Vulnerabilities > CVE-2007-1003 - Local Integer Overflow vulnerability in X.Org X11 7.11.1.0

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
x-org
critical
nessus

Summary

Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.

Vulnerable Configurations

Part Description Count
Application
X.Org
1

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0127.NASL
    descriptionFrom Red Hat Security Advisory 2007:0127 : Updated X.org X11 server packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org X11 server XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2007-1003) Users of the X.org X11 server should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67466
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67466
    titleOracle Linux 5 : xorg-x11-server (ELSA-2007-0127)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2007:0127 and 
    # Oracle Linux Security Advisory ELSA-2007-0127 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67466);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:06");
    
      script_cve_id("CVE-2007-1003");
      script_bugtraq_id(23284, 23300);
      script_xref(name:"RHSA", value:"2007:0127");
    
      script_name(english:"Oracle Linux 5 : xorg-x11-server (ELSA-2007-0127)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2007:0127 :
    
    Updated X.org X11 server packages that fix a security issue are now
    available for Red Hat Enterprise Linux 5.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    X.org is an open source implementation of the X Window System. It
    provides the basic low-level functionality that full-fledged graphical
    user interfaces are designed upon.
    
    iDefense reported an integer overflow flaw in the X.org X11 server
    XC-MISC extension. A malicious authorized client could exploit this
    issue to cause a denial of service (crash) or potentially execute
    arbitrary code with root privileges on the X.org server.
    (CVE-2007-1003)
    
    Users of the X.org X11 server should upgrade to these updated
    packages, which contain a backported patch and is not vulnerable to
    this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2007-June/000234.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xorg-x11-server packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xorg-x11-server-Xdmx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xorg-x11-server-Xephyr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xorg-x11-server-Xnest");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xorg-x11-server-Xorg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xorg-x11-server-Xvfb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xorg-x11-server-sdk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/06/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"xorg-x11-server-Xdmx-1.1.1-48.13.0.1.el5.0.1")) flag++;
    if (rpm_check(release:"EL5", reference:"xorg-x11-server-Xephyr-1.1.1-48.13.0.1.el5.0.1")) flag++;
    if (rpm_check(release:"EL5", reference:"xorg-x11-server-Xnest-1.1.1-48.13.0.1.el5.0.1")) flag++;
    if (rpm_check(release:"EL5", reference:"xorg-x11-server-Xorg-1.1.1-48.13.0.1.el5.0.1")) flag++;
    if (rpm_check(release:"EL5", reference:"xorg-x11-server-Xvfb-1.1.1-48.13.0.1.el5.0.1")) flag++;
    if (rpm_check(release:"EL5", reference:"xorg-x11-server-sdk-1.1.1-48.13.0.1.el5.0.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XORG-X11-SERVER-3082.NASL
    descriptionInteger overflows in the XC-MISC extension of the X-server could potentially be exploited to execute code with root privileges (CVE-2007-1003). Integer overflows in libX11 could cause crashes (CVE-2007-1667). Integer overflows in the font handling of the X-server could potentially be exploited to execute code with root privileges (CVE-2007-1352, CVE-2007-1351).
    last seen2020-06-01
    modified2020-06-02
    plugin id27496
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27496
    titleopenSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-3082)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update xorg-x11-server-3082.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27496);
      script_version ("1.14");
      script_cvs_date("Date: 2019/10/25 13:36:31");
    
      script_cve_id("CVE-2007-1003", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1667");
    
      script_name(english:"openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-3082)");
      script_summary(english:"Check for the xorg-x11-server-3082 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Integer overflows in the XC-MISC extension of the X-server could
    potentially be exploited to execute code with root privileges
    (CVE-2007-1003).
    
    Integer overflows in libX11 could cause crashes (CVE-2007-1667).
    
    Integer overflows in the font handling of the X-server could
    potentially be exploited to execute code with root privileges
    (CVE-2007-1352, CVE-2007-1351)."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xorg-x11-server packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-Xnest");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-Xprt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-Xvfb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-Xvnc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-libX11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-libX11-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-libs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/04/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"xorg-x11-Xnest-6.9.0-50.32.5") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"xorg-x11-Xprt-6.9.0-50.32.5") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"xorg-x11-Xvfb-6.9.0-50.32.5") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"xorg-x11-Xvnc-6.9.0-50.32.5") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"xorg-x11-libs-6.9.0-50.32.5") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"xorg-x11-server-6.9.0-50.32.5") ) flag++;
    if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"xorg-x11-libs-32bit-6.9.0-50.32.5") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"xorg-x11-Xvnc-7.1-33.3") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"xorg-x11-libX11-7.2-15") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"xorg-x11-libs-7.2-21") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"xorg-x11-server-7.2-30.6") ) flag++;
    if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"xorg-x11-libX11-32bit-7.2-15") ) flag++;
    if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"xorg-x11-libs-32bit-7.2-21") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-Xnest / xorg-x11-Xprt / xorg-x11-Xvfb / xorg-x11-Xvnc / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0126.NASL
    descriptionUpdated X.org packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the X.org XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25006
    published2007-04-10
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25006
    titleCentOS 4 : xorg (CESA-2007:0126)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:0126 and 
    # CentOS Errata and Security Advisory 2007:0126 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25006);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2007-1003", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1667");
      script_bugtraq_id(23283, 23284);
      script_xref(name:"RHSA", value:"2007:0126");
    
      script_name(english:"CentOS 4 : xorg (CESA-2007:0126)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated X.org packages that fix several security issues are now
    available for Red Hat Enterprise Linux 4.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    X.org is an open source implementation of the X Window System. It
    provides the basic low-level functionality that full-fledged graphical
    user interfaces are designed upon.
    
    iDefense reported an integer overflow flaw in the X.org XC-MISC
    extension. A malicious authorized client could exploit this issue to
    cause a denial of service (crash) or potentially execute arbitrary
    code with the privileges of the X.org server. (CVE-2007-1003)
    
    iDefense reported two integer overflows in the way X.org handled
    various font files. A malicious local user could exploit these issues
    to potentially execute arbitrary code with the privileges of the X.org
    server. (CVE-2007-1351, CVE-2007-1352)
    
    An integer overflow flaw was found in the X.org XGetPixel() function.
    Improper use of this function could cause an application calling it to
    function improperly, possibly leading to a crash or arbitrary code
    execution. (CVE-2007-1667)
    
    Users of X.org should upgrade to these updated packages, which contain
    a backported patch and are not vulnerable to these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-April/013647.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?152f305a"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-April/013658.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c423941e"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-April/013659.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b1f16c01"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected xorg packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Mesa-libGL");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Mesa-libGLU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Xdmx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Xnest");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Xvfb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-deprecated-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-deprecated-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-font-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-sdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-twm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-xauth");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-xdm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-xfs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/04/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-4", reference:"xorg-x11-6.8.2-1.EL.13.37.7")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Mesa-libGL-6.8.2-1.EL.13.37.7")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Mesa-libGLU-6.8.2-1.EL.13.37.7")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Xdmx-6.8.2-1.EL.13.37.7")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Xnest-6.8.2-1.EL.13.37.7")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Xvfb-6.8.2-1.EL.13.37.7")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"xorg-x11-deprecated-libs-6.8.2-1.EL.13.37.7")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"xorg-x11-deprecated-libs-devel-6.8.2-1.EL.13.37.7")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"xorg-x11-devel-6.8.2-1.EL.13.37.7")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"xorg-x11-doc-6.8.2-1.EL.13.37.7")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"xorg-x11-font-utils-6.8.2-1.EL.13.37.7")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"xorg-x11-libs-6.8.2-1.EL.13.37.7")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"xorg-x11-sdk-6.8.2-1.EL.13.37.7")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"xorg-x11-tools-6.8.2-1.EL.13.37.7")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"xorg-x11-twm-6.8.2-1.EL.13.37.7")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"xorg-x11-xauth-6.8.2-1.EL.13.37.7")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"xorg-x11-xdm-6.8.2-1.EL.13.37.7")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"xorg-x11-xfs-6.8.2-1.EL.13.37.7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11 / xorg-x11-Mesa-libGL / xorg-x11-Mesa-libGLU / etc");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-079.NASL
    descriptionLocal exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow. (CVE-2007-1667) Updated packages are patched to address these issues. Update : Packages for Mandriva Linux 2007.1 are now available.
    last seen2020-06-01
    modified2020-06-02
    plugin id24945
    published2007-04-05
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24945
    titleMandrake Linux Security Advisory : xorg-x11 (MDKSA-2007:079-1)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2007:079. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24945);
      script_version ("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:49");
    
      script_cve_id("CVE-2007-1003", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1667");
      script_bugtraq_id(23284);
      script_xref(name:"MDKSA", value:"2007:079-1");
    
      script_name(english:"Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2007:079-1)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Local exploitation of a memory corruption vulnerability in the X.Org
    and XFree86 X server could allow an attacker to execute arbitrary code
    with privileges of the X server, typically root.
    
    The vulnerability exists in the ProcXCMiscGetXIDList() function in the
    XC-MISC extension. This request is used to determine what resource IDs
    are available for use. This function contains two vulnerabilities,
    both result in memory corruption of either the stack or heap. The
    ALLOCATE_LOCAL() macro used by this function allocates memory on the
    stack using alloca() on systems where alloca() is present, or using
    the heap otherwise. The handler function takes a user provided value,
    multiplies it, and then passes it to the above macro. This results in
    both an integer overflow vulnerability, and an alloca() stack pointer
    shifting vulnerability. Both can be exploited to execute arbitrary
    code. (CVE-2007-1003)
    
    iDefense reported two integer overflows in the way X.org handled
    various font files. A malicious local user could exploit these issues
    to potentially execute arbitrary code with the privileges of the X.org
    server. (CVE-2007-1351, CVE-2007-1352)
    
    Multiple integer overflows in (1) the XGetPixel function in ImUtil.c
    in x.org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for
    ImageMagick, allow user-assisted remote attackers to cause a denial of
    service (crash) or information leak via crafted images with large or
    negative values that trigger a buffer overflow. (CVE-2007-1667)
    
    Updated packages are patched to address these issues.
    
    Update :
    
    Packages for Mandriva Linux 2007.1 are now available."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64x11_6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64x11_6-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64x11_6-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xfont1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xfont1-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xfont1-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libx11-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libx11_6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libx11_6-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libx11_6-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxfont1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxfont1-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxfont1-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xati");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xchips");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xdmx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xephyr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xepson");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xfake");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xfbdev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xgl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xi810");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xmach64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xmga");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xneomagic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xnest");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xnvidia");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xorg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xpm2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xprt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xr128");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xsdl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xsmi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xvesa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xvfb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xvia");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xvnc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/04/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64x11_6-1.1.1-2.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64x11_6-devel-1.1.1-2.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64x11_6-static-devel-1.1.1-2.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64xfont1-1.2.7-1.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64xfont1-devel-1.2.7-1.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64xfont1-static-devel-1.2.7-1.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"libx11-common-1.1.1-2.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libx11_6-1.1.1-2.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libx11_6-devel-1.1.1-2.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libx11_6-static-devel-1.1.1-2.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libxfont1-1.2.7-1.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libxfont1-devel-1.2.7-1.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libxfont1-static-devel-1.2.7-1.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-common-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-devel-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xati-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xchips-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xdmx-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xephyr-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xepson-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xfake-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xfbdev-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xgl-0.0.1-0.20070105.4.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xi810-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xmach64-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xmga-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xneomagic-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xnest-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xnvidia-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xorg-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xpm2-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xprt-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xr128-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xsdl-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xsmi-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xvesa-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xvfb-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xvia-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xvnc-1.2.0-8.1mdv2007.1", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0125.NASL
    descriptionUpdated XFree86 packages that fix a number of security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24949
    published2007-04-05
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24949
    titleRHEL 2.1 / 3 : XFree86 (RHSA-2007:0125)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-425.NASL
    description - Sun Apr 8 2007 Adam Jackson <ajax at redhat.com> 1.1.1-47.8 - xserver-CVE-2007-1003.patch: Fix CVE-2007-1003 in XC-MISC extension. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25028
    published2007-04-12
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25028
    titleFedora Core 6 : xorg-x11-server-1.1.1-47.8.fc6 (2007-425)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1294.NASL
    descriptionSeveral vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1003 Sean Larsson discovered an integer overflow in the XC-MISC extension, which might lead to denial of service or local privilege escalation. - CVE-2007-1351 Greg MacManus discovered an integer overflow in the font handling, which might lead to denial of service or local privilege escalation. - CVE-2007-1352 Greg MacManus discovered an integer overflow in the font handling, which might lead to denial of service or local privilege escalation. - CVE-2007-1667 Sami Leides discovered an integer overflow in the libx11 library which might lead to the execution of arbitrary code. This update introduces tighter sanity checking of input passed to XCreateImage(). To cope with this an updated rdesktop package is delivered along with this security update. Another application reported to break is the proprietary Opera browser, which isn
    last seen2020-06-01
    modified2020-06-02
    plugin id25259
    published2007-05-20
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25259
    titleDebian DSA-1294-1 : xfree86 - several vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200705-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200705-10 (LibXfont, TightVNC: Multiple vulnerabilities) The libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable(). TightVNC contains a local copy of this code and is also affected. Impact : A local attacker could use a specially crafted BDF Font to gain root privileges on the vulnerable host. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id25187
    published2007-05-10
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25187
    titleGLSA-200705-10 : LibXfont, TightVNC: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XGL-5100.NASL
    descriptionThis update fixes several integer overflows in Xgl. (CVE-2007-6429 / CVE-2007-1003 / CVE-2007-5958 / CVE-2007-6427 / CVE-2007-6428 / CVE-2007-6429 / CVE-2008-0006)
    last seen2020-06-01
    modified2020-06-02
    plugin id31780
    published2008-04-04
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31780
    titleSuSE 10 Security Update : Xgl (ZYPP Patch Number 5100)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0125.NASL
    descriptionFrom Red Hat Security Advisory 2007:0125 : Updated XFree86 packages that fix a number of security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67464
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67464
    titleOracle Linux 3 : XFree86 (ELSA-2007-0125)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-080.NASL
    descriptionLocal exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) TightVNC uses some of the same code base as Xorg, and has the same vulnerable code. Updated packages are patched to address these issues. Update : Packages for Mandriva Linux 2007.1 are now available.
    last seen2020-06-01
    modified2020-06-02
    plugin id24946
    published2007-04-05
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24946
    titleMandrake Linux Security Advisory : tightvnc (MDKSA-2007:080-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0127.NASL
    descriptionUpdated X.org X11 server packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org X11 server XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2007-1003) Users of the X.org X11 server should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25322
    published2007-05-25
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25322
    titleRHEL 5 : xorg-x11-server (RHSA-2007:0127)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0126.NASL
    descriptionFrom Red Hat Security Advisory 2007:0126 : Updated X.org packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the X.org XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67465
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67465
    titleOracle Linux 4 : xorg-x11 (ELSA-2007-0126)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-448-1.NASL
    descriptionSean Larsson of iDefense Labs discovered that the MISC-XC extension of Xorg did not correctly verify the size of allocated memory. An authenticated user could send a specially crafted X11 request and execute arbitrary code with root privileges. (CVE-2007-1003) Greg MacManus of iDefense Labs discovered that the BDF font handling code in Xorg and FreeType did not correctly verify the size of allocated memory. If a user were tricked into using a specially crafted font, a remote attacker could execute arbitrary code with root privileges. (CVE-2007-1351, CVE-2007-1352). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28045
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28045
    titleUbuntu 5.10 / 6.06 LTS / 6.10 : freetype, libxfont, xorg, xorg-server vulnerabilities (USN-448-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-424.NASL
    description - Sun Apr 8 2007 Adam Jackson <ajax at redhat.com> 1.0.1-9.fc5.7 - xserver-CVE-2007-1003.patch: Fix CVE-2007-1003 in XC-MISC extension. - xorg-x11-server-1.0.1-intel-bridge-fix.patch: Backport an Intel PCI bridge fix from FC6. - Tue Jan 9 2007 Adam Jackson <ajax at redhat.com> 1.0.1-9.fc5.6 - xorg-xserver-1.0.1-dbe-render.diff: CVE #2006-6101. - Fri Jun 30 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-9.fc5.5 - Standardize on using lowercase
    last seen2020-06-01
    modified2020-06-02
    plugin id25027
    published2007-04-12
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25027
    titleFedora Core 5 : xorg-x11-server-1.0.1-9.fc5.7 (2007-424)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0126.NASL
    descriptionUpdated X.org packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the X.org XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24950
    published2007-04-05
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24950
    titleRHEL 4 : xorg-x11 (RHSA-2007:0126)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XORG-X11-SERVER-3083.NASL
    descriptionInteger overflows in the XC-MISC extension of the X-server could potentially be exploited to execute code with root privileges. (CVE-2007-1003) Integer overflows in libx11 could cause crashes. (CVE-2007-1667) Integer overflows in the font handling of the X-server could potentially be exploited to execute code with root privileges. (CVE-2007-1352 / CVE-2007-1351)
    last seen2020-06-01
    modified2020-06-02
    plugin id29607
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29607
    titleSuSE 10 Security Update : Xorg X11 (ZYPP Patch Number 3083)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XGL-5099.NASL
    descriptionThis update fixes several integer overflows in Xgl (CVE-2007-6429, CVE-2007-1003, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006)
    last seen2020-06-01
    modified2020-06-02
    plugin id31779
    published2008-04-04
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31779
    titleopenSUSE 10 Security Update : xgl (xgl-5099)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0125.NASL
    descriptionUpdated XFree86 packages that fix a number of security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of XFree86 should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24920
    published2007-04-05
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24920
    titleCentOS 3 : XFree86 (CESA-2007:0125)

Oval

  • accepted2007-09-06T09:13:29.249-04:00
    classvulnerability
    contributors
    namePai Peng
    organizationOpsware, Inc.
    definition_extensions
    • commentSolaris 8 (SPARC) is installed
      ovaloval:org.mitre.oval:def:1539
    • commentSolaris 10 (x86) is installed
      ovaloval:org.mitre.oval:def:1926
    • commentSolaris 10 (x86) is installed
      ovaloval:org.mitre.oval:def:1926
    • commentSolaris 9 (SPARC) is installed
      ovaloval:org.mitre.oval:def:1457
    • commentSolaris 10 (SPARC) is installed
      ovaloval:org.mitre.oval:def:1440
    • commentSolaris 8 (x86) is installed
      ovaloval:org.mitre.oval:def:2059
    • commentSolaris 9 (x86) is installed
      ovaloval:org.mitre.oval:def:1683
    • commentSolaris 9 (x86) is installed
      ovaloval:org.mitre.oval:def:1683
    descriptionInteger overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.
    familyunix
    idoval:org.mitre.oval:def:1980
    statusaccepted
    submitted2007-07-30T08:16:45.000-04:00
    titleMultiple vulnerabilities in libfreetype, Xsun(1) and Xorg(1)
    version36
  • accepted2013-04-29T04:22:20.005-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionInteger overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.
    familyunix
    idoval:org.mitre.oval:def:9798
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleInteger overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.
    version27

Redhat

advisories
  • bugzilla
    id233001
    titleCVE-2007-1003 xserver XC-MISC integer overflow
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentxorg-x11-server-sdk is earlier than 0:1.1.1-48.13.0.1.el5
            ovaloval:com.redhat.rhsa:tst:20070127001
          • commentxorg-x11-server-sdk is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070127002
        • AND
          • commentxorg-x11-server-Xvfb is earlier than 0:1.1.1-48.13.0.1.el5
            ovaloval:com.redhat.rhsa:tst:20070127003
          • commentxorg-x11-server-Xvfb is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070127004
        • AND
          • commentxorg-x11-server-Xorg is earlier than 0:1.1.1-48.13.0.1.el5
            ovaloval:com.redhat.rhsa:tst:20070127005
          • commentxorg-x11-server-Xorg is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070127006
        • AND
          • commentxorg-x11-server-Xdmx is earlier than 0:1.1.1-48.13.0.1.el5
            ovaloval:com.redhat.rhsa:tst:20070127007
          • commentxorg-x11-server-Xdmx is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070127008
        • AND
          • commentxorg-x11-server-Xnest is earlier than 0:1.1.1-48.13.0.1.el5
            ovaloval:com.redhat.rhsa:tst:20070127009
          • commentxorg-x11-server-Xnest is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070127010
        • AND
          • commentxorg-x11-server-Xephyr is earlier than 0:1.1.1-48.13.0.1.el5
            ovaloval:com.redhat.rhsa:tst:20070127011
          • commentxorg-x11-server-Xephyr is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070127012
    rhsa
    idRHSA-2007:0127
    released2007-04-03
    severityImportant
    titleRHSA-2007:0127: xorg-x11-server security update (Important)
  • rhsa
    idRHSA-2007:0125
  • rhsa
    idRHSA-2007:0126
rpms
  • XFree86-0:4.1.0-82.EL
  • XFree86-0:4.3.0-120.EL
  • XFree86-100dpi-fonts-0:4.1.0-82.EL
  • XFree86-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-75dpi-fonts-0:4.1.0-82.EL
  • XFree86-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.1.0-82.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.1.0-82.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.1.0-82.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.1.0-82.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.1.0-82.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-120.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.1.0-82.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-120.EL
  • XFree86-Mesa-libGL-0:4.3.0-120.EL
  • XFree86-Mesa-libGLU-0:4.3.0-120.EL
  • XFree86-Xnest-0:4.1.0-82.EL
  • XFree86-Xnest-0:4.3.0-120.EL
  • XFree86-Xvfb-0:4.1.0-82.EL
  • XFree86-Xvfb-0:4.3.0-120.EL
  • XFree86-base-fonts-0:4.3.0-120.EL
  • XFree86-cyrillic-fonts-0:4.1.0-82.EL
  • XFree86-cyrillic-fonts-0:4.3.0-120.EL
  • XFree86-devel-0:4.1.0-82.EL
  • XFree86-devel-0:4.3.0-120.EL
  • XFree86-doc-0:4.1.0-82.EL
  • XFree86-doc-0:4.3.0-120.EL
  • XFree86-font-utils-0:4.3.0-120.EL
  • XFree86-libs-0:4.1.0-82.EL
  • XFree86-libs-0:4.3.0-120.EL
  • XFree86-libs-data-0:4.3.0-120.EL
  • XFree86-sdk-0:4.3.0-120.EL
  • XFree86-syriac-fonts-0:4.3.0-120.EL
  • XFree86-tools-0:4.1.0-82.EL
  • XFree86-tools-0:4.3.0-120.EL
  • XFree86-truetype-fonts-0:4.3.0-120.EL
  • XFree86-twm-0:4.1.0-82.EL
  • XFree86-twm-0:4.3.0-120.EL
  • XFree86-xauth-0:4.3.0-120.EL
  • XFree86-xdm-0:4.1.0-82.EL
  • XFree86-xdm-0:4.3.0-120.EL
  • XFree86-xf86cfg-0:4.1.0-82.EL
  • XFree86-xfs-0:4.1.0-82.EL
  • XFree86-xfs-0:4.3.0-120.EL
  • xorg-x11-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Mesa-libGL-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Xdmx-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Xnest-0:6.8.2-1.EL.13.37.7
  • xorg-x11-Xvfb-0:6.8.2-1.EL.13.37.7
  • xorg-x11-deprecated-libs-0:6.8.2-1.EL.13.37.7
  • xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.13.37.7
  • xorg-x11-devel-0:6.8.2-1.EL.13.37.7
  • xorg-x11-doc-0:6.8.2-1.EL.13.37.7
  • xorg-x11-font-utils-0:6.8.2-1.EL.13.37.7
  • xorg-x11-libs-0:6.8.2-1.EL.13.37.7
  • xorg-x11-sdk-0:6.8.2-1.EL.13.37.7
  • xorg-x11-tools-0:6.8.2-1.EL.13.37.7
  • xorg-x11-twm-0:6.8.2-1.EL.13.37.7
  • xorg-x11-xauth-0:6.8.2-1.EL.13.37.7
  • xorg-x11-xdm-0:6.8.2-1.EL.13.37.7
  • xorg-x11-xfs-0:6.8.2-1.EL.13.37.7
  • xorg-x11-server-Xdmx-0:1.1.1-48.13.0.1.el5
  • xorg-x11-server-Xephyr-0:1.1.1-48.13.0.1.el5
  • xorg-x11-server-Xnest-0:1.1.1-48.13.0.1.el5
  • xorg-x11-server-Xorg-0:1.1.1-48.13.0.1.el5
  • xorg-x11-server-Xvfb-0:1.1.1-48.13.0.1.el5
  • xorg-x11-server-debuginfo-0:1.1.1-48.13.0.1.el5
  • xorg-x11-server-sdk-0:1.1.1-48.13.0.1.el5

References