Vulnerabilities > CVE-2006-6102 - Local Integer Overflow vulnerability in X.Org DBE And Render Extensions

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
x-org
xfree86-project
critical
nessus

Summary

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.

Vulnerable Configurations

Part Description Count
Application
X.Org
4
Application
Xfree86_Project
1

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2007_008.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2007:008 (XFree86-server,xorg-x11-server,xloader). This update fixes three memory corruptions within the X server which could be used by local attackers with access to this display to crash the X server and potentially execute code. CVE-2006-6101: Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures. CVE-2006-6102: Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. CVE-2006-6103: Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.
    last seen2019-10-28
    modified2007-02-18
    plugin id24462
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24462
    titleSUSE-SA:2007:008: XFree86-server,xorg-x11-server,xloader
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2007:008
    #
    
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(24462);
     script_version ("1.9");
     
     name["english"] = "SUSE-SA:2007:008: XFree86-server,xorg-x11-server,xloader";
     
     script_name(english:name["english"]);
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a vendor-supplied security patch" );
     script_set_attribute(attribute:"description", value:
    "The remote host is missing the patch for the advisory SUSE-SA:2007:008 (XFree86-server,xorg-x11-server,xloader).
    
    
    This update fixes three memory corruptions within the X server which
    could be used by local attackers with access to this display to crash
    the X server and potentially execute code.
    
    CVE-2006-6101: Integer overflow in the ProcRenderAddGlyphs function
    in the Render extension for X.Org 6.8.2, 6.9.0, 7.0,
    and 7.1, and XFree86 X server, allows local users to
    execute arbitrary code via a crafted X protocol request
    that triggers memory corruption during processing of
    glyph management data structures.
    
    CVE-2006-6102: Integer overflow in the ProcDbeGetVisualInfo function
    in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0,
    and 7.1, and XFree86 X server, allows local users to
    execute arbitrary code via a crafted X protocol request
    that triggers memory corruption during processing of
    unspecified data structures.
    
    CVE-2006-6103: Integer overflow in the ProcDbeSwapBuffers function in
    the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1,
    and XFree86 X server, allows local users to execute
    arbitrary code via a crafted X protocol request
    that triggers memory corruption during processing of
    unspecified data structures." );
     script_set_attribute(attribute:"solution", value:
    "http://www.novell.com/linux/security/advisories/2007_08_x.html" );
     script_set_attribute(attribute:"risk_factor", value:"High" );
    
    
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2007/02/18");
     script_end_attributes();
    
     
     summary["english"] = "Check for the version of the XFree86-server,xorg-x11-server,xloader package";
     script_summary(english:summary["english"]);
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
     family["english"] = "SuSE Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/SuSE/rpm-list");
     exit(0);
    }
    
    include("rpm.inc");
    if ( rpm_check( reference:"xorg-x11-server-6.8.2-100.10", release:"SUSE10.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"xorg-x11-server-6.8.2-30.10", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0002.NASL
    descriptionFrom Red Hat Security Advisory 2007:0002 : Updated XFree86 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported three integer overflow flaws in the XFree86 Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67434
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67434
    titleOracle Linux 3 : XFree86 (ELSA-2007-0002)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2007:0002 and 
    # Oracle Linux Security Advisory ELSA-2007-0002 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67434);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:06");
    
      script_cve_id("CVE-2006-6101", "CVE-2006-6102", "CVE-2006-6103");
      script_bugtraq_id(21968);
      script_xref(name:"RHSA", value:"2007:0002");
    
      script_name(english:"Oracle Linux 3 : XFree86 (ELSA-2007-0002)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2007:0002 :
    
    Updated XFree86 packages that fix a security issue are now available
    for Red Hat Enterprise Linux 2.1 and 3.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    XFree86 is an implementation of the X Window System, which provides
    the core functionality for the Linux graphical desktop.
    
    iDefense reported three integer overflow flaws in the XFree86 Render
    and DBE extensions. A malicious authorized client could exploit this
    issue to cause a denial of service (crash) or potentially execute
    arbitrary code with root privileges on the XFree86 server.
    (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103)
    
    Users of XFree86 should upgrade to these updated packages, which
    contain a backported patch and is not vulnerable to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2007-March/000103.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xfree86 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-14-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-14-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-15-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-15-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-2-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-2-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-9-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-9-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-Mesa-libGL");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-Mesa-libGLU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-Xnest");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-Xvfb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-base-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-cyrillic-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-font-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-libs-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-sdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-syriac-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-truetype-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-twm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-xauth");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-xdm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-xfs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-100dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-100dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-75dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-75dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-14-100dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-14-100dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-14-75dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-14-75dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-15-100dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-15-100dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-15-75dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-15-75dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-2-100dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-2-100dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-2-75dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-2-75dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-9-100dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-9-100dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-9-75dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-9-75dpi-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-Mesa-libGL-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-Mesa-libGL-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-Mesa-libGLU-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-Mesa-libGLU-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-Xnest-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-Xnest-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-Xvfb-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-Xvfb-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-base-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-base-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-cyrillic-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-cyrillic-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-devel-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-devel-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-doc-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-doc-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-font-utils-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-font-utils-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-libs-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-libs-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-libs-data-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-libs-data-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-sdk-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-sdk-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-syriac-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-syriac-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-tools-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-tools-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-truetype-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-truetype-fonts-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-twm-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-twm-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-xauth-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-xauth-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-xdm-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-xdm-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-xfs-4.3.0-115.EL.0.2")) flag++;
    if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-xfs-4.3.0-115.EL.0.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "XFree86 / XFree86-100dpi-fonts / XFree86-75dpi-fonts / etc");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200701-25.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200701-25 (X.Org X server: Multiple vulnerabilities) Multiple memory corruption vulnerabilities have been found in the ProcDbeGetVisualInfo() and the ProcDbeSwapBuffers() of the DBE extension, and ProcRenderAddGlyphs() in the Render extension. Impact : A local attacker could execute arbitrary code with the privileges of the user running the X server, typically root. Workaround : Disable the DBE extension by removing the
    last seen2020-06-01
    modified2020-06-02
    plugin id24310
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24310
    titleGLSA-200701-25 : X.Org X server: Multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200701-25.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24310);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:43");
    
      script_cve_id("CVE-2006-6101", "CVE-2006-6102", "CVE-2006-6103");
      script_xref(name:"GLSA", value:"200701-25");
    
      script_name(english:"GLSA-200701-25 : X.Org X server: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200701-25
    (X.Org X server: Multiple vulnerabilities)
    
        Multiple memory corruption vulnerabilities have been found in the
        ProcDbeGetVisualInfo() and the ProcDbeSwapBuffers() of the DBE
        extension, and ProcRenderAddGlyphs() in the Render extension.
      
    Impact :
    
        A local attacker could execute arbitrary code with the privileges of
        the user running the X server, typically root.
      
    Workaround :
    
        Disable the DBE extension by removing the 'Load dbe' directive in the
        Module section of xorg.conf, and explicitly disable the Render
        extension with ' Option 'RENDER' 'disable' ' in the Extensions section.
        Note: This could affect the functionality of some applications."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200701-25"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All X.Org X server users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=x11-base/xorg-server-1.1.1-r4'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xorg-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/01/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/09");
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"x11-base/xorg-server", unaffected:make_list("ge 1.1.1-r4"), vulnerable:make_list("lt 1.1.1-r4"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "X.Org X server");
    }
    
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_36452.NASL
    descriptions700_800 11.23 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. These vulnerabilities could be exploited by a local user to create a Denial of Service (DoS).
    last seen2020-06-01
    modified2020-06-02
    plugin id26156
    published2007-09-25
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/26156
    titleHP-UX PHSS_36452 : HP-UX Running Xserver, Local Denial of Service (DoS) (HPSBUX02225 SSRT071295 rev.1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHSS_36452. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(26156);
      script_version("1.17");
      script_cvs_date("Date: 2018/07/12 19:01:15");
    
      script_cve_id("CVE-2006-6101", "CVE-2006-6102", "CVE-2006-6103");
      script_bugtraq_id(21968);
      script_xref(name:"HP", value:"emr_na-c01075678");
      script_xref(name:"HP", value:"HPSBUX02225");
      script_xref(name:"HP", value:"SSRT071295");
    
      script_name(english:"HP-UX PHSS_36452 : HP-UX Running Xserver, Local Denial of Service (DoS) (HPSBUX02225 SSRT071295 rev.1)");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.23 Xserver cumulative patch : 
    
    Potential security vulnerabilities have been identified with HP-UX
    running Xserver. These vulnerabilities could be exploited by a local
    user to create a Denial of Service (DoS)."
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01075678
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?31324b64"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHSS_36452 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/06/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25");
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.23"))
    {
      exit(0, "The host is not affected since PHSS_36452 applies to a different OS release.");
    }
    
    patches = make_list("PHSS_36452", "PHSS_37971", "PHSS_37972", "PHSS_39257", "PHSS_40810", "PHSS_41260");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"Xserver.AGRM", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.DDX-ADVANCED", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.DDX-ENTRY", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.DDX-LOAD", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.DDX-SAM", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.DDX-SLS", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.DDX-UTILS", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.OEM-SERVER", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.OEM-SERVER-PA", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.X11-SERV", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.X11-SERV-MAN", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-DBE", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-DBE-MAN", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-DPMS", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-DPMS-MAN", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-HPCR", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-HPCR-MAN", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-MBX", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-RECORD", version:"B.11.23")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XORG-X11-SERVER-2449.NASL
    descriptionX server: ProcRenderAddGlyphs Memory Corruption Vulnerability. This update fixes a memory corruption in the ProcRenderAddGlyphs() function (CVE-2006-6101). X server: ProcDbeGetVisualInfo Memory Corruption Vulnerability. This update fixes a memory corruption in the ProcDbeGetVisualInfo() function (CVE-2006-6102). X server: ProcDbeSwapBuffers Memory Corruption Vulnerability. This update fixes a memory corruption in the ProcDbeSwapBuffers() function. (CVE-2006-6103)
    last seen2020-06-01
    modified2020-06-02
    plugin id29606
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29606
    titleSuSE 10 Security Update : xorg-x11-server (ZYPP Patch Number 2449)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29606);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:31");
    
      script_cve_id("CVE-2006-6101", "CVE-2006-6102", "CVE-2006-6103");
    
      script_name(english:"SuSE 10 Security Update : xorg-x11-server (ZYPP Patch Number 2449)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "X server: ProcRenderAddGlyphs Memory Corruption Vulnerability. This
    update fixes a memory corruption in the ProcRenderAddGlyphs() function
    (CVE-2006-6101). X server: ProcDbeGetVisualInfo Memory Corruption
    Vulnerability. This update fixes a memory corruption in the
    ProcDbeGetVisualInfo() function (CVE-2006-6102). X server:
    ProcDbeSwapBuffers Memory Corruption Vulnerability. This update fixes
    a memory corruption in the ProcDbeSwapBuffers() function.
    (CVE-2006-6103)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-6101.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-6102.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2006-6103.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 2449.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/01/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:0, reference:"xorg-x11-server-6.9.0-50.30")) flag++;
    if (rpm_check(release:"SLES10", sp:0, reference:"xorg-x11-server-6.9.0-50.30")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XORG-X11-SERVER-2453.NASL
    descriptionThis update fixes memory corruptions in the ProcRenderAddGlyphs()/ ProcDbeGetVisualInfo()/ProcDbeSwapBuffers() functions (CVE-2006-6101/ CVE-2006-6102/CVE-2006-6103).
    last seen2020-06-01
    modified2020-06-02
    plugin id27495
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27495
    titleopenSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-2453)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update xorg-x11-server-2453.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27495);
      script_version ("1.13");
      script_cvs_date("Date: 2019/10/25 13:36:31");
    
      script_cve_id("CVE-2006-6101", "CVE-2006-6102", "CVE-2006-6103");
    
      script_name(english:"openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-2453)");
      script_summary(english:"Check for the xorg-x11-server-2453 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes memory corruptions in the ProcRenderAddGlyphs()/
    ProcDbeGetVisualInfo()/ProcDbeSwapBuffers() functions (CVE-2006-6101/
    CVE-2006-6102/CVE-2006-6103)."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xorg-x11-server package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/01/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"xorg-x11-server-6.9.0-50.30") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"xorg-x11-server-7.2-30.4") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "X server");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0003.NASL
    descriptionUpdated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported three integer overflow flaws in the X.org Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24010
    published2007-01-11
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24010
    titleRHEL 4 : xorg-x11 (RHSA-2007:0003)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:0003. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24010);
      script_version ("1.24");
      script_cvs_date("Date: 2019/10/25 13:36:12");
    
      script_cve_id("CVE-2006-6101", "CVE-2006-6102", "CVE-2006-6103");
      script_bugtraq_id(21968);
      script_xref(name:"RHSA", value:"2007:0003");
    
      script_name(english:"RHEL 4 : xorg-x11 (RHSA-2007:0003)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated X.org packages that fix a security issue are now available for
    Red Hat Enterprise Linux 4.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    X.org is an open source implementation of the X Window System. It
    provides the basic low-level functionality that full-fledged graphical
    user interfaces are designed upon.
    
    iDefense reported three integer overflow flaws in the X.org Render and
    DBE extensions. A malicious authorized client could exploit this issue
    to cause a denial of service (crash) or potentially execute arbitrary
    code with root privileges on the X.org server. (CVE-2006-6101,
    CVE-2006-6102, CVE-2006-6103)
    
    Users of X.org should upgrade to these updated packages, which contain
    a backported patch and is not vulnerable to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-6101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-6102"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-6103"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2007:0003"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Mesa-libGL");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Mesa-libGLU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Xdmx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Xnest");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Xvfb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-deprecated-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-deprecated-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-font-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-sdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-twm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-xauth");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-xdm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-xfs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/01/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2007:0003";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"xorg-x11-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"xorg-x11-Mesa-libGL-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"xorg-x11-Mesa-libGLU-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"xorg-x11-Xdmx-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"xorg-x11-Xnest-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"xorg-x11-Xvfb-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"xorg-x11-deprecated-libs-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"xorg-x11-deprecated-libs-devel-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"xorg-x11-devel-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"xorg-x11-doc-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"xorg-x11-doc-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"xorg-x11-font-utils-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"xorg-x11-libs-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i386", reference:"xorg-x11-sdk-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"xorg-x11-sdk-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"xorg-x11-tools-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"xorg-x11-twm-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"xorg-x11-xauth-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"xorg-x11-xdm-6.8.2-1.EL.13.37.5")) flag++;
      if (rpm_check(release:"RHEL4", reference:"xorg-x11-xfs-6.8.2-1.EL.13.37.5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11 / xorg-x11-Mesa-libGL / xorg-x11-Mesa-libGLU / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0002.NASL
    descriptionUpdated XFree86 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported three integer overflow flaws in the XFree86 Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24009
    published2007-01-11
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24009
    titleRHEL 2.1 / 3 : XFree86 (RHSA-2007:0002)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:0002. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24009);
      script_version ("1.24");
      script_cvs_date("Date: 2019/10/25 13:36:12");
    
      script_cve_id("CVE-2006-6101", "CVE-2006-6102", "CVE-2006-6103");
      script_bugtraq_id(21968);
      script_xref(name:"RHSA", value:"2007:0002");
    
      script_name(english:"RHEL 2.1 / 3 : XFree86 (RHSA-2007:0002)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated XFree86 packages that fix a security issue are now available
    for Red Hat Enterprise Linux 2.1 and 3.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    XFree86 is an implementation of the X Window System, which provides
    the core functionality for the Linux graphical desktop.
    
    iDefense reported three integer overflow flaws in the XFree86 Render
    and DBE extensions. A malicious authorized client could exploit this
    issue to cause a denial of service (crash) or potentially execute
    arbitrary code with root privileges on the XFree86 server.
    (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103)
    
    Users of XFree86 should upgrade to these updated packages, which
    contain a backported patch and is not vulnerable to this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-6101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-6102"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2006-6103"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2007:0002"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-14-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-14-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-15-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-15-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-2-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-2-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-9-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-9-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Mesa-libGL");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Mesa-libGLU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Xnest");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Xvfb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-base-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-cyrillic-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-font-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-libs-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-sdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-syriac-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-truetype-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-twm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-xauth");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-xdm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-xf86cfg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-xfs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/31");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/01/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2007:0002";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-100dpi-fonts-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-75dpi-fonts-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-ISO8859-15-100dpi-fonts-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-ISO8859-15-75dpi-fonts-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-ISO8859-2-100dpi-fonts-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-ISO8859-2-75dpi-fonts-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-ISO8859-9-100dpi-fonts-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-ISO8859-9-75dpi-fonts-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-Xnest-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-Xvfb-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-cyrillic-fonts-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-devel-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-doc-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-libs-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-tools-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-twm-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-xdm-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-xf86cfg-4.1.0-78.EL")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-xfs-4.1.0-78.EL")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"XFree86-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-100dpi-fonts-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-75dpi-fonts-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-14-100dpi-fonts-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-14-75dpi-fonts-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-15-100dpi-fonts-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-15-75dpi-fonts-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-2-100dpi-fonts-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-2-75dpi-fonts-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-9-100dpi-fonts-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-9-75dpi-fonts-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-Mesa-libGL-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-Mesa-libGLU-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-Xnest-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-Xvfb-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-base-fonts-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-cyrillic-fonts-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-devel-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i386", reference:"XFree86-doc-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"XFree86-doc-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-font-utils-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-libs-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-libs-data-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i386", reference:"XFree86-sdk-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"XFree86-sdk-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-syriac-fonts-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-tools-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-truetype-fonts-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-twm-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-xauth-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-xdm-4.3.0-115.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-xfs-4.3.0-115.EL")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "XFree86 / XFree86-100dpi-fonts / XFree86-75dpi-fonts / etc");
      }
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2007-066-02.NASL
    descriptionNew x11 packages are available for Slackware 10.2 and 11.0.
    last seen2020-06-01
    modified2020-06-02
    plugin id24788
    published2007-03-12
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24788
    titleSlackware 10.2 / 11.0 : x11 (SSA:2007-066-02)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0003.NASL
    descriptionUpdated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported three integer overflow flaws in the X.org Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24023
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24023
    titleCentOS 4 : xorg-x11 (CESA-2007:0003)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-005.NASL
    descriptionSean Larsson of iDefense Labs discovered several vulnerabilities in X.Org/XFree86 : Local exploitation of a memory corruption vulnerability in the
    last seen2020-06-01
    modified2020-06-02
    plugin id24621
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24621
    titleMandrake Linux Security Advisory : xorg-x11 (MDKSA-2007:005)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-403-1.NASL
    descriptionThe DBE and Render extensions in X.org were vulnerable to integer overflows, which could lead to memory overwrites. An authenticated user could make a specially crafted request and execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27991
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27991
    titleUbuntu 5.10 / 6.06 LTS / 6.10 : xorg, xorg-server vulnerabilities (USN-403-1)
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_34389.NASL
    descriptions700_800 11.11 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. These vulnerabilities could be exploited by a local user to create a Denial of Service (DoS).
    last seen2020-06-01
    modified2020-06-02
    plugin id26141
    published2007-09-25
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/26141
    titleHP-UX PHSS_34389 : HP-UX Running Xserver, Local Denial of Service (DoS) (HPSBUX02225 SSRT071295 rev.1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0003.NASL
    descriptionFrom Red Hat Security Advisory 2007:0003 : Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported three integer overflow flaws in the X.org Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67435
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67435
    titleOracle Linux 4 : xorg-x11 (ELSA-2007-0003)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1249.NASL
    descriptionSeveral vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-6101 Sean Larsson discovered an integer overflow in the Render extension, which might lead to denial of service or local privilege escalation. - CVE-2006-6102 Sean Larsson discovered an integer overflow in the DBE extension, which might lead to denial of service or local privilege escalation. - CVE-2006-6103 Sean Larsson discovered an integer overflow in the DBE extension, which might lead to denial of service or local privilege escalation.
    last seen2020-06-01
    modified2020-06-02
    plugin id24026
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24026
    titleDebian DSA-1249-1 : xfree86 - several vulnerabilities
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_36123.NASL
    descriptions700_800 11.31 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. These vulnerabilities could be exploited by a local user to create a Denial of Service (DoS).
    last seen2020-06-01
    modified2020-06-02
    plugin id26150
    published2007-09-25
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/26150
    titleHP-UX PHSS_36123 : HP-UX Running Xserver, Local Denial of Service (DoS) (HPSBUX02225 SSRT071295 rev.1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0002.NASL
    descriptionUpdated XFree86 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported three integer overflow flaws in the XFree86 Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24005
    published2007-01-11
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24005
    titleCentOS 3 : XFree86 (CESA-2007:0002)

Oval

accepted2013-04-29T04:23:57.195-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionInteger overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.
familyunix
idoval:org.mitre.oval:def:9991
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleInteger overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.
version26

Redhat

advisories
  • rhsa
    idRHSA-2007:0002
  • rhsa
    idRHSA-2007:0003
rpms
  • XFree86-0:4.1.0-78.EL
  • XFree86-0:4.3.0-115.EL
  • XFree86-100dpi-fonts-0:4.1.0-78.EL
  • XFree86-100dpi-fonts-0:4.3.0-115.EL
  • XFree86-75dpi-fonts-0:4.1.0-78.EL
  • XFree86-75dpi-fonts-0:4.3.0-115.EL
  • XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-115.EL
  • XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-115.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.1.0-78.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-115.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.1.0-78.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-115.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.1.0-78.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-115.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.1.0-78.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-115.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.1.0-78.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-115.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.1.0-78.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-115.EL
  • XFree86-Mesa-libGL-0:4.3.0-115.EL
  • XFree86-Mesa-libGLU-0:4.3.0-115.EL
  • XFree86-Xnest-0:4.1.0-78.EL
  • XFree86-Xnest-0:4.3.0-115.EL
  • XFree86-Xvfb-0:4.1.0-78.EL
  • XFree86-Xvfb-0:4.3.0-115.EL
  • XFree86-base-fonts-0:4.3.0-115.EL
  • XFree86-cyrillic-fonts-0:4.1.0-78.EL
  • XFree86-cyrillic-fonts-0:4.3.0-115.EL
  • XFree86-devel-0:4.1.0-78.EL
  • XFree86-devel-0:4.3.0-115.EL
  • XFree86-doc-0:4.1.0-78.EL
  • XFree86-doc-0:4.3.0-115.EL
  • XFree86-font-utils-0:4.3.0-115.EL
  • XFree86-libs-0:4.1.0-78.EL
  • XFree86-libs-0:4.3.0-115.EL
  • XFree86-libs-data-0:4.3.0-115.EL
  • XFree86-sdk-0:4.3.0-115.EL
  • XFree86-syriac-fonts-0:4.3.0-115.EL
  • XFree86-tools-0:4.1.0-78.EL
  • XFree86-tools-0:4.3.0-115.EL
  • XFree86-truetype-fonts-0:4.3.0-115.EL
  • XFree86-twm-0:4.1.0-78.EL
  • XFree86-twm-0:4.3.0-115.EL
  • XFree86-xauth-0:4.3.0-115.EL
  • XFree86-xdm-0:4.1.0-78.EL
  • XFree86-xdm-0:4.3.0-115.EL
  • XFree86-xf86cfg-0:4.1.0-78.EL
  • XFree86-xfs-0:4.1.0-78.EL
  • XFree86-xfs-0:4.3.0-115.EL
  • xorg-x11-0:6.8.2-1.EL.13.37.5
  • xorg-x11-Mesa-libGL-0:6.8.2-1.EL.13.37.5
  • xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.13.37.5
  • xorg-x11-Xdmx-0:6.8.2-1.EL.13.37.5
  • xorg-x11-Xnest-0:6.8.2-1.EL.13.37.5
  • xorg-x11-Xvfb-0:6.8.2-1.EL.13.37.5
  • xorg-x11-deprecated-libs-0:6.8.2-1.EL.13.37.5
  • xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.13.37.5
  • xorg-x11-devel-0:6.8.2-1.EL.13.37.5
  • xorg-x11-doc-0:6.8.2-1.EL.13.37.5
  • xorg-x11-font-utils-0:6.8.2-1.EL.13.37.5
  • xorg-x11-libs-0:6.8.2-1.EL.13.37.5
  • xorg-x11-sdk-0:6.8.2-1.EL.13.37.5
  • xorg-x11-tools-0:6.8.2-1.EL.13.37.5
  • xorg-x11-twm-0:6.8.2-1.EL.13.37.5
  • xorg-x11-xauth-0:6.8.2-1.EL.13.37.5
  • xorg-x11-xdm-0:6.8.2-1.EL.13.37.5
  • xorg-x11-xfs-0:6.8.2-1.EL.13.37.5

Statements

contributorMark J Cox
lastmodified2007-03-14
organizationRed Hat
statementRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References