Vulnerabilities > CVE-2007-1003 - Local Integer Overflow vulnerability in X.Org X11 7.11.1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0127.NASL description From Red Hat Security Advisory 2007:0127 : Updated X.org X11 server packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org X11 server XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2007-1003) Users of the X.org X11 server should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67466 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67466 title Oracle Linux 5 : xorg-x11-server (ELSA-2007-0127) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0127 and # Oracle Linux Security Advisory ELSA-2007-0127 respectively. # include("compat.inc"); if (description) { script_id(67466); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:06"); script_cve_id("CVE-2007-1003"); script_bugtraq_id(23284, 23300); script_xref(name:"RHSA", value:"2007:0127"); script_name(english:"Oracle Linux 5 : xorg-x11-server (ELSA-2007-0127)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2007:0127 : Updated X.org X11 server packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org X11 server XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2007-1003) Users of the X.org X11 server should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-June/000234.html" ); script_set_attribute( attribute:"solution", value:"Update the affected xorg-x11-server packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xorg-x11-server-Xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xorg-x11-server-Xephyr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xorg-x11-server-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xorg-x11-server-Xorg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xorg-x11-server-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xorg-x11-server-sdk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/05"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"xorg-x11-server-Xdmx-1.1.1-48.13.0.1.el5.0.1")) flag++; if (rpm_check(release:"EL5", reference:"xorg-x11-server-Xephyr-1.1.1-48.13.0.1.el5.0.1")) flag++; if (rpm_check(release:"EL5", reference:"xorg-x11-server-Xnest-1.1.1-48.13.0.1.el5.0.1")) flag++; if (rpm_check(release:"EL5", reference:"xorg-x11-server-Xorg-1.1.1-48.13.0.1.el5.0.1")) flag++; if (rpm_check(release:"EL5", reference:"xorg-x11-server-Xvfb-1.1.1-48.13.0.1.el5.0.1")) flag++; if (rpm_check(release:"EL5", reference:"xorg-x11-server-sdk-1.1.1-48.13.0.1.el5.0.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_XORG-X11-SERVER-3082.NASL description Integer overflows in the XC-MISC extension of the X-server could potentially be exploited to execute code with root privileges (CVE-2007-1003). Integer overflows in libX11 could cause crashes (CVE-2007-1667). Integer overflows in the font handling of the X-server could potentially be exploited to execute code with root privileges (CVE-2007-1352, CVE-2007-1351). last seen 2020-06-01 modified 2020-06-02 plugin id 27496 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27496 title openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-3082) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update xorg-x11-server-3082. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27496); script_version ("1.14"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2007-1003", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1667"); script_name(english:"openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-3082)"); script_summary(english:"Check for the xorg-x11-server-3082 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Integer overflows in the XC-MISC extension of the X-server could potentially be exploited to execute code with root privileges (CVE-2007-1003). Integer overflows in libX11 could cause crashes (CVE-2007-1667). Integer overflows in the font handling of the X-server could potentially be exploited to execute code with root privileges (CVE-2007-1352, CVE-2007-1351)." ); script_set_attribute( attribute:"solution", value:"Update the affected xorg-x11-server packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-Xprt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-Xvnc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-libX11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-libX11-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"xorg-x11-Xnest-6.9.0-50.32.5") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"xorg-x11-Xprt-6.9.0-50.32.5") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"xorg-x11-Xvfb-6.9.0-50.32.5") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"xorg-x11-Xvnc-6.9.0-50.32.5") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"xorg-x11-libs-6.9.0-50.32.5") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"xorg-x11-server-6.9.0-50.32.5") ) flag++; if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"xorg-x11-libs-32bit-6.9.0-50.32.5") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"xorg-x11-Xvnc-7.1-33.3") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"xorg-x11-libX11-7.2-15") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"xorg-x11-libs-7.2-21") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"xorg-x11-server-7.2-30.6") ) flag++; if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"xorg-x11-libX11-32bit-7.2-15") ) flag++; if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"xorg-x11-libs-32bit-7.2-21") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-Xnest / xorg-x11-Xprt / xorg-x11-Xvfb / xorg-x11-Xvnc / etc"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0126.NASL description Updated X.org packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the X.org XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25006 published 2007-04-10 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25006 title CentOS 4 : xorg (CESA-2007:0126) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0126 and # CentOS Errata and Security Advisory 2007:0126 respectively. # include("compat.inc"); if (description) { script_id(25006); script_version("1.16"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2007-1003", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1667"); script_bugtraq_id(23283, 23284); script_xref(name:"RHSA", value:"2007:0126"); script_name(english:"CentOS 4 : xorg (CESA-2007:0126)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated X.org packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the X.org XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues." ); # https://lists.centos.org/pipermail/centos-announce/2007-April/013647.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?152f305a" ); # https://lists.centos.org/pipermail/centos-announce/2007-April/013658.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c423941e" ); # https://lists.centos.org/pipermail/centos-announce/2007-April/013659.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b1f16c01" ); script_set_attribute(attribute:"solution", value:"Update the affected xorg packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Mesa-libGL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Mesa-libGLU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-deprecated-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-deprecated-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-font-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-sdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-twm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-xauth"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-xdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-xfs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/24"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-6.8.2-1.EL.13.37.7")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Mesa-libGL-6.8.2-1.EL.13.37.7")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Mesa-libGLU-6.8.2-1.EL.13.37.7")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Xdmx-6.8.2-1.EL.13.37.7")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Xnest-6.8.2-1.EL.13.37.7")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Xvfb-6.8.2-1.EL.13.37.7")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-deprecated-libs-6.8.2-1.EL.13.37.7")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-deprecated-libs-devel-6.8.2-1.EL.13.37.7")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-devel-6.8.2-1.EL.13.37.7")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-doc-6.8.2-1.EL.13.37.7")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-font-utils-6.8.2-1.EL.13.37.7")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-libs-6.8.2-1.EL.13.37.7")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-sdk-6.8.2-1.EL.13.37.7")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-tools-6.8.2-1.EL.13.37.7")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-twm-6.8.2-1.EL.13.37.7")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-xauth-6.8.2-1.EL.13.37.7")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-xdm-6.8.2-1.EL.13.37.7")) flag++; if (rpm_check(release:"CentOS-4", reference:"xorg-x11-xfs-6.8.2-1.EL.13.37.7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11 / xorg-x11-Mesa-libGL / xorg-x11-Mesa-libGLU / etc"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-079.NASL description Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow. (CVE-2007-1667) Updated packages are patched to address these issues. Update : Packages for Mandriva Linux 2007.1 are now available. last seen 2020-06-01 modified 2020-06-02 plugin id 24945 published 2007-04-05 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24945 title Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2007:079-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2007:079. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(24945); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:49"); script_cve_id("CVE-2007-1003", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1667"); script_bugtraq_id(23284); script_xref(name:"MDKSA", value:"2007:079-1"); script_name(english:"Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2007:079-1)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow. (CVE-2007-1667) Updated packages are patched to address these issues. Update : Packages for Mandriva Linux 2007.1 are now available." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64x11_6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64x11_6-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64x11_6-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xfont1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xfont1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xfont1-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libx11-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libx11_6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libx11_6-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libx11_6-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxfont1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxfont1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxfont1-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xati"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xchips"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xephyr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xepson"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xfake"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xfbdev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xgl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xi810"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xmach64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xmga"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xneomagic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xnvidia"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xorg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xpm2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xprt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xr128"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xsdl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xsmi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xvesa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xvia"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xvnc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64x11_6-1.1.1-2.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64x11_6-devel-1.1.1-2.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64x11_6-static-devel-1.1.1-2.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64xfont1-1.2.7-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64xfont1-devel-1.2.7-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64xfont1-static-devel-1.2.7-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"libx11-common-1.1.1-2.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libx11_6-1.1.1-2.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libx11_6-devel-1.1.1-2.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libx11_6-static-devel-1.1.1-2.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libxfont1-1.2.7-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libxfont1-devel-1.2.7-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libxfont1-static-devel-1.2.7-1.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-common-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-devel-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xati-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xchips-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xdmx-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xephyr-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xepson-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xfake-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xfbdev-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xgl-0.0.1-0.20070105.4.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xi810-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xmach64-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xmga-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xneomagic-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xnest-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xnvidia-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xorg-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xpm2-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xprt-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xr128-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xsdl-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xsmi-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xvesa-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xvfb-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xvia-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xvnc-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0125.NASL description Updated XFree86 packages that fix a number of security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24949 published 2007-04-05 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24949 title RHEL 2.1 / 3 : XFree86 (RHSA-2007:0125) NASL family Fedora Local Security Checks NASL id FEDORA_2007-425.NASL description - Sun Apr 8 2007 Adam Jackson <ajax at redhat.com> 1.1.1-47.8 - xserver-CVE-2007-1003.patch: Fix CVE-2007-1003 in XC-MISC extension. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25028 published 2007-04-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25028 title Fedora Core 6 : xorg-x11-server-1.1.1-47.8.fc6 (2007-425) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1294.NASL description Several vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1003 Sean Larsson discovered an integer overflow in the XC-MISC extension, which might lead to denial of service or local privilege escalation. - CVE-2007-1351 Greg MacManus discovered an integer overflow in the font handling, which might lead to denial of service or local privilege escalation. - CVE-2007-1352 Greg MacManus discovered an integer overflow in the font handling, which might lead to denial of service or local privilege escalation. - CVE-2007-1667 Sami Leides discovered an integer overflow in the libx11 library which might lead to the execution of arbitrary code. This update introduces tighter sanity checking of input passed to XCreateImage(). To cope with this an updated rdesktop package is delivered along with this security update. Another application reported to break is the proprietary Opera browser, which isn last seen 2020-06-01 modified 2020-06-02 plugin id 25259 published 2007-05-20 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25259 title Debian DSA-1294-1 : xfree86 - several vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200705-10.NASL description The remote host is affected by the vulnerability described in GLSA-200705-10 (LibXfont, TightVNC: Multiple vulnerabilities) The libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable(). TightVNC contains a local copy of this code and is also affected. Impact : A local attacker could use a specially crafted BDF Font to gain root privileges on the vulnerable host. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 25187 published 2007-05-10 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25187 title GLSA-200705-10 : LibXfont, TightVNC: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_XGL-5100.NASL description This update fixes several integer overflows in Xgl. (CVE-2007-6429 / CVE-2007-1003 / CVE-2007-5958 / CVE-2007-6427 / CVE-2007-6428 / CVE-2007-6429 / CVE-2008-0006) last seen 2020-06-01 modified 2020-06-02 plugin id 31780 published 2008-04-04 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31780 title SuSE 10 Security Update : Xgl (ZYPP Patch Number 5100) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0125.NASL description From Red Hat Security Advisory 2007:0125 : Updated XFree86 packages that fix a number of security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67464 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67464 title Oracle Linux 3 : XFree86 (ELSA-2007-0125) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-080.NASL description Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) TightVNC uses some of the same code base as Xorg, and has the same vulnerable code. Updated packages are patched to address these issues. Update : Packages for Mandriva Linux 2007.1 are now available. last seen 2020-06-01 modified 2020-06-02 plugin id 24946 published 2007-04-05 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24946 title Mandrake Linux Security Advisory : tightvnc (MDKSA-2007:080-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0127.NASL description Updated X.org X11 server packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org X11 server XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2007-1003) Users of the X.org X11 server should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 25322 published 2007-05-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25322 title RHEL 5 : xorg-x11-server (RHSA-2007:0127) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0126.NASL description From Red Hat Security Advisory 2007:0126 : Updated X.org packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the X.org XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67465 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67465 title Oracle Linux 4 : xorg-x11 (ELSA-2007-0126) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-448-1.NASL description Sean Larsson of iDefense Labs discovered that the MISC-XC extension of Xorg did not correctly verify the size of allocated memory. An authenticated user could send a specially crafted X11 request and execute arbitrary code with root privileges. (CVE-2007-1003) Greg MacManus of iDefense Labs discovered that the BDF font handling code in Xorg and FreeType did not correctly verify the size of allocated memory. If a user were tricked into using a specially crafted font, a remote attacker could execute arbitrary code with root privileges. (CVE-2007-1351, CVE-2007-1352). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28045 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28045 title Ubuntu 5.10 / 6.06 LTS / 6.10 : freetype, libxfont, xorg, xorg-server vulnerabilities (USN-448-1) NASL family Fedora Local Security Checks NASL id FEDORA_2007-424.NASL description - Sun Apr 8 2007 Adam Jackson <ajax at redhat.com> 1.0.1-9.fc5.7 - xserver-CVE-2007-1003.patch: Fix CVE-2007-1003 in XC-MISC extension. - xorg-x11-server-1.0.1-intel-bridge-fix.patch: Backport an Intel PCI bridge fix from FC6. - Tue Jan 9 2007 Adam Jackson <ajax at redhat.com> 1.0.1-9.fc5.6 - xorg-xserver-1.0.1-dbe-render.diff: CVE #2006-6101. - Fri Jun 30 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-9.fc5.5 - Standardize on using lowercase last seen 2020-06-01 modified 2020-06-02 plugin id 25027 published 2007-04-12 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25027 title Fedora Core 5 : xorg-x11-server-1.0.1-9.fc5.7 (2007-424) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0126.NASL description Updated X.org packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the X.org XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24950 published 2007-04-05 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24950 title RHEL 4 : xorg-x11 (RHSA-2007:0126) NASL family SuSE Local Security Checks NASL id SUSE_XORG-X11-SERVER-3083.NASL description Integer overflows in the XC-MISC extension of the X-server could potentially be exploited to execute code with root privileges. (CVE-2007-1003) Integer overflows in libx11 could cause crashes. (CVE-2007-1667) Integer overflows in the font handling of the X-server could potentially be exploited to execute code with root privileges. (CVE-2007-1352 / CVE-2007-1351) last seen 2020-06-01 modified 2020-06-02 plugin id 29607 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29607 title SuSE 10 Security Update : Xorg X11 (ZYPP Patch Number 3083) NASL family SuSE Local Security Checks NASL id SUSE_XGL-5099.NASL description This update fixes several integer overflows in Xgl (CVE-2007-6429, CVE-2007-1003, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006) last seen 2020-06-01 modified 2020-06-02 plugin id 31779 published 2008-04-04 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31779 title openSUSE 10 Security Update : xgl (xgl-5099) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0125.NASL description Updated XFree86 packages that fix a number of security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24920 published 2007-04-05 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24920 title CentOS 3 : XFree86 (CESA-2007:0125)
Oval
accepted 2007-09-06T09:13:29.249-04:00 class vulnerability contributors name Pai Peng organization Opsware, Inc. definition_extensions comment Solaris 8 (SPARC) is installed oval oval:org.mitre.oval:def:1539 comment Solaris 10 (x86) is installed oval oval:org.mitre.oval:def:1926 comment Solaris 10 (x86) is installed oval oval:org.mitre.oval:def:1926 comment Solaris 9 (SPARC) is installed oval oval:org.mitre.oval:def:1457 comment Solaris 10 (SPARC) is installed oval oval:org.mitre.oval:def:1440 comment Solaris 8 (x86) is installed oval oval:org.mitre.oval:def:2059 comment Solaris 9 (x86) is installed oval oval:org.mitre.oval:def:1683 comment Solaris 9 (x86) is installed oval oval:org.mitre.oval:def:1683
description Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption. family unix id oval:org.mitre.oval:def:1980 status accepted submitted 2007-07-30T08:16:45.000-04:00 title Multiple vulnerabilities in libfreetype, Xsun(1) and Xorg(1) version 36 accepted 2013-04-29T04:22:20.005-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption. family unix id oval:org.mitre.oval:def:9798 status accepted submitted 2010-07-09T03:56:16-04:00 title Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption. version 27
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://issues.foresightlinux.org/browse/FL-223
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=503
- http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html
- http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
- http://rhn.redhat.com/errata/RHSA-2007-0125.html
- http://secunia.com/advisories/24741
- http://secunia.com/advisories/24745
- http://secunia.com/advisories/24756
- http://secunia.com/advisories/24758
- http://secunia.com/advisories/24765
- http://secunia.com/advisories/24770
- http://secunia.com/advisories/24771
- http://secunia.com/advisories/24772
- http://secunia.com/advisories/24791
- http://secunia.com/advisories/25004
- http://secunia.com/advisories/25006
- http://secunia.com/advisories/25195
- http://secunia.com/advisories/25216
- http://secunia.com/advisories/25305
- http://secunia.com/advisories/29622
- http://security.gentoo.org/glsa/glsa-200705-10.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1
- http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm
- http://www.debian.org/security/2007/dsa-1294
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:079
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:080
- http://www.novell.com/linux/security/advisories/2007_27_x.html
- http://www.openbsd.org/errata39.html#021_xorg
- http://www.openbsd.org/errata40.html#011_xorg
- http://www.redhat.com/support/errata/RHSA-2007-0126.html
- http://www.redhat.com/support/errata/RHSA-2007-0127.html
- http://www.securityfocus.com/archive/1/464686/100/0/threaded
- http://www.securityfocus.com/archive/1/464816/100/0/threaded
- http://www.securityfocus.com/bid/23284
- http://www.securityfocus.com/bid/23300
- http://www.securitytracker.com/id?1017857
- http://www.ubuntu.com/usn/usn-448-1
- http://www.vupen.com/english/advisories/2007/1217
- http://www.vupen.com/english/advisories/2007/1548
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33424
- https://issues.rpath.com/browse/RPL-1213
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1980
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9798