Vulnerabilities > CVE-2006-6103 - Local Integer Overflow vulnerability in X.Org DBE And Render Extensions
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 | |
Application | 1 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SA_2007_008.NASL description The remote host is missing the patch for the advisory SUSE-SA:2007:008 (XFree86-server,xorg-x11-server,xloader). This update fixes three memory corruptions within the X server which could be used by local attackers with access to this display to crash the X server and potentially execute code. CVE-2006-6101: Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures. CVE-2006-6102: Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. CVE-2006-6103: Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. last seen 2019-10-28 modified 2007-02-18 plugin id 24462 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24462 title SUSE-SA:2007:008: XFree86-server,xorg-x11-server,xloader code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2007:008 # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(24462); script_version ("1.9"); name["english"] = "SUSE-SA:2007:008: XFree86-server,xorg-x11-server,xloader"; script_name(english:name["english"]); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a vendor-supplied security patch" ); script_set_attribute(attribute:"description", value: "The remote host is missing the patch for the advisory SUSE-SA:2007:008 (XFree86-server,xorg-x11-server,xloader). This update fixes three memory corruptions within the X server which could be used by local attackers with access to this display to crash the X server and potentially execute code. CVE-2006-6101: Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures. CVE-2006-6102: Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. CVE-2006-6103: Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures." ); script_set_attribute(attribute:"solution", value: "http://www.novell.com/linux/security/advisories/2007_08_x.html" ); script_set_attribute(attribute:"risk_factor", value:"High" ); script_set_attribute(attribute:"plugin_publication_date", value: "2007/02/18"); script_end_attributes(); summary["english"] = "Check for the version of the XFree86-server,xorg-x11-server,xloader package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); family["english"] = "SuSE Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/SuSE/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"xorg-x11-server-6.8.2-100.10", release:"SUSE10.0") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"xorg-x11-server-6.8.2-30.10", release:"SUSE9.3") ) { security_hole(0); exit(0); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0002.NASL description From Red Hat Security Advisory 2007:0002 : Updated XFree86 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported three integer overflow flaws in the XFree86 Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67434 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67434 title Oracle Linux 3 : XFree86 (ELSA-2007-0002) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0002 and # Oracle Linux Security Advisory ELSA-2007-0002 respectively. # include("compat.inc"); if (description) { script_id(67434); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:06"); script_cve_id("CVE-2006-6101", "CVE-2006-6102", "CVE-2006-6103"); script_bugtraq_id(21968); script_xref(name:"RHSA", value:"2007:0002"); script_name(english:"Oracle Linux 3 : XFree86 (ELSA-2007-0002)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2007:0002 : Updated XFree86 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported three integer overflow flaws in the XFree86 Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-March/000103.html" ); script_set_attribute( attribute:"solution", value:"Update the affected xfree86 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-14-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-14-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-15-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-15-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-2-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-2-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-9-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-9-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-Mesa-libGL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-Mesa-libGLU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-base-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-cyrillic-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-font-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-libs-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-sdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-syriac-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-truetype-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-twm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-xauth"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-xdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-xfs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/31"); script_set_attribute(attribute:"patch_publication_date", value:"2007/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-100dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-100dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-75dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-75dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-14-100dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-14-100dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-14-75dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-14-75dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-15-100dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-15-100dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-15-75dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-15-75dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-2-100dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-2-100dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-2-75dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-2-75dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-9-100dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-9-100dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-9-75dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-9-75dpi-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-Mesa-libGL-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-Mesa-libGL-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-Mesa-libGLU-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-Mesa-libGLU-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-Xnest-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-Xnest-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-Xvfb-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-Xvfb-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-base-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-base-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-cyrillic-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-cyrillic-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-devel-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-devel-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-doc-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-doc-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-font-utils-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-font-utils-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-libs-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-libs-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-libs-data-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-libs-data-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-sdk-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-sdk-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-syriac-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-syriac-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-tools-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-tools-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-truetype-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-truetype-fonts-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-twm-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-twm-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-xauth-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-xauth-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-xdm-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-xdm-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-xfs-4.3.0-115.EL.0.2")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-xfs-4.3.0-115.EL.0.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "XFree86 / XFree86-100dpi-fonts / XFree86-75dpi-fonts / etc"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200701-25.NASL description The remote host is affected by the vulnerability described in GLSA-200701-25 (X.Org X server: Multiple vulnerabilities) Multiple memory corruption vulnerabilities have been found in the ProcDbeGetVisualInfo() and the ProcDbeSwapBuffers() of the DBE extension, and ProcRenderAddGlyphs() in the Render extension. Impact : A local attacker could execute arbitrary code with the privileges of the user running the X server, typically root. Workaround : Disable the DBE extension by removing the last seen 2020-06-01 modified 2020-06-02 plugin id 24310 published 2007-02-09 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24310 title GLSA-200701-25 : X.Org X server: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200701-25. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(24310); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-6101", "CVE-2006-6102", "CVE-2006-6103"); script_xref(name:"GLSA", value:"200701-25"); script_name(english:"GLSA-200701-25 : X.Org X server: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200701-25 (X.Org X server: Multiple vulnerabilities) Multiple memory corruption vulnerabilities have been found in the ProcDbeGetVisualInfo() and the ProcDbeSwapBuffers() of the DBE extension, and ProcRenderAddGlyphs() in the Render extension. Impact : A local attacker could execute arbitrary code with the privileges of the user running the X server, typically root. Workaround : Disable the DBE extension by removing the 'Load dbe' directive in the Module section of xorg.conf, and explicitly disable the Render extension with ' Option 'RENDER' 'disable' ' in the Extensions section. Note: This could affect the functionality of some applications." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200701-25" ); script_set_attribute( attribute:"solution", value: "All X.Org X server users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-base/xorg-server-1.1.1-r4'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xorg-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/09"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"x11-base/xorg-server", unaffected:make_list("ge 1.1.1-r4"), vulnerable:make_list("lt 1.1.1-r4"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "X.Org X server"); }
NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_36452.NASL description s700_800 11.23 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. These vulnerabilities could be exploited by a local user to create a Denial of Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 26156 published 2007-09-25 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26156 title HP-UX PHSS_36452 : HP-UX Running Xserver, Local Denial of Service (DoS) (HPSBUX02225 SSRT071295 rev.1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_36452. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(26156); script_version("1.17"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2006-6101", "CVE-2006-6102", "CVE-2006-6103"); script_bugtraq_id(21968); script_xref(name:"HP", value:"emr_na-c01075678"); script_xref(name:"HP", value:"HPSBUX02225"); script_xref(name:"HP", value:"SSRT071295"); script_name(english:"HP-UX PHSS_36452 : HP-UX Running Xserver, Local Denial of Service (DoS) (HPSBUX02225 SSRT071295 rev.1)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.23 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. These vulnerabilities could be exploited by a local user to create a Denial of Service (DoS)." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01075678 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?31324b64" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_36452 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/25"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.23")) { exit(0, "The host is not affected since PHSS_36452 applies to a different OS release."); } patches = make_list("PHSS_36452", "PHSS_37971", "PHSS_37972", "PHSS_39257", "PHSS_40810", "PHSS_41260"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"Xserver.AGRM", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.DDX-ADVANCED", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.DDX-ENTRY", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.DDX-LOAD", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.DDX-SAM", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.DDX-SLS", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.DDX-UTILS", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.OEM-SERVER", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.OEM-SERVER-PA", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.X11-SERV", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.X11-SERV-MAN", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-DBE", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-DBE-MAN", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-DPMS", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-DPMS-MAN", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-HPCR", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-HPCR-MAN", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-MBX", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-RECORD", version:"B.11.23")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_XORG-X11-SERVER-2449.NASL description X server: ProcRenderAddGlyphs Memory Corruption Vulnerability. This update fixes a memory corruption in the ProcRenderAddGlyphs() function (CVE-2006-6101). X server: ProcDbeGetVisualInfo Memory Corruption Vulnerability. This update fixes a memory corruption in the ProcDbeGetVisualInfo() function (CVE-2006-6102). X server: ProcDbeSwapBuffers Memory Corruption Vulnerability. This update fixes a memory corruption in the ProcDbeSwapBuffers() function. (CVE-2006-6103) last seen 2020-06-01 modified 2020-06-02 plugin id 29606 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29606 title SuSE 10 Security Update : xorg-x11-server (ZYPP Patch Number 2449) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(29606); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2006-6101", "CVE-2006-6102", "CVE-2006-6103"); script_name(english:"SuSE 10 Security Update : xorg-x11-server (ZYPP Patch Number 2449)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "X server: ProcRenderAddGlyphs Memory Corruption Vulnerability. This update fixes a memory corruption in the ProcRenderAddGlyphs() function (CVE-2006-6101). X server: ProcDbeGetVisualInfo Memory Corruption Vulnerability. This update fixes a memory corruption in the ProcDbeGetVisualInfo() function (CVE-2006-6102). X server: ProcDbeSwapBuffers Memory Corruption Vulnerability. This update fixes a memory corruption in the ProcDbeSwapBuffers() function. (CVE-2006-6103)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-6101.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-6102.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-6103.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 2449."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:0, reference:"xorg-x11-server-6.9.0-50.30")) flag++; if (rpm_check(release:"SLES10", sp:0, reference:"xorg-x11-server-6.9.0-50.30")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");
NASL family SuSE Local Security Checks NASL id SUSE_XORG-X11-SERVER-2453.NASL description This update fixes memory corruptions in the ProcRenderAddGlyphs()/ ProcDbeGetVisualInfo()/ProcDbeSwapBuffers() functions (CVE-2006-6101/ CVE-2006-6102/CVE-2006-6103). last seen 2020-06-01 modified 2020-06-02 plugin id 27495 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27495 title openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-2453) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update xorg-x11-server-2453. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27495); script_version ("1.13"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2006-6101", "CVE-2006-6102", "CVE-2006-6103"); script_name(english:"openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-2453)"); script_summary(english:"Check for the xorg-x11-server-2453 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes memory corruptions in the ProcRenderAddGlyphs()/ ProcDbeGetVisualInfo()/ProcDbeSwapBuffers() functions (CVE-2006-6101/ CVE-2006-6102/CVE-2006-6103)." ); script_set_attribute( attribute:"solution", value:"Update the affected xorg-x11-server package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"xorg-x11-server-6.9.0-50.30") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"xorg-x11-server-7.2-30.4") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "X server"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0003.NASL description Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported three integer overflow flaws in the X.org Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24010 published 2007-01-11 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24010 title RHEL 4 : xorg-x11 (RHSA-2007:0003) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0003. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(24010); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:12"); script_cve_id("CVE-2006-6101", "CVE-2006-6102", "CVE-2006-6103"); script_bugtraq_id(21968); script_xref(name:"RHSA", value:"2007:0003"); script_name(english:"RHEL 4 : xorg-x11 (RHSA-2007:0003)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported three integer overflow flaws in the X.org Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-6101" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-6102" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-6103" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:0003" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Mesa-libGL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Mesa-libGLU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-deprecated-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-deprecated-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-font-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-sdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-twm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-xauth"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-xdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-xfs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/31"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2007:0003"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"xorg-x11-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-Mesa-libGL-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-Mesa-libGLU-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-Xdmx-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-Xnest-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-Xvfb-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-deprecated-libs-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-deprecated-libs-devel-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-devel-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"xorg-x11-doc-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"xorg-x11-doc-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-font-utils-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-libs-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", cpu:"i386", reference:"xorg-x11-sdk-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"xorg-x11-sdk-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-tools-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-twm-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-xauth-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-xdm-6.8.2-1.EL.13.37.5")) flag++; if (rpm_check(release:"RHEL4", reference:"xorg-x11-xfs-6.8.2-1.EL.13.37.5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11 / xorg-x11-Mesa-libGL / xorg-x11-Mesa-libGLU / etc"); } }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0002.NASL description Updated XFree86 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported three integer overflow flaws in the XFree86 Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24009 published 2007-01-11 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24009 title RHEL 2.1 / 3 : XFree86 (RHSA-2007:0002) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0002. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(24009); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:12"); script_cve_id("CVE-2006-6101", "CVE-2006-6102", "CVE-2006-6103"); script_bugtraq_id(21968); script_xref(name:"RHSA", value:"2007:0002"); script_name(english:"RHEL 2.1 / 3 : XFree86 (RHSA-2007:0002)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated XFree86 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported three integer overflow flaws in the XFree86 Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-6101" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-6102" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2006-6103" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:0002" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-14-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-14-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-15-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-15-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-2-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-2-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-9-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-9-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Mesa-libGL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Mesa-libGLU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-base-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-cyrillic-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-font-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-libs-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-sdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-syriac-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-truetype-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-twm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-xauth"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-xdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-xf86cfg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-xfs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/31"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2007:0002"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-100dpi-fonts-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-75dpi-fonts-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-ISO8859-15-100dpi-fonts-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-ISO8859-15-75dpi-fonts-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-ISO8859-2-100dpi-fonts-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-ISO8859-2-75dpi-fonts-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-ISO8859-9-100dpi-fonts-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-ISO8859-9-75dpi-fonts-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-Xnest-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-Xvfb-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-cyrillic-fonts-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-devel-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-doc-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-libs-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-tools-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-twm-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-xdm-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-xf86cfg-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"XFree86-xfs-4.1.0-78.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-100dpi-fonts-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-75dpi-fonts-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-14-100dpi-fonts-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-14-75dpi-fonts-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-15-100dpi-fonts-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-15-75dpi-fonts-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-2-100dpi-fonts-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-2-75dpi-fonts-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-9-100dpi-fonts-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-9-75dpi-fonts-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-Mesa-libGL-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-Mesa-libGLU-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-Xnest-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-Xvfb-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-base-fonts-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-cyrillic-fonts-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-devel-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"XFree86-doc-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"XFree86-doc-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-font-utils-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-libs-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-libs-data-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"XFree86-sdk-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"XFree86-sdk-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-syriac-fonts-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-tools-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-truetype-fonts-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-twm-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-xauth-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-xdm-4.3.0-115.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-xfs-4.3.0-115.EL")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "XFree86 / XFree86-100dpi-fonts / XFree86-75dpi-fonts / etc"); } }
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2007-066-02.NASL description New x11 packages are available for Slackware 10.2 and 11.0. last seen 2020-06-01 modified 2020-06-02 plugin id 24788 published 2007-03-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24788 title Slackware 10.2 / 11.0 : x11 (SSA:2007-066-02) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0003.NASL description Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported three integer overflow flaws in the X.org Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24023 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24023 title CentOS 4 : xorg-x11 (CESA-2007:0003) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-005.NASL description Sean Larsson of iDefense Labs discovered several vulnerabilities in X.Org/XFree86 : Local exploitation of a memory corruption vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 24621 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24621 title Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2007:005) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-403-1.NASL description The DBE and Render extensions in X.org were vulnerable to integer overflows, which could lead to memory overwrites. An authenticated user could make a specially crafted request and execute arbitrary code with root privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27991 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27991 title Ubuntu 5.10 / 6.06 LTS / 6.10 : xorg, xorg-server vulnerabilities (USN-403-1) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_34389.NASL description s700_800 11.11 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. These vulnerabilities could be exploited by a local user to create a Denial of Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 26141 published 2007-09-25 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26141 title HP-UX PHSS_34389 : HP-UX Running Xserver, Local Denial of Service (DoS) (HPSBUX02225 SSRT071295 rev.1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0003.NASL description From Red Hat Security Advisory 2007:0003 : Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported three integer overflow flaws in the X.org Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67435 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67435 title Oracle Linux 4 : xorg-x11 (ELSA-2007-0003) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1249.NASL description Several vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-6101 Sean Larsson discovered an integer overflow in the Render extension, which might lead to denial of service or local privilege escalation. - CVE-2006-6102 Sean Larsson discovered an integer overflow in the DBE extension, which might lead to denial of service or local privilege escalation. - CVE-2006-6103 Sean Larsson discovered an integer overflow in the DBE extension, which might lead to denial of service or local privilege escalation. last seen 2020-06-01 modified 2020-06-02 plugin id 24026 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24026 title Debian DSA-1249-1 : xfree86 - several vulnerabilities NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_36123.NASL description s700_800 11.31 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. These vulnerabilities could be exploited by a local user to create a Denial of Service (DoS). last seen 2020-06-01 modified 2020-06-02 plugin id 26150 published 2007-09-25 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26150 title HP-UX PHSS_36123 : HP-UX Running Xserver, Local Denial of Service (DoS) (HPSBUX02225 SSRT071295 rev.1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0002.NASL description Updated XFree86 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported three integer overflow flaws in the XFree86 Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24005 published 2007-01-11 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24005 title CentOS 3 : XFree86 (CESA-2007:0002)
Oval
accepted | 2013-04-29T04:10:43.407-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. | ||||||||||||||||||||
family | unix | ||||||||||||||||||||
id | oval:org.mitre.oval:def:11011 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
title | Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. | ||||||||||||||||||||
version | 26 |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Statements
contributor | Mark J Cox |
lastmodified | 2007-03-14 |
organization | Red Hat |
statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-002.txt.asc
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01075678
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=465
- http://lists.freedesktop.org/archives/xorg-announce/2007-January/000235.html
- http://osvdb.org/32086
- http://secunia.com/advisories/23633
- http://secunia.com/advisories/23670
- http://secunia.com/advisories/23684
- http://secunia.com/advisories/23689
- http://secunia.com/advisories/23698
- http://secunia.com/advisories/23705
- http://secunia.com/advisories/23758
- http://secunia.com/advisories/23789
- http://secunia.com/advisories/23966
- http://secunia.com/advisories/24168
- http://secunia.com/advisories/24210
- http://secunia.com/advisories/24247
- http://secunia.com/advisories/24401
- http://secunia.com/advisories/25802
- http://security.gentoo.org/glsa/glsa-200701-25.xml
- http://securitytracker.com/id?1017495
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.393555
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1
- http://support.avaya.com/elmodocs2/security/ASA-2007-066.htm
- http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:005
- http://www.novell.com/linux/security/advisories/2007_08_x.html
- http://www.redhat.com/support/errata/RHSA-2007-0002.html
- http://www.redhat.com/support/errata/RHSA-2007-0003.html
- http://www.securityfocus.com/bid/21968
- http://www.ubuntu.com/usn/usn-403-1
- http://www.vupen.com/english/advisories/2007/0108
- http://www.vupen.com/english/advisories/2007/0109
- http://www.vupen.com/english/advisories/2007/0589
- http://www.vupen.com/english/advisories/2007/0669
- http://www.vupen.com/english/advisories/2007/2233
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31379
- https://issues.rpath.com/browse/RPL-920
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11011
- https://www.debian.org/security/2007/dsa-1249