1.0.4

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

x-org

CWE-189

nessus

NVD

Published: 2007-10-05

Updated: 2023-02-13

Summary

Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow.

Vulnerable Configurations

Part	Description	Count
Application	X.Org X.Org X Font Server 1.0.1 X.Org X Font Server 1.0.2 X.Org X Font Server 1.0.4	3

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1385.NASL
description	Sean Larsson discovered that two code paths inside the X Font Server handle integer values insecurely, which may lead to the execution of arbitrary code.
last seen	2020-06-01
modified	2020-06-02
plugin id	26976
published	2007-10-12
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/26976
title	Debian DSA-1385-1 : xfs - several vulnerabilities
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1385. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(26976); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2007-4568"); script_xref(name:"DSA", value:"1385"); script_name(english:"Debian DSA-1385-1 : xfs - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Sean Larsson discovered that two code paths inside the X Font Server handle integer values insecurely, which may lead to the execution of arbitrary code." ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2007/dsa-1385" ); script_set_attribute( attribute:"solution", value: "Upgrade the xfs packages. For the oldstable distribution (sarge) this problem has been fixed in version 4.3.0.dfsg.1-14sarge5 of xfree86. Packages for m68k are not yet available. They will be provided later. For the stable distribution (etch) this problem has been fixed in version 1.0.1-7." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"lbxproxy", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libdps-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libdps1", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libdps1-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libice-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libice6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libice6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libsm-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libsm6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libsm6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libx11-6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libx11-6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libx11-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxaw6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxaw6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxaw6-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxaw7", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxaw7-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxaw7-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxext-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxext6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxext6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxft1", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxft1-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxi-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxi6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxi6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxmu-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxmu6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxmu6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxmuu-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxmuu1", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxmuu1-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxp-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxp6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxp6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxpm-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxpm4", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxpm4-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxrandr-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxrandr2", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxrandr2-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxt-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxt6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxt6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxtrap-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxtrap6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxtrap6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxtst-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxtst6", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxtst6-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxv-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxv1", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"libxv1-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"pm-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"proxymngr", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"twm", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"x-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"x-window-system", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"x-window-system-core", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"x-window-system-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xbase-clients", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xdm", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfonts-100dpi", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfonts-100dpi-transcoded", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfonts-75dpi", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfonts-75dpi-transcoded", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfonts-base", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfonts-base-transcoded", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfonts-cyrillic", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfonts-scalable", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfree86-common", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfs", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xfwp", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa-dri", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa-dri-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa-gl", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa-gl-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa-gl-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa-glu", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa-glu-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa-glu-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa3", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibmesa3-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibosmesa-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibosmesa4", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibosmesa4-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibs", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibs-data", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibs-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibs-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibs-pic", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibs-static-dev", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xlibs-static-pic", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xmh", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xnest", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xserver-common", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xserver-xfree86", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xserver-xfree86-dbg", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xspecs", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xterm", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xutils", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"3.1", prefix:"xvfb", reference:"4.3.0.dfsg.1-14sarge5")) flag++; if (deb_check(release:"4.0", prefix:"xfs", reference:"1.0.1-7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_10_5_2.NASL
description	The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.2. Mac OS X 10.5.2 contains several security fixes for a number of programs.
last seen	2020-06-01
modified	2020-06-02
plugin id	30255
published	2008-02-12
reporter	This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/30255
title	Mac OS X 10.5.x < 10.5.2 Multiple Vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_XORG-X11-4485.NASL
description	This update fixes the following issues : X Font Server build_range() Integer Overflow Vulnerability [IDEF2708] (CVE-2007-4989), X Font Server swap_char2b() Heap Overflow Vulnerability [IDEF2709] (CVE-2007-4990), Composite extension buffer overflow. (CVE-2007-4730)
last seen	2020-06-01
modified	2020-06-02
plugin id	29603
published	2007-12-13
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/29603
title	SuSE 10 Security Update : X.org X11 (ZYPP Patch Number 4485)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2008-0029.NASL
description	From Red Hat Security Advisory 2008:0029 : Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server
last seen	2020-06-01
modified	2020-06-02
plugin id	67634
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67634
title	Oracle Linux 3 : XFree86 (ELSA-2008-0029)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0029.NASL
description	Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server
last seen	2020-06-01
modified	2020-06-02
plugin id	30022
published	2008-01-21
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/30022
title	CentOS 3 : XFree86 (CESA-2008:0029)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2008-002.NASL
description	The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs.
last seen	2020-06-01
modified	2020-06-02
plugin id	31605
published	2008-03-19
reporter	This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/31605
title	Mac OS X Multiple Vulnerabilities (Security Update 2008-002)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20080118_XFREE86_ON_SL3.NASL
description	Two integer overflow flaws were found in the XFree86 server
last seen	2020-06-01
modified	2020-06-02
plugin id	60349
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60349
title	Scientific Linux Security Update : XFree86 on SL3.x i386/x86_64

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20080117_XORG_X11_ON_SL4_X.NASL
description	Two integer overflow flaws were found in the X.Org server
last seen	2020-06-01
modified	2020-06-02
plugin id	60347
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60347
title	Scientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2007-210.NASL
description	Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow. (CVE-2007-4568) The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. (CVE-2007-4990) Updated package fixes these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	27817
published	2007-11-07
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27817
title	Mandrake Linux Security Advisory : xfs (MDKSA-2007:210)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0030.NASL
description	Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server
last seen	2020-06-01
modified	2020-06-02
plugin id	30002
published	2008-01-18
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/30002
title	RHEL 4 : xorg-x11 (RHSA-2008:0030)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2008-0030.NASL
description	From Red Hat Security Advisory 2008:0030 : Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server
last seen	2020-06-01
modified	2020-06-02
plugin id	67635
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67635
title	Oracle Linux 4 : xorg-x11 (ELSA-2008-0030)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2007-4263.NASL
description	- Bug #373261 - CVE-2007-4568 xfs integer overflow in the build_range function [f7] - Bug #373331 - CVE-2007-4990 xfs heap overflow in the swap_char2b function [f7] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	29278
published	2007-12-11
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/29278
title	Fedora 7 : xorg-x11-xfs-1.0.5-1.fc7 (2007-4263)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_A5F667DB759611DC8B7A0019B944B34E.NASL
description	Matthieu Herrb reports : Problem Description : Several vulnerabilities have been identified in xfs, the X font server. The QueryXBitmaps and QueryXExtents protocol requests suffer from lack of validation of their
last seen	2020-06-01
modified	2020-06-02
plugin id	26939
published	2007-10-09
reporter	This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/26939
title	FreeBSD : xfs -- multiple vulnerabilities (a5f667db-7596-11dc-8b7a-0019b944b34e)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200710-11.NASL
description	The remote host is affected by the vulnerability described in GLSA-200710-11 (X Font Server: Multiple Vulnerabilities) iDefense reported that the xfs init script does not correctly handle a race condition when setting permissions of a temporary file (CVE-2007-3103). Sean Larsson discovered an integer overflow vulnerability in the build_range() function possibly leading to a heap-based buffer overflow when handling
last seen	2020-06-01
modified	2020-06-02
plugin id	27046
published	2007-10-15
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/27046
title	GLSA-200710-11 : X Font Server: Multiple Vulnerabilities

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0030.NASL
description	Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server
last seen	2020-06-01
modified	2020-06-02
plugin id	43667
published	2010-01-06
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43667
title	CentOS 4 : xorg-x11 (CESA-2008:0030)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0029.NASL
description	Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server
last seen	2020-06-01
modified	2020-06-02
plugin id	30001
published	2008-01-18
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/30001
title	RHEL 2.1 / 3 : XFree86 (RHSA-2008:0029)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2008-001.NASL
description	The remote host is running a version of Mac OS X 10.4 that does not have the security update 2008-001 applied. This update contains several security fixes for a number of programs.
last seen	2020-06-01
modified	2020-06-02
plugin id	30254
published	2008-02-12
reporter	This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/30254
title	Mac OS X Multiple Vulnerabilities (Security Update 2008-001)

Oval

accepted

2013-04-29T04:09:39.211-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:10882

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

rhsa
id RHSA-2008:0029
rhsa
id RHSA-2008:0030

rpms

XFree86-0:4.1.0-86.EL
XFree86-0:4.3.0-126.EL
XFree86-100dpi-fonts-0:4.1.0-86.EL
XFree86-100dpi-fonts-0:4.3.0-126.EL
XFree86-75dpi-fonts-0:4.1.0-86.EL
XFree86-75dpi-fonts-0:4.3.0-126.EL
XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-126.EL
XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-126.EL
XFree86-ISO8859-15-100dpi-fonts-0:4.1.0-86.EL
XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-126.EL
XFree86-ISO8859-15-75dpi-fonts-0:4.1.0-86.EL
XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-126.EL
XFree86-ISO8859-2-100dpi-fonts-0:4.1.0-86.EL
XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-126.EL
XFree86-ISO8859-2-75dpi-fonts-0:4.1.0-86.EL
XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-126.EL
XFree86-ISO8859-9-100dpi-fonts-0:4.1.0-86.EL
XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-126.EL
XFree86-ISO8859-9-75dpi-fonts-0:4.1.0-86.EL
XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-126.EL
XFree86-Mesa-libGL-0:4.3.0-126.EL
XFree86-Mesa-libGLU-0:4.3.0-126.EL
XFree86-Xnest-0:4.1.0-86.EL
XFree86-Xnest-0:4.3.0-126.EL
XFree86-Xvfb-0:4.1.0-86.EL
XFree86-Xvfb-0:4.3.0-126.EL
XFree86-base-fonts-0:4.3.0-126.EL
XFree86-cyrillic-fonts-0:4.1.0-86.EL
XFree86-cyrillic-fonts-0:4.3.0-126.EL
XFree86-devel-0:4.1.0-86.EL
XFree86-devel-0:4.3.0-126.EL
XFree86-doc-0:4.1.0-86.EL
XFree86-doc-0:4.3.0-126.EL
XFree86-font-utils-0:4.3.0-126.EL
XFree86-libs-0:4.1.0-86.EL
XFree86-libs-0:4.3.0-126.EL
XFree86-libs-data-0:4.3.0-126.EL
XFree86-sdk-0:4.3.0-126.EL
XFree86-syriac-fonts-0:4.3.0-126.EL
XFree86-tools-0:4.1.0-86.EL
XFree86-tools-0:4.3.0-126.EL
XFree86-truetype-fonts-0:4.3.0-126.EL
XFree86-twm-0:4.1.0-86.EL
XFree86-twm-0:4.3.0-126.EL
XFree86-xauth-0:4.3.0-126.EL
XFree86-xdm-0:4.1.0-86.EL
XFree86-xdm-0:4.3.0-126.EL
XFree86-xf86cfg-0:4.1.0-86.EL
XFree86-xfs-0:4.1.0-86.EL
XFree86-xfs-0:4.3.0-126.EL
xorg-x11-0:6.8.2-1.EL.33.0.2
xorg-x11-Mesa-libGL-0:6.8.2-1.EL.33.0.2
xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.33.0.2
xorg-x11-Xdmx-0:6.8.2-1.EL.33.0.2
xorg-x11-Xnest-0:6.8.2-1.EL.33.0.2
xorg-x11-Xvfb-0:6.8.2-1.EL.33.0.2
xorg-x11-deprecated-libs-0:6.8.2-1.EL.33.0.2
xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.33.0.2
xorg-x11-devel-0:6.8.2-1.EL.33.0.2
xorg-x11-doc-0:6.8.2-1.EL.33.0.2
xorg-x11-font-utils-0:6.8.2-1.EL.33.0.2
xorg-x11-libs-0:6.8.2-1.EL.33.0.2
xorg-x11-sdk-0:6.8.2-1.EL.33.0.2
xorg-x11-tools-0:6.8.2-1.EL.33.0.2
xorg-x11-twm-0:6.8.2-1.EL.33.0.2
xorg-x11-xauth-0:6.8.2-1.EL.33.0.2
xorg-x11-xdm-0:6.8.2-1.EL.33.0.2
xorg-x11-xfs-0:6.8.2-1.EL.33.0.2

Statements

contributor	Mark J Cox
lastmodified	2007-10-08
organization	Red Hat
statement	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4568 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Oval

Redhat

Statements

References