree86-truetype-fonts-0:4.3.0-81.EL
XFree86-twm-0:4.3.0-81.EL
XFree86-xauth-0:4.3.0-81.EL
XFree86-xdm-0:4.3.0-81.EL
XFree86-xfs-0:4.3.0-81.EL
openmotif-0:2.2.3-5.RHEL3.2
openmotif-0:2.2.3-9.RHEL4.1
openmotif-debuginfo-0:2.2.3-5.RHEL3.2
openmotif-debuginfo-0:2.2.3-9.RHEL4.1
openmotif-devel-0:2.2.3-5.RHEL3.2
openmotif-devel-0:2.2.3-9.RHEL4.1
openmotif21-0:2.1.30-11.RHEL4.4
openmotif21-0:2.1.30-9.RHEL3.6
openmotif21-debuginfo-0:2.1.30-11.RHEL4.4
openmotif21-debuginfo-0:2.1.30-9.RHEL3.6
jabberd-0:2.0s10-3.38.rhn
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
jfreechart-0:0.9.20-3.rhn
openmotif21-0:2.1.30-11.RHEL4.6
openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
perl-Crypt-CBC-0:2.24-1.el4
rhn-apache-0:1.3.27-36.rhn.rhel4
rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
rhn-modperl-0:1.29-16.rhel4
rhn-modssl-0:2.8.12-8.rhn.10.rhel4
tomcat5-0:5.0.30-0jpp_10rh
jabberd-0:2.0s10-3.37.rhn
jabberd-0:2.0s10-3.38.rhn
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3
java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
jfreechart-0:0.9.20-3.rhn
openmotif21-0:2.1.30-11.RHEL4.6
openmotif21-0:2.1.30-9.RHEL3.8
openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
openmotif21-debuginfo-0:2.1.30-9.RHEL3.8
perl-Crypt-CBC-0:2.24-1.el3
perl-Crypt-CBC-0:2.24-1.el4
rhn-apache-0:1.3.27-36.rhn.rhel3
rhn-apache-0:1.3.27-36.rhn.rhel4
rhn-modjk-ap13-0:1.2.23-2rhn.rhel3
rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
rhn-modperl-0:1.29-16.rhel3
rhn-modperl-0:1.29-16.rhel4
rhn-modssl-0:2.8.12-8.rhn.10.rhel3
rhn-modssl-0:2.8.12-8.rhn.10.rhel4
tomcat5-0:5.0.30-0jpp_10rh

Statements

contributor	Mark J Cox
lastmodified	2007-03-14
organization	Red Hat
statement	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

Statements

References