Vulnerabilities > CVE-2006-1526 - Buffer Overflow vulnerability in X.Org XRender Extension
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-081.NASL description A problem was discovered in xorg-x11 where the X render extension would mis-calculate the size of a buffer, leading to an overflow that could possibly be exploited by clients of the X server. Update : Rafael Bermudez noticed that the patch for 2006 was mis-applied. This update resolves that issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21356 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21356 title Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:081-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:081. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(21356); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2006-1526"); script_xref(name:"MDKSA", value:"2006:081-1"); script_name(english:"Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:081-1)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A problem was discovered in xorg-x11 where the X render extension would mis-calculate the size of a buffer, leading to an overflow that could possibly be exploited by clients of the X server. Update : Rafael Bermudez noticed that the patch for 2006 was mis-applied. This update resolves that issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:X11R6-contrib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xorg-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xorg-x11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xorg-x11-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxorg-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxorg-x11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxorg-x11-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-Xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-Xprt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-cyrillic-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-glide-module"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-xauth"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-xfs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"X11R6-contrib-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64xorg-x11-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64xorg-x11-devel-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64xorg-x11-static-devel-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libxorg-x11-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libxorg-x11-devel-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libxorg-x11-static-devel-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xorg-x11-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xorg-x11-100dpi-fonts-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xorg-x11-75dpi-fonts-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xorg-x11-Xdmx-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xorg-x11-Xnest-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xorg-x11-Xprt-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xorg-x11-Xvfb-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xorg-x11-cyrillic-fonts-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xorg-x11-doc-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xorg-x11-glide-module-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xorg-x11-server-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xorg-x11-xauth-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"xorg-x11-xfs-6.9.0-5.6.20060mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-123-01.NASL description New xorg and xorg-devel packages are available for Slackware 10.1, 10.2, and -current to fix a security issue. A typo in the X render extension in X.Org 6.8.0 or later allows an X client to crash the server and possibly to execute arbitrary code as the X server user (typically this is last seen 2020-06-01 modified 2020-06-02 plugin id 21342 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21342 title Slackware 10.1 / 10.2 / current : xorg server overflow (SSA:2006-123-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2006-123-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(21342); script_version("1.14"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2006-1526"); script_xref(name:"SSA", value:"2006-123-01"); script_name(english:"Slackware 10.1 / 10.2 / current : xorg server overflow (SSA:2006-123-01)"); script_summary(english:"Checks for updated packages in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New xorg and xorg-devel packages are available for Slackware 10.1, 10.2, and -current to fix a security issue. A typo in the X render extension in X.Org 6.8.0 or later allows an X client to crash the server and possibly to execute arbitrary code as the X server user (typically this is 'root'.)" ); # http://lists.freedesktop.org/archives/xorg/2006-May/015136.html script_set_attribute( attribute:"see_also", value:"https://lists.freedesktop.org/archives/xorg/2006-May/015136.html" ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.437110 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1439b67a" ); script_set_attribute( attribute:"solution", value:"Update the affected x11 and / or x11-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:x11-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"10.1", pkgname:"x11", pkgver:"6.8.1", pkgarch:"i486", pkgnum:"5")) flag++; if (slackware_check(osver:"10.1", pkgname:"x11-devel", pkgver:"6.8.1", pkgarch:"i486", pkgnum:"5")) flag++; if (slackware_check(osver:"10.2", pkgname:"x11", pkgver:"6.8.2", pkgarch:"i486", pkgnum:"5")) flag++; if (slackware_check(osver:"10.2", pkgname:"x11-devel", pkgver:"6.8.2", pkgarch:"i486", pkgnum:"5")) flag++; if (slackware_check(osver:"current", pkgname:"x11", pkgver:"6.9.0", pkgarch:"i486", pkgnum:"4")) flag++; if (slackware_check(osver:"current", pkgname:"x11-devel", pkgver:"6.9.0", pkgarch:"i486", pkgnum:"4")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:slackware_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2007-036.NASL description - Tue Jan 9 2007 Adam Jackson <ajax at redhat.com> 1.0.1-9.fc5.6 - xorg-xserver-1.0.1-dbe-render.diff: CVE #2006-6101. - Fri Jun 30 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-9.fc5.5 - Standardize on using lowercase last seen 2020-06-01 modified 2020-06-02 plugin id 24192 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24192 title Fedora Core 5 : xorg-x11-server-1.0.1-9.fc5.6 (2007-036) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-036. # include("compat.inc"); if (description) { script_id(24192); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_xref(name:"FEDORA", value:"2007-036"); script_name(english:"Fedora Core 5 : xorg-x11-server-1.0.1-9.fc5.6 (2007-036)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Tue Jan 9 2007 Adam Jackson <ajax at redhat.com> 1.0.1-9.fc5.6 - xorg-xserver-1.0.1-dbe-render.diff: CVE #2006-6101. - Fri Jun 30 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-9.fc5.5 - Standardize on using lowercase 'fcN' in Release field to denote the OS release the package is being built for in all erratum from now on, as this is the official Fedora packaging guideline recommended way that the new 'dist' tag uses: http://fedoraproject.org/wiki/DistTag. (#197266) - Remove various rpm spec file macros from the changelog which were inadvertently added over time. (#197281) - Mon Jun 26 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-9.FC5.4 - Updated build dependency to require mesa-source-6.4.2-6.FC5.3 minimum for DRI enabled builds to fix numerous bug reports on x86_64 including (#190245, 185929,187603,185727,189730) - Added xorg-x11-server-1.0.1-setuid.diff to fix setuid bug (#196126) - Bump xtrans dependency to '>= 1.0.0-3.2.FC5.0' for setuid fix in xtrans. - Added 'BuildRequires: freetype-devel >= 2.1.9-1, zlib-devel' so that the package will build now in brew/mock for erratum. - Fri May 19 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-9.FC5.3 - Enable alpha, sparc, sparc64 architectures to be buildable (untested, but feel free to submit patches in bugzilla if it does not work right) - Add missing SBUS header for sparc architecture (#187357) - Fri May 5 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-9.fc5.2 - Merge xorg-x11-server-1.0.1-render-tris-CVE-2006-1526.patch security fix from 1.0.1-9.fc5.1.1 release from embargoed branch of CVS to FC-5 branch. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://fedoraproject.org/wiki/DistTag. script_set_attribute( attribute:"see_also", value:"https://fedoraproject.org/wiki/DistTag." ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-January/001225.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7499b334" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xorg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-sdk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC5", reference:"xorg-x11-server-Xdmx-1.0.1-9.fc5.6")) flag++; if (rpm_check(release:"FC5", reference:"xorg-x11-server-Xnest-1.0.1-9.fc5.6")) flag++; if (rpm_check(release:"FC5", reference:"xorg-x11-server-Xorg-1.0.1-9.fc5.6")) flag++; if (rpm_check(release:"FC5", reference:"xorg-x11-server-Xvfb-1.0.1-9.fc5.6")) flag++; if (rpm_check(release:"FC5", reference:"xorg-x11-server-debuginfo-1.0.1-9.fc5.6")) flag++; if (rpm_check(release:"FC5", reference:"xorg-x11-server-sdk-1.0.1-9.fc5.6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server-Xdmx / xorg-x11-server-Xnest / xorg-x11-server-Xorg / etc"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-280-1.NASL description The Render extension of the X.org server incorrectly calculated the size of a memory buffer, which led to a buffer overflow. A local attacker could exploit this to crash the X server or even execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21374 published 2006-05-13 reporter Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21374 title Ubuntu 5.04 / 5.10 : xorg vulnerability (USN-280-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-280-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(21374); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2006-1526"); script_xref(name:"USN", value:"280-1"); script_name(english:"Ubuntu 5.04 / 5.10 : xorg vulnerability (USN-280-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The Render extension of the X.org server incorrectly calculated the size of a memory buffer, which led to a buffer overflow. A local attacker could exploit this to crash the X server or even execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lbxproxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdmx-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdmx1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdmx1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdps-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdps1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdps1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfs-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfs6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfs6-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libice-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libice6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libice6-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsm-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsm6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsm6-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libx11-6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libx11-6-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libx11-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxau-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxau6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxau6-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxaw6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxaw6-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxaw6-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxaw7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxaw7-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxaw7-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxaw8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxaw8-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxaw8-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxcomposite-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxcomposite1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxcomposite1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxdamage-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxdamage1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxdamage1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxdmcp-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxdmcp6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxdmcp6-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxevie-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxevie1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxevie1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxext-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxext6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxext6-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxfixes-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxfixes3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxfixes3-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxi-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxi6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxi6-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxinerama-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxinerama1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxinerama1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxkbfile-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxkbfile1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxkbfile1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxkbui-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxkbui1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxkbui1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxmu-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxmu6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxmu6-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxmuu-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxmuu1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxmuu1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxp-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxp6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxp6-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxpm-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxpm4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxpm4-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxrandr-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxrandr2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxrandr2-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxres-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxres1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxres1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxss-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxss1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxss1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxt-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxt6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxt6-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxtrap-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxtrap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxtrap6-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxtst-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxtst6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxtst6-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxv-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxv1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxv1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxvmc-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxvmc1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxvmc1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxxf86dga-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxxf86dga1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxxf86dga1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxxf86misc-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxxf86misc1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxxf86misc1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxxf86rush-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxxf86rush1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxxf86rush1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxxf86vm-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxxf86vm1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxxf86vm1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:pm-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:proxymngr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:twm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:x-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:x-window-system"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:x-window-system-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:x-window-system-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xbase-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xfonts-100dpi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xfonts-100dpi-transcoded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xfonts-75dpi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xfonts-75dpi-transcoded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xfonts-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xfonts-base-transcoded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xfonts-cyrillic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xfonts-scalable"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xfree86-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xfwp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibmesa-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibmesa-dri"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibmesa-dri-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibmesa-gl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibmesa-gl-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibmesa-gl-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibmesa-glu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibmesa-glu-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibmesa-glu-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibmesa3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibmesa3-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibosmesa-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibosmesa4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibosmesa4-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibs-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibs-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibs-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibs-pic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibs-static-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xlibs-static-pic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xmh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xorg-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xprt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-apm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-ark"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-ati"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-chips"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-cirrus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-cyrix"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-dummy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-fbdev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-glide"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-glint"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-i128"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-i740"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-i810"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-imstt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-mga"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-neomagic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-newport"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-nsc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-nv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-rendition"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-s3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-s3virge"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-savage"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-siliconmotion"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-sis"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-tdfx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-tga"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-trident"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-tseng"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-v4l"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-vesa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-vga"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-via"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-vmware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-acecad"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-aiptek"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-calcomp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-citron"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-digitaledge"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-dmc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-dynapro"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-elographics"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-fpit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-hyperpen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-kbd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-magellan"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-microtouch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-mouse"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-mutouch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-palmax"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-penmount"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-spaceorb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-summa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-tek4957"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-void"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-wacom"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xspecs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xterm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xvfb"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/13"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(5\.04|5\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.04 / 5.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"5.04", pkgname:"lbxproxy", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libdmx-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libdmx1", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libdmx1-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libdps-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libdps1", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libdps1-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libfs-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libfs6", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libfs6-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libice-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libice6", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libice6-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libsm-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libsm6", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libsm6-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libx11-6", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libx11-6-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libx11-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxau-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxau6", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxau6-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxaw6", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxaw6-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxaw6-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxaw7", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxaw7-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxaw7-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxaw8", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxaw8-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxaw8-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxcomposite-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxcomposite1", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxcomposite1-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxdamage-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxdamage1", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxdamage1-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxdmcp-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxdmcp6", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxdmcp6-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxevie-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxevie1", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxevie1-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxext-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxext6", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxext6-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxfixes-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxfixes3", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxfixes3-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxi-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxi6", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxi6-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxinerama-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxinerama1", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxinerama1-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxkbfile-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxkbfile1", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxkbfile1-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxkbui-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxkbui1", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxkbui1-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxmu-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxmu6", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxmu6-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxmuu-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxmuu1", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxmuu1-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxp-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxp6", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxp6-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxpm-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxpm4", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxpm4-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxrandr-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxrandr2", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxrandr2-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxres-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxres1", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxres1-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxss-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxss1", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxss1-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxt-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxt6", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxt6-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxtrap-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxtrap6", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxtrap6-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxtst-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxtst6", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxtst6-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxv-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxv1", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxv1-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxvmc-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxvmc1", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxvmc1-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxxf86dga-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxxf86dga1", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxxf86dga1-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxxf86misc-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxxf86misc1", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxxf86misc1-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxxf86rush-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxxf86rush1", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxxf86rush1-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxxf86vm-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxxf86vm1", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxxf86vm1-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"pm-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"proxymngr", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"twm", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"x-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"x-window-system", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"x-window-system-core", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"x-window-system-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xbase-clients", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xdm", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xdmx", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xfonts-100dpi", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xfonts-100dpi-transcoded", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xfonts-75dpi", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xfonts-75dpi-transcoded", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xfonts-base", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xfonts-base-transcoded", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xfonts-cyrillic", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xfonts-scalable", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xfree86-common", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xfs", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xfwp", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibmesa-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibmesa-dri", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibmesa-dri-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibmesa-gl", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibmesa-gl-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibmesa-gl-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibmesa-glu", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibmesa-glu-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibmesa-glu-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibmesa3", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibmesa3-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibosmesa-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibosmesa4", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibosmesa4-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibs", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibs-data", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibs-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibs-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibs-pic", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibs-static-dev", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xlibs-static-pic", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xmh", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xnest", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xorg-common", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xprt", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xserver-common", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xserver-xorg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xserver-xorg-dbg", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xspecs", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xterm", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xutils", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"xvfb", pkgver:"6.8.2-10.2")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"x-window-system-core", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"x-window-system-dev", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xbase-clients", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xdmx", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xlibs", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xlibs-data", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xlibs-dev", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xlibs-static-dev", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xlibs-static-pic", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xnest", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xorg-common", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-common", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-core", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-dbg", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-apm", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-ark", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-ati", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-chips", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-cirrus", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-cyrix", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-dummy", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-fbdev", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-glide", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-glint", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-i128", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-i740", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-i810", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-imstt", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-mga", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-neomagic", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-newport", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-nsc", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-nv", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-rendition", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-s3", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-s3virge", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-savage", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-siliconmotion", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-sis", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-tdfx", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-tga", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-trident", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-tseng", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-v4l", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-vesa", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-vga", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-via", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-driver-vmware", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-acecad", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-aiptek", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-calcomp", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-citron", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-digitaledge", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-dmc", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-dynapro", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-elographics", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-fpit", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-hyperpen", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-kbd", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-magellan", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-microtouch", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-mouse", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-mutouch", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-palmax", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-penmount", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-spaceorb", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-summa", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-tek4957", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-void", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xserver-xorg-input-wacom", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xutils", pkgver:"6.8.2-77.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"xvfb", pkgver:"6.8.2-77.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lbxproxy / libdmx-dev / libdmx1 / libdmx1-dbg / libdps-dev / etc"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0451.NASL description Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces such as GNOME and KDE are designed upon. A buffer overflow flaw in the X.org server RENDER extension was discovered. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-1526) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. This issue does not affect Red Hat Enterprise Linux 2.1 or 3. last seen 2020-06-01 modified 2020-06-02 plugin id 21996 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21996 title CentOS 4 : xorg-x11 (CESA-2006:0451) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0451 and # CentOS Errata and Security Advisory 2006:0451 respectively. # include("compat.inc"); if (description) { script_id(21996); script_version("1.16"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2006-1526"); script_xref(name:"RHSA", value:"2006:0451"); script_name(english:"CentOS 4 : xorg-x11 (CESA-2006:0451)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces such as GNOME and KDE are designed upon. A buffer overflow flaw in the X.org server RENDER extension was discovered. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-1526) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. This issue does not affect Red Hat Enterprise Linux 2.1 or 3." ); # https://lists.centos.org/pipermail/centos-announce/2006-May/012885.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c5b31e81" ); # https://lists.centos.org/pipermail/centos-announce/2006-May/012888.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?be53d3f4" ); # https://lists.centos.org/pipermail/centos-announce/2006-May/012889.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?61ff2e2c" ); script_set_attribute( attribute:"solution", value:"Update the affected xorg-x11 packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Mesa-libGL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Mesa-libGLU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-deprecated-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-deprecated-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-font-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-sdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-twm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-xauth"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-xdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-xfs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/02"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Mesa-libGL-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Mesa-libGLU-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Xdmx-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Xnest-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Xvfb-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-deprecated-libs-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-deprecated-libs-devel-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-devel-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-doc-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-font-utils-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-libs-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-sdk-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-tools-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-twm-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-xauth-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-xdm-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-xfs-6.8.2-1.EL.13.25.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11 / xorg-x11-Mesa-libGL / xorg-x11-Mesa-libGLU / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2006-484.NASL description A buffer overflow in the X server RENDER extension implementation, documented in CVE-2006-1526 has been fixed in this release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24085 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24085 title Fedora Core 4 : xorg-x11-6.8.2-37.FC4.49.2.1 (2006-484) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2006-484. # include("compat.inc"); if (description) { script_id(24085); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:24"); script_xref(name:"FEDORA", value:"2006-484"); script_name(english:"Fedora Core 4 : xorg-x11-6.8.2-37.FC4.49.2.1 (2006-484)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "A buffer overflow in the X server RENDER extension implementation, documented in CVE-2006-1526 has been fixed in this release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2006-May/000006.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9c9b5339" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-Mesa-libGL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-Mesa-libGLU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-Xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-deprecated-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-deprecated-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-font-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-sdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-twm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-xauth"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-xdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-xfs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:4"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 4.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC4", reference:"xorg-x11-6.8.2-37.FC4.49.2.1")) flag++; if (rpm_check(release:"FC4", reference:"xorg-x11-Mesa-libGL-6.8.2-37.FC4.49.2.1")) flag++; if (rpm_check(release:"FC4", reference:"xorg-x11-Mesa-libGLU-6.8.2-37.FC4.49.2.1")) flag++; if (rpm_check(release:"FC4", reference:"xorg-x11-Xdmx-6.8.2-37.FC4.49.2.1")) flag++; if (rpm_check(release:"FC4", reference:"xorg-x11-Xnest-6.8.2-37.FC4.49.2.1")) flag++; if (rpm_check(release:"FC4", reference:"xorg-x11-Xvfb-6.8.2-37.FC4.49.2.1")) flag++; if (rpm_check(release:"FC4", reference:"xorg-x11-deprecated-libs-6.8.2-37.FC4.49.2.1")) flag++; if (rpm_check(release:"FC4", reference:"xorg-x11-deprecated-libs-devel-6.8.2-37.FC4.49.2.1")) flag++; if (rpm_check(release:"FC4", reference:"xorg-x11-devel-6.8.2-37.FC4.49.2.1")) flag++; if (rpm_check(release:"FC4", reference:"xorg-x11-doc-6.8.2-37.FC4.49.2.1")) flag++; if (rpm_check(release:"FC4", reference:"xorg-x11-font-utils-6.8.2-37.FC4.49.2.1")) flag++; if (rpm_check(release:"FC4", reference:"xorg-x11-libs-6.8.2-37.FC4.49.2.1")) flag++; if (rpm_check(release:"FC4", reference:"xorg-x11-sdk-6.8.2-37.FC4.49.2.1")) flag++; if (rpm_check(release:"FC4", reference:"xorg-x11-tools-6.8.2-37.FC4.49.2.1")) flag++; if (rpm_check(release:"FC4", reference:"xorg-x11-twm-6.8.2-37.FC4.49.2.1")) flag++; if (rpm_check(release:"FC4", reference:"xorg-x11-xauth-6.8.2-37.FC4.49.2.1")) flag++; if (rpm_check(release:"FC4", reference:"xorg-x11-xdm-6.8.2-37.FC4.49.2.1")) flag++; if (rpm_check(release:"FC4", reference:"xorg-x11-xfs-6.8.2-37.FC4.49.2.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11 / xorg-x11-Mesa-libGL / xorg-x11-Mesa-libGLU / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0451.NASL description Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces such as GNOME and KDE are designed upon. A buffer overflow flaw in the X.org server RENDER extension was discovered. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-1526) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. This issue does not affect Red Hat Enterprise Linux 2.1 or 3. last seen 2020-06-01 modified 2020-06-02 plugin id 21367 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21367 title RHEL 4 : xorg-x11 (RHSA-2006:0451) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0451. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(21367); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2006-1526"); script_xref(name:"RHSA", value:"2006:0451"); script_name(english:"RHEL 4 : xorg-x11 (RHSA-2006:0451)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces such as GNOME and KDE are designed upon. A buffer overflow flaw in the X.org server RENDER extension was discovered. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-1526) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. This issue does not affect Red Hat Enterprise Linux 2.1 or 3." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-1526" ); # http://lists.freedesktop.org/archives/xorg/2006-May/015136.html script_set_attribute( attribute:"see_also", value:"https://lists.freedesktop.org/archives/xorg/2006-May/015136.html" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2006:0451" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Mesa-libGL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Mesa-libGLU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-deprecated-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-deprecated-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-font-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-sdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-twm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-xauth"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-xdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-xfs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/02"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2006:0451"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"xorg-x11-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-Mesa-libGL-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-Mesa-libGLU-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-Xdmx-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-Xnest-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-Xvfb-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-deprecated-libs-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-deprecated-libs-devel-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-devel-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"xorg-x11-doc-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"xorg-x11-doc-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-font-utils-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-libs-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"xorg-x11-sdk-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"xorg-x11-sdk-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-tools-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-twm-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-xauth-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-xdm-6.8.2-1.EL.13.25.1")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-xfs-6.8.2-1.EL.13.25.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11 / xorg-x11-Mesa-libGL / xorg-x11-Mesa-libGLU / etc"); } }NASL family Fedora Local Security Checks NASL id FEDORA_2006-483.NASL description A buffer overflow in the X server RENDER extension implementation, documented in CVE-2006-1526 has been fixed in this release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24084 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24084 title Fedora Core 5 : xorg-x11-server-1.0.1-9.fc5.1.1 (2006-483) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2006-483. # include("compat.inc"); if (description) { script_id(24084); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:24"); script_xref(name:"FEDORA", value:"2006-483"); script_name(english:"Fedora Core 5 : xorg-x11-server-1.0.1-9.fc5.1.1 (2006-483)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "A buffer overflow in the X server RENDER extension implementation, documented in CVE-2006-1526 has been fixed in this release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2006-May/000005.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3731b5ee" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xorg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-sdk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC5", reference:"xorg-x11-server-Xdmx-1.0.1-9.fc5.1.1")) flag++; if (rpm_check(release:"FC5", reference:"xorg-x11-server-Xnest-1.0.1-9.fc5.1.1")) flag++; if (rpm_check(release:"FC5", reference:"xorg-x11-server-Xorg-1.0.1-9.fc5.1.1")) flag++; if (rpm_check(release:"FC5", reference:"xorg-x11-server-Xvfb-1.0.1-9.fc5.1.1")) flag++; if (rpm_check(release:"FC5", reference:"xorg-x11-server-debuginfo-1.0.1-9.fc5.1.1")) flag++; if (rpm_check(release:"FC5", reference:"xorg-x11-server-sdk-1.0.1-9.fc5.1.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server-Xdmx / xorg-x11-server-Xnest / xorg-x11-server-Xorg / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2007-424.NASL description - Sun Apr 8 2007 Adam Jackson <ajax at redhat.com> 1.0.1-9.fc5.7 - xserver-CVE-2007-1003.patch: Fix CVE-2007-1003 in XC-MISC extension. - xorg-x11-server-1.0.1-intel-bridge-fix.patch: Backport an Intel PCI bridge fix from FC6. - Tue Jan 9 2007 Adam Jackson <ajax at redhat.com> 1.0.1-9.fc5.6 - xorg-xserver-1.0.1-dbe-render.diff: CVE #2006-6101. - Fri Jun 30 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-9.fc5.5 - Standardize on using lowercase last seen 2020-06-01 modified 2020-06-02 plugin id 25027 published 2007-04-12 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25027 title Fedora Core 5 : xorg-x11-server-1.0.1-9.fc5.7 (2007-424) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-424. # include("compat.inc"); if (description) { script_id(25027); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_xref(name:"FEDORA", value:"2007-424"); script_name(english:"Fedora Core 5 : xorg-x11-server-1.0.1-9.fc5.7 (2007-424)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Sun Apr 8 2007 Adam Jackson <ajax at redhat.com> 1.0.1-9.fc5.7 - xserver-CVE-2007-1003.patch: Fix CVE-2007-1003 in XC-MISC extension. - xorg-x11-server-1.0.1-intel-bridge-fix.patch: Backport an Intel PCI bridge fix from FC6. - Tue Jan 9 2007 Adam Jackson <ajax at redhat.com> 1.0.1-9.fc5.6 - xorg-xserver-1.0.1-dbe-render.diff: CVE #2006-6101. - Fri Jun 30 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-9.fc5.5 - Standardize on using lowercase 'fcN' in Release field to denote the OS release the package is being built for in all erratum from now on, as this is the official Fedora packaging guideline recommended way that the new 'dist' tag uses: http://fedoraproject.org/wiki/DistTag. (#197266) - Remove various rpm spec file macros from the changelog which were inadvertently added over time. (#197281) - Mon Jun 26 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-9.FC5.4 - Updated build dependency to require mesa-source-6.4.2-6.FC5.3 minimum for DRI enabled builds to fix numerous bug reports on x86_64 including (#190245, 185929,187603,185727,189730) - Added xorg-x11-server-1.0.1-setuid.diff to fix setuid bug (#196126) - Bump xtrans dependency to '>= 1.0.0-3.2.FC5.0' for setuid fix in xtrans. - Added 'BuildRequires: freetype-devel >= 2.1.9-1, zlib-devel' so that the package will build now in brew/mock for erratum. - Fri May 19 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-9.FC5.3 - Enable alpha, sparc, sparc64 architectures to be buildable (untested, but feel free to submit patches in bugzilla if it does not work right) - Add missing SBUS header for sparc architecture (#187357) - Fri May 5 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-9.fc5.2 - Merge xorg-x11-server-1.0.1-render-tris-CVE-2006-1526.patch security fix from 1.0.1-9.fc5.1.1 release from embargoed branch of CVS to FC-5 branch. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://fedoraproject.org/wiki/DistTag. script_set_attribute( attribute:"see_also", value:"https://fedoraproject.org/wiki/DistTag." ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-April/001651.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?80a79938" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xorg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-sdk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC5", reference:"xorg-x11-server-Xdmx-1.0.1-9.fc5.7")) flag++; if (rpm_check(release:"FC5", reference:"xorg-x11-server-Xnest-1.0.1-9.fc5.7")) flag++; if (rpm_check(release:"FC5", reference:"xorg-x11-server-Xorg-1.0.1-9.fc5.7")) flag++; if (rpm_check(release:"FC5", reference:"xorg-x11-server-Xvfb-1.0.1-9.fc5.7")) flag++; if (rpm_check(release:"FC5", reference:"xorg-x11-server-debuginfo-1.0.1-9.fc5.7")) flag++; if (rpm_check(release:"FC5", reference:"xorg-x11-server-sdk-1.0.1-9.fc5.7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server-Xdmx / xorg-x11-server-Xnest / xorg-x11-server-Xorg / etc"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200605-02.NASL description The remote host is affected by the vulnerability described in GLSA-200605-02 (X.Org: Buffer overflow in XRender extension) X.Org miscalculates the size of a buffer in the XRender extension. Impact : An X.Org user could exploit this issue to make the X server execute arbitrary code with elevated privileges. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 21317 published 2006-05-03 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21317 title GLSA-200605-02 : X.Org: Buffer overflow in XRender extension
Oval
| accepted | 2013-04-29T04:23:24.304-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | " instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:9929 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue. | ||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://lists.freedesktop.org/archives/xorg/2006-May/015136.html
- http://secunia.com/advisories/19900
- http://secunia.com/advisories/19915
- http://secunia.com/advisories/19916
- http://secunia.com/advisories/19921
- http://secunia.com/advisories/19943
- http://secunia.com/advisories/19951
- http://secunia.com/advisories/19956
- http://secunia.com/advisories/19983
- http://securitytracker.com/id?1016018
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102339-1
- http://www.gentoo.org/security/en/glsa/glsa-200605-02.xml
- http://www.kb.cert.org/vuls/id/633257
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:081
- http://www.novell.com/linux/security/advisories/2006_05_03.html
- http://www.openbsd.org/errata38.html#xorg
- http://www.redhat.com/support/errata/RHSA-2006-0451.html
- http://www.securityfocus.com/archive/1/436327/100/0/threaded
- http://www.securityfocus.com/bid/17795
- http://www.trustix.org/errata/2006/0024
- http://www.vupen.com/english/advisories/2006/1617
- https://bugs.freedesktop.org/show_bug.cgi?id=6642
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26200
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9929
- https://usn.ubuntu.com/280-1/