Vulnerabilities > CVE-2005-2495 - Numeric Errors vulnerability in Xfree86 Project Xfree86
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119060.NASL description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Jun/15/17 This plugin has been deprecated and either replaced with individual 119060 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 22985 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22985 title Solaris 10 (x86) : 119060-72 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2018/03/12. Deprecated and either replaced by # individual patch-revision plugins, or has been deemed a # non-security advisory. # include("compat.inc"); if (description) { script_id(22985); script_version("1.54"); script_cvs_date("Date: 2018/07/30 13:40:15"); script_cve_id("CVE-2005-2495", "CVE-2005-3099", "CVE-2006-3467", "CVE-2006-3739", "CVE-2007-1667", "CVE-2007-4070", "CVE-2008-5684"); script_name(english:"Solaris 10 (x86) : 119060-72 (deprecated)"); script_summary(english:"Check for patch 119060-72"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Jun/15/17 This plugin has been deprecated and either replaced with individual 119060 patch-revision plugins, or deemed non-security related." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119060-72" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2017/06/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } exit(0, "This plugin has been deprecated. Consult specific patch-revision plugins for patch 119060 instead.");NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_32965.NASL description s700_800 11.00 Xserver cumulative patch : A potential security vulnerability has been identified in the Xserver running on HP-UX. The vulnerability could be exploited by a local user to execute arbitrary code with the privileges of the Xserver. last seen 2020-06-01 modified 2020-06-02 plugin id 22178 published 2006-08-08 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22178 title HP-UX PHSS_32965 : HP-UX Running Xserver Local Execution of Arbitrary Code, Privilege Elevation (HPSBUX02137 SSRT051024 rev.1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_32965. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(22178); script_version("1.12"); script_cvs_date("Date: 2018/08/10 18:07:07"); script_cve_id("CVE-2005-2495"); script_xref(name:"HP", value:"emr_na-c00732238"); script_xref(name:"HP", value:"HPSBUX02137"); script_xref(name:"HP", value:"SSRT051024"); script_name(english:"HP-UX PHSS_32965 : HP-UX Running Xserver Local Execution of Arbitrary Code, Privilege Elevation (HPSBUX02137 SSRT051024 rev.1)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.00 Xserver cumulative patch : A potential security vulnerability has been identified in the Xserver running on HP-UX. The vulnerability could be exploited by a local user to execute arbitrary code with the privileges of the Xserver." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00732238 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6e99a9a6" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_32965 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/08"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.00")) { exit(0, "The host is not affected since PHSS_32965 applies to a different OS release."); } patches = make_list("PHSS_32965", "PHSS_32970"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"Xserver.AGRM", version:"B.11.00")) flag++; if (hpux_check_patch(app:"Xserver.DDX-ADVANCED", version:"B.11.00")) flag++; if (hpux_check_patch(app:"Xserver.DDX-ENTRY", version:"B.11.00")) flag++; if (hpux_check_patch(app:"Xserver.DDX-LOAD", version:"B.11.00")) flag++; if (hpux_check_patch(app:"Xserver.DDX-SAM", version:"B.11.00")) flag++; if (hpux_check_patch(app:"Xserver.DDX-SLS", version:"B.11.00")) flag++; if (hpux_check_patch(app:"Xserver.DDX-UTILS", version:"B.11.00")) flag++; if (hpux_check_patch(app:"Xserver.X11-SERV", version:"B.11.00")) flag++; if (hpux_check_patch(app:"Xserver.X11-SERV-MAN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-DBE", version:"B.11.00")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-DBE-MAN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-DPMS", version:"B.11.00")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-DPMS-MAN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-HPCR", version:"B.11.00")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-HPCR-MAN", version:"B.11.00")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-MBX", version:"B.11.00")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-RECORD", version:"B.11.00")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119060-70.NASL description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Nov/12/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107805 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107805 title Solaris 10 (x86) : 119060-70 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107805); script_version("1.4"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2005-2495", "CVE-2005-3099", "CVE-2006-3467", "CVE-2006-3739", "CVE-2007-1667", "CVE-2007-4070", "CVE-2008-5684"); script_name(english:"Solaris 10 (x86) : 119060-70"); script_summary(english:"Check for patch 119060-70"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 119060-70" ); script_set_attribute( attribute:"description", value: "X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Nov/12/15" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119060-70" ); script_set_attribute(attribute:"solution", value:"Install patch 119060-70 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2007-1667"); script_cwe_id(189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:119060"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:121869"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/15"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxorg-client-docs", version:"6.8.2.5.10.0110,REV=0.2005.06.21") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwacx", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwfnt", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwfs", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwice", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwinc", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwman", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwopt", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwplr", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwplt", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwpmn", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwrtl", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwsrv", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-70", obsoleted_by:"", package:"SUNWxwxst", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWxorg-client-docs / SUNWxwacx / SUNWxwfnt / SUNWxwfs / SUNWxwice / etc"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119060_45.NASL description X11 6.6.2_x86: Xsun patch. This patch addresses IAVT 2009-T-0001. last seen 2020-06-01 modified 2020-06-02 plugin id 82537 published 2015-04-02 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82537 title Solaris 10 (x86) : 119060-45 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(82537); script_version("1.9"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id( "CVE-2005-2495", "CVE-2005-3099", "CVE-2006-3467", "CVE-2006-3739", "CVE-2007-1667", "CVE-2007-4070", "CVE-2008-5684" ); script_bugtraq_id( 14807, 18034, 19974, 23300, 32807 ); script_name(english:"Solaris 10 (x86) : 119060-45"); script_summary(english:"Checks for patch 119060-45"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun security patch number 119060-45." ); script_set_attribute( attribute:"description", value: "X11 6.6.2_x86: Xsun patch. This patch addresses IAVT 2009-T-0001." ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119060-45" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/15"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwsrv", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwplr", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwrtl", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwice", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwfs", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwxst", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwinc", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwfnt", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwpmn", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxorg-client-docs", version:"6.8.2.5.10.0110,REV=0.2005.06.21") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwplt", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwopt", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwacx", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119060-45", obsoleted_by:"", package:"SUNWxwman", version:"6.6.2.7400,REV=0.2004.12.15") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-501.NASL description Updated XFree86 packages that fix several integer overflows, various bugs, and add ATI RN50/ES1000 support are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Several integer overflow bugs were found in the way XFree86 parses pixmap images. It is possible for a user to gain elevated privileges by loading a specially crafted pixmap image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2495 to this issue. Additionally this update adds the following new features in this release: - Support for ATI RN50/ES1000 chipsets has been added. The following bugs were also fixed in this release: - A problem with the X server last seen 2020-06-01 modified 2020-06-02 plugin id 21833 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21833 title CentOS 3 : XFree86 (CESA-2005:501) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:501 and # CentOS Errata and Security Advisory 2005:501 respectively. # include("compat.inc"); if (description) { script_id(21833); script_version("1.17"); script_cvs_date("Date: 2019/10/25 13:36:02"); script_cve_id("CVE-2005-2495"); script_xref(name:"RHSA", value:"2005:501"); script_name(english:"CentOS 3 : XFree86 (CESA-2005:501)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated XFree86 packages that fix several integer overflows, various bugs, and add ATI RN50/ES1000 support are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Several integer overflow bugs were found in the way XFree86 parses pixmap images. It is possible for a user to gain elevated privileges by loading a specially crafted pixmap image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2495 to this issue. Additionally this update adds the following new features in this release: - Support for ATI RN50/ES1000 chipsets has been added. The following bugs were also fixed in this release: - A problem with the X server's module loading system that led to cache incoherency on the Itanium architecture. - The X server's PCI config space accesses caused contention with the kernel if accesses occurred while the kernel lock was held. - X font server (xfs) crashed when accessing Type 1 fonts via showfont. - A problem with the X transport library prevented X applications from starting if the hostname started with a digit. - An issue where refresh rates were being restricted to 60Hz on some Intel i8xx systems Users of XFree86 should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue." ); # https://lists.centos.org/pipermail/centos-announce/2005-September/012169.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?79868c45" ); # https://lists.centos.org/pipermail/centos-announce/2005-September/012170.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4b4b34ee" ); # https://lists.centos.org/pipermail/centos-announce/2005-September/012171.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?564fb77d" ); script_set_attribute( attribute:"solution", value:"Update the affected xfree86 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-14-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-14-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-15-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-15-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-2-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-2-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-9-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-9-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-Mesa-libGL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-Mesa-libGLU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-base-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-cyrillic-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-font-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-libs-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-sdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-syriac-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-truetype-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-twm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-xauth"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-xdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-xfs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/15"); script_set_attribute(attribute:"patch_publication_date", value:"2005/09/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"XFree86-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-100dpi-fonts-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-75dpi-fonts-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-14-100dpi-fonts-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-14-75dpi-fonts-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-15-100dpi-fonts-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-15-75dpi-fonts-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-2-100dpi-fonts-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-2-75dpi-fonts-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-9-100dpi-fonts-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-9-75dpi-fonts-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-Mesa-libGL-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-Mesa-libGLU-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-Xnest-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-Xvfb-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-base-fonts-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-cyrillic-fonts-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-devel-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-doc-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-font-utils-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-libs-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-libs-data-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-sdk-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-syriac-fonts-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-tools-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-truetype-fonts-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-twm-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-xauth-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-xdm-4.3.0-95.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-xfs-4.3.0-95.EL")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "XFree86 / XFree86-100dpi-fonts / XFree86-75dpi-fonts / etc"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_119059-74.NASL description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Nov/04/19 last seen 2020-06-01 modified 2020-06-02 plugin id 130508 published 2019-11-05 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130508 title Solaris 10 (sparc) : 119059-74 NASL family Fedora Local Security Checks NASL id FEDORA_2005-893.NASL description Updated xorg-x11 packages that fix several integer overflows, various bugs, are now available for Fedora Core 3. X.Org X11 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Several integer overflow bugs were found in the way X.Org X11 code parses pixmap images. It is possible for a user to gain elevated privileges by loading a specially crafted pixmap image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2495 to this issue. Additionally, this update contains : - Support for some newer models of Intel i945 video chipsets. - A change to the X server to make it use linux PCI config space access methods instead of directly touching the PCI config space registers itself. This prevents the X server from causing hardware lockups due accessing PCI config space at the same time the kernel has it locked. This is the latest revision of the PCI config space access patches, which fix a few regressions discovered on some hardware with previous patches. - A fix for a memory leak in the X server last seen 2020-06-01 modified 2020-06-02 plugin id 19739 published 2005-09-17 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19739 title Fedora Core 3 : xorg-x11-6.8.2-1.FC3.45 (2005-893) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119060-64.NASL description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Sep/12/13 last seen 2020-06-01 modified 2020-06-02 plugin id 107801 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107801 title Solaris 10 (x86) : 119060-64 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200509-07.NASL description The remote host is affected by the vulnerability described in GLSA-200509-07 (X.Org: Heap overflow in pixmap allocation) X.Org is missing an integer overflow check during pixmap memory allocation. Impact : An X.Org user could exploit this issue to make the X server execute arbitrary code with elevated privileges. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19686 published 2005-09-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19686 title GLSA-200509-07 : X.Org: Heap overflow in pixmap allocation NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_32966.NASL description s700_800 11.11 Xserver cumulative patch : A potential security vulnerability has been identified in the Xserver running on HP-UX. The vulnerability could be exploited by a local user to execute arbitrary code with the privileges of the Xserver. last seen 2020-06-01 modified 2020-06-02 plugin id 22179 published 2006-08-08 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22179 title HP-UX PHSS_32966 : HP-UX Running Xserver Local Execution of Arbitrary Code, Privilege Elevation (HPSBUX02137 SSRT051024 rev.1) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_32960.NASL description s700_800 11.23 Xserver cumulative patch : A potential security vulnerability has been identified in the Xserver running on HP-UX. The vulnerability could be exploited by a local user to execute arbitrary code with the privileges of the Xserver. last seen 2020-06-01 modified 2020-06-02 plugin id 22177 published 2006-08-08 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22177 title HP-UX PHSS_32960 : HP-UX Running Xserver Local Execution of Arbitrary Code, Privilege Elevation (HPSBUX02137 SSRT051024 rev.1) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2005-269-02.NASL description New X.Org server packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security issue. An integer overflow in the pixmap handling code may allow the execution of arbitrary code through a specially crafted pixmap. Slackware 10.2 was patched against this vulnerability before its release, but new server packages are being issued for Slackware 10.2 and -current using an improved patch, as there were some bug reports using certain programs. last seen 2020-06-01 modified 2020-06-02 plugin id 19867 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19867 title Slackware 10.0 / 10.1 / 10.2 / current : X.Org pixmap overflow (SSA:2005-269-02) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_118908.NASL description X11 6.7.0_x86: Xorg patch. Date this patch was last updated by Sun : Sep/23/08 last seen 2020-06-01 modified 2020-06-02 plugin id 23609 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23609 title Solaris 9 (x86) : 118908-06 NASL family Solaris Local Security Checks NASL id SOLARIS10_119059-65.NASL description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Sep/12/13 last seen 2020-06-01 modified 2020-06-02 plugin id 107299 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107299 title Solaris 10 (sparc) : 119059-65 NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-164.NASL description A vulnerability was discovered in the pixmap allocation handling of the X server that can lead to local privilege escalation. By allocating a huge pixmap, a local user could trigger an integer overflow that resulted in a memory allocation that was too small for the requested pixmap, leading to a buffer overflow which could then be exploited to execute arbitrary code with full root privileges. The updated packages have been patched to address these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19919 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19919 title Mandrake Linux Security Advisory : XFree86 (MDKSA-2005:164) NASL family Solaris Local Security Checks NASL id SOLARIS8_108652.NASL description X11 6.4.1: Xsun patch. Date this patch was last updated by Sun : May/04/06 last seen 2016-09-26 modified 2011-09-18 plugin id 23300 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23300 title Solaris 8 (sparc) : 108652-98 NASL family Solaris Local Security Checks NASL id SOLARIS10_119059-66.NASL description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Mar/15/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107300 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107300 title Solaris 10 (sparc) : 119059-66 NASL family Solaris Local Security Checks NASL id SOLARIS10_119059-72.NASL description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Mar/09/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107304 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107304 title Solaris 10 (sparc) : 119059-72 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119060-73.NASL description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Nov/04/19 last seen 2020-06-01 modified 2020-06-02 plugin id 130510 published 2019-11-05 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130510 title Solaris 10 (x86) : 119060-73 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-396.NASL description Updated X.org packages that fix several integer overflows are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. Several integer overflow bugs were found in the way X.org parses pixmap images. It is possible for a user to gain elevated privileges by loading a specially crafted pixmap image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2495 to this issue. Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21934 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21934 title CentOS 4 : xorg-x11 (CESA-2005:396) NASL family Solaris Local Security Checks NASL id SOLARIS10_119059_46.NASL description X11 6.6.2: Xsun patch. This patch addresses IAVT 2009-T-0001. last seen 2020-06-01 modified 2020-06-02 plugin id 82536 published 2015-04-02 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82536 title Solaris 10 (sparc) : 119059-46 NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A863AA7424BE11DA8882000E0C33C2DC.NASL description Allocating large pixmaps by a client can trigger an integer overflow in the X server, potentially leading to execution of arbitrary code with elevated (root) privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 21490 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21490 title FreeBSD : X11 server -- pixmap allocation vulnerability (a863aa74-24be-11da-8882-000e0c33c2dc) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-329.NASL description Updated XFree86 packages that fix several integer overflows are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. Several integer overflow bugs were found in the way XFree86 parses pixmap images. It is possible for a user to gain elevated privileges by loading a specially crafted pixmap image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2495 to this issue. Users of XFree86 should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 19688 published 2005-09-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19688 title RHEL 2.1 : XFree86 (RHSA-2005:329) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-501.NASL description Updated XFree86 packages that fix several integer overflows, various bugs, and add ATI RN50/ES1000 support are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Several integer overflow bugs were found in the way XFree86 parses pixmap images. It is possible for a user to gain elevated privileges by loading a specially crafted pixmap image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2495 to this issue. Additionally this update adds the following new features in this release: - Support for ATI RN50/ES1000 chipsets has been added. The following bugs were also fixed in this release: - A problem with the X server last seen 2020-06-01 modified 2020-06-02 plugin id 19712 published 2005-09-17 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19712 title RHEL 3 : XFree86 (RHSA-2005:501) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119060-69.NASL description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Jul/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107804 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107804 title Solaris 10 (x86) : 119060-69 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119060-68.NASL description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Nov/15/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107803 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107803 title Solaris 10 (x86) : 119060-68 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119060-65.NASL description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Mar/15/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107802 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107802 title Solaris 10 (x86) : 119060-65 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-396.NASL description Updated X.org packages that fix several integer overflows are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon. Several integer overflow bugs were found in the way X.org parses pixmap images. It is possible for a user to gain elevated privileges by loading a specially crafted pixmap image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2495 to this issue. Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 19691 published 2005-09-14 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19691 title RHEL 4 : xorg-x11 (RHSA-2005:396) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_118966.NASL description X11 6.8.0_x86: Xorg patch. Date this patch was last updated by Sun : Feb/23/07 last seen 2018-09-01 modified 2018-08-13 plugin id 22984 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22984 title Solaris 10 (x86) : 118966-25 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-816.NASL description Soren Sandmann discovered a bug in memory allocation for pixmap images, that can cause a crash of the X server or to execute arbitrary code. The update for the old stable distribution (woody) also contains a different correction for multiple vulnerabilities in libXpm ( DSA 607, CAN-2004-0914, Bug#309143), since the old fix contained a regression. last seen 2020-06-01 modified 2020-06-02 plugin id 19785 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19785 title Debian DSA-816-1 : xfree86 - integer overflow NASL family Solaris Local Security Checks NASL id SOLARIS10_119059.NASL description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Jun/15/17 This plugin has been deprecated and either replaced with individual 119059 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 22952 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22952 title Solaris 10 (sparc) : 119059-73 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119060-71.NASL description X11 6.6.2_x86: Xsun patch. Date this patch was last updated by Sun : Mar/09/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107806 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107806 title Solaris 10 (x86) : 119060-71 NASL family Solaris Local Security Checks NASL id SOLARIS10_119059-69.NASL description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Nov/15/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107301 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107301 title Solaris 10 (sparc) : 119059-69 NASL family Fedora Local Security Checks NASL id FEDORA_2005-894.NASL description Updated xorg-x11 packages that fix several integer overflows, various bugs, are now available for Fedora Core 4. X.Org X11 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Several integer overflow bugs were found in the way X.Org X11 code parses pixmap images. It is possible for a user to gain elevated privileges by loading a specially crafted pixmap image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2495 to this issue. Additionally, this update contains : - Support for some newer models of Intel i945 video chipsets. - A fix for a regression caused in the last Xorg update for Fedora Core 4, which resulted in some Matrox hardware to fail to initialize properly, which was introduced in the PCI config space access bugfix from the previous xorg-x11 update. The PCI config code has been updated now to handle BIOS related quirks of this nature, so this fix may also benefit users of some other brands of video hardware as well. - A fix for a memory leak in the X server last seen 2020-06-01 modified 2020-06-02 plugin id 19740 published 2005-09-17 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19740 title Fedora Core 4 : xorg-x11-6.8.2-37.FC4.48.1 (2005-894) NASL family Solaris Local Security Checks NASL id SOLARIS10_119059-71.NASL description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Nov/12/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107303 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107303 title Solaris 10 (sparc) : 119059-71 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-182-1.NASL description A local privilege escalation vulnerability has been discovered in the pixmap allocation handling of the X server. By allocating a huge pixmap, a local user could trigger an integer overflow that resulted in a memory allocation that was too small for the requested pixmap. This resulted in a buffer overflow which could eventually be exploited to execute arbitrary code with full root privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20593 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20593 title Ubuntu 4.10 / 5.04 : xorg, xfree86 vulnerabilities (USN-182-1) NASL family Solaris Local Security Checks NASL id SOLARIS10_119059-70.NASL description X11 6.6.2: Xsun patch. Date this patch was last updated by Sun : Jul/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107302 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107302 title Solaris 10 (sparc) : 119059-70
Oval
accepted 2006-05-03T10:06:00.000-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. description Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image. family unix id oval:org.mitre.oval:def:1044 status accepted submitted 2006-02-12T01:16:00.000-04:00 title Solaris Xsun Privilege Escalation via Pixmaps Vulnerability version 36 accepted 2013-04-29T04:20:42.488-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990
description Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image. family unix id oval:org.mitre.oval:def:9615 status accepted submitted 2010-07-09T03:56:16-04:00 title Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image. version 26 accepted 2006-05-03T10:06:00.000-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. description Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image. family unix id oval:org.mitre.oval:def:998 status accepted submitted 2006-02-12T01:16:00.000-04:00 title Solaris Xorg Privilege Escalation via Pixmaps Vulnerability version 35
Redhat
| advisories |
| ||||||||||||
| rpms |
|
References
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.22/SCOSA-2006.22.txt
- ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U
- http://marc.info/?l=bugtraq&m=112690609622266&w=2
- http://secunia.com/advisories/16777
- http://secunia.com/advisories/16790
- http://secunia.com/advisories/17044
- http://secunia.com/advisories/17215
- http://secunia.com/advisories/17258
- http://secunia.com/advisories/17278
- http://secunia.com/advisories/19624
- http://secunia.com/advisories/19796
- http://secunia.com/advisories/21318
- http://securitytracker.com/id?1014887
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101926-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101953-1
- http://support.avaya.com/elmodocs2/security/ASA-2005-218.pdf
- http://support.avaya.com/elmodocs2/security/ASA-2005-226.pdf
- http://www.debian.org/security/2005/dsa-816
- http://www.gentoo.org/security/en/glsa/glsa-200509-07.xml
- http://www.kb.cert.org/vuls/id/102441
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:164
- http://www.novell.com/linux/security/advisories/2005_23_sr.html
- http://www.novell.com/linux/security/advisories/2005_56_xserver.html
- http://www.osvdb.org/19352
- http://www.redhat.com/support/errata/RHSA-2005-329.html
- http://www.redhat.com/support/errata/RHSA-2005-396.html
- http://www.redhat.com/support/errata/RHSA-2005-501.html
- http://www.securityfocus.com/advisories/9285
- http://www.securityfocus.com/advisories/9286
- http://www.securityfocus.com/archive/1/427045/100/0/threaded
- http://www.securityfocus.com/archive/1/442163/100/0/threaded
- http://www.securityfocus.com/bid/14807
- http://www.vupen.com/english/advisories/2006/3140
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22244
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1044
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9615
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A998
- https://www.ubuntu.com/usn/usn-182-1/