Vulnerabilities > CVE-2007-4990 - Numeric Errors vulnerability in X.Org X Font Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_XORG-X11-4485.NASL description This update fixes the following issues : X Font Server build_range() Integer Overflow Vulnerability [IDEF2708] (CVE-2007-4989), X Font Server swap_char2b() Heap Overflow Vulnerability [IDEF2709] (CVE-2007-4990), Composite extension buffer overflow. (CVE-2007-4730) last seen 2020-06-01 modified 2020-06-02 plugin id 29603 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29603 title SuSE 10 Security Update : X.org X11 (ZYPP Patch Number 4485) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(29603); script_version ("1.16"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2007-4568", "CVE-2007-4730", "CVE-2007-4990"); script_name(english:"SuSE 10 Security Update : X.org X11 (ZYPP Patch Number 4485)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update fixes the following issues : X Font Server build_range() Integer Overflow Vulnerability [IDEF2708] (CVE-2007-4989), X Font Server swap_char2b() Heap Overflow Vulnerability [IDEF2709] (CVE-2007-4990), Composite extension buffer overflow. (CVE-2007-4730)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4730.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4989.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4990.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 4485."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(119, 189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:1, reference:"xorg-x11-6.9.0-50.52")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"xorg-x11-Xnest-6.9.0-50.52")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"xorg-x11-Xvfb-6.9.0-50.52")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"xorg-x11-Xvnc-6.9.0-50.52")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"xorg-x11-devel-6.9.0-50.52")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"xorg-x11-fonts-100dpi-6.9.0-50.52")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"xorg-x11-fonts-75dpi-6.9.0-50.52")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"xorg-x11-fonts-cyrillic-6.9.0-50.52")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"xorg-x11-fonts-scalable-6.9.0-50.52")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"xorg-x11-fonts-syriac-6.9.0-50.52")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"xorg-x11-libs-6.9.0-50.52")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"xorg-x11-man-6.9.0-50.52")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"xorg-x11-server-6.9.0-50.52")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"xorg-x11-server-glx-6.9.0-50.52")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"xorg-x11-devel-32bit-6.9.0-50.52")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"xorg-x11-libs-32bit-6.9.0-50.52")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"xorg-x11-6.9.0-50.52")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"xorg-x11-Xnest-6.9.0-50.52")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"xorg-x11-Xvfb-6.9.0-50.52")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"xorg-x11-Xvnc-6.9.0-50.52")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"xorg-x11-devel-6.9.0-50.52")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"xorg-x11-doc-6.9.0-50.52")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"xorg-x11-fonts-100dpi-6.9.0-50.52")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"xorg-x11-fonts-75dpi-6.9.0-50.52")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"xorg-x11-fonts-cyrillic-6.9.0-50.52")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"xorg-x11-fonts-scalable-6.9.0-50.52")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"xorg-x11-fonts-syriac-6.9.0-50.52")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"xorg-x11-libs-6.9.0-50.52")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"xorg-x11-man-6.9.0-50.52")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"xorg-x11-sdk-6.9.0-50.52")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"xorg-x11-server-6.9.0-50.52")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"xorg-x11-server-glx-6.9.0-50.52")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"xorg-x11-devel-32bit-6.9.0-50.52")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"xorg-x11-libs-32bit-6.9.0-50.52")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0029.NASL description From Red Hat Security Advisory 2008:0029 : Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server last seen 2020-06-01 modified 2020-06-02 plugin id 67634 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67634 title Oracle Linux 3 : XFree86 (ELSA-2008-0029) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0029 and # Oracle Linux Security Advisory ELSA-2008-0029 respectively. # include("compat.inc"); if (description) { script_id(67634); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2007-4568", "CVE-2007-4990", "CVE-2007-5958", "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429", "CVE-2008-0006"); script_bugtraq_id(25898, 27350, 27351, 27352, 27353, 27355, 27356); script_xref(name:"RHSA", value:"2008:0029"); script_name(english:"Oracle Linux 3 : XFree86 (ELSA-2008-0029)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2008:0029 : Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the XFree86 server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the XFree86 server. (CVE-2008-0006) A memory corruption flaw was found in the XFree86 server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6427) An information disclosure flaw was found in the XFree86 server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the XFree86 server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the XFree86 server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of XFree86 are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2008-January/000493.html" ); script_set_attribute( attribute:"solution", value:"Update the affected xfree86 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(119, 189, 200, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-14-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-14-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-15-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-15-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-2-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-2-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-9-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-ISO8859-9-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-Mesa-libGL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-Mesa-libGLU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-base-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-cyrillic-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-font-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-libs-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-sdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-syriac-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-twm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-xauth"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-xdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:XFree86-xfs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/05"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-100dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-100dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-75dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-75dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-14-100dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-14-100dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-14-75dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-14-75dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-15-100dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-15-100dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-15-75dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-15-75dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-2-100dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-2-100dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-2-75dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-2-75dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-9-100dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-9-100dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-ISO8859-9-75dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-ISO8859-9-75dpi-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-Mesa-libGL-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-Mesa-libGL-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-Mesa-libGLU-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-Mesa-libGLU-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-Xnest-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-Xnest-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-Xvfb-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-Xvfb-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-base-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-base-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-cyrillic-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-cyrillic-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-devel-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-devel-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-doc-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-doc-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-font-utils-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-font-utils-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-libs-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-libs-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-libs-data-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-libs-data-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-sdk-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-sdk-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-syriac-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-syriac-fonts-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-tools-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-tools-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-twm-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-twm-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-xauth-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-xauth-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-xdm-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-xdm-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"XFree86-xfs-4.3.0-125.EL.0.1")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"XFree86-xfs-4.3.0-125.EL.0.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "XFree86 / XFree86-100dpi-fonts / XFree86-75dpi-fonts / etc"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0029.NASL description Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server last seen 2020-06-01 modified 2020-06-02 plugin id 30022 published 2008-01-21 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30022 title CentOS 3 : XFree86 (CESA-2008:0029) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0029 and # CentOS Errata and Security Advisory 2008:0029 respectively. # include("compat.inc"); if (description) { script_id(30022); script_version("1.20"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2007-4568", "CVE-2007-4990", "CVE-2007-5958", "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429", "CVE-2008-0006"); script_bugtraq_id(25898, 27350, 27351, 27352, 27353, 27355, 27356); script_xref(name:"RHSA", value:"2008:0029"); script_name(english:"CentOS 3 : XFree86 (CESA-2008:0029)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the XFree86 server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the XFree86 server. (CVE-2008-0006) A memory corruption flaw was found in the XFree86 server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6427) An information disclosure flaw was found in the XFree86 server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the XFree86 server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the XFree86 server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of XFree86 are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); # https://lists.centos.org/pipermail/centos-announce/2008-January/014633.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5c6660a5" ); # https://lists.centos.org/pipermail/centos-announce/2008-January/014634.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d69d77b9" ); # https://lists.centos.org/pipermail/centos-announce/2008-January/014641.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?041fffa2" ); script_set_attribute( attribute:"solution", value:"Update the affected xfree86 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(119, 189, 200, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-14-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-14-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-15-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-15-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-2-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-2-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-9-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-9-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-Mesa-libGL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-Mesa-libGLU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-base-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-cyrillic-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-font-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-libs-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-sdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-syriac-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-truetype-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-twm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-xauth"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-xdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-xfs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/05"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"XFree86-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-100dpi-fonts-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-75dpi-fonts-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-14-100dpi-fonts-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-14-75dpi-fonts-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-15-100dpi-fonts-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-15-75dpi-fonts-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-2-100dpi-fonts-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-2-75dpi-fonts-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-9-100dpi-fonts-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-9-75dpi-fonts-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-Mesa-libGL-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-Mesa-libGLU-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-Xnest-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-Xvfb-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-base-fonts-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-cyrillic-fonts-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-devel-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-doc-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-font-utils-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-libs-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-libs-data-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-sdk-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-syriac-fonts-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-tools-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-truetype-fonts-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-twm-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-xauth-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-xdm-4.3.0-126.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-xfs-4.3.0-126.EL")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "XFree86 / XFree86-100dpi-fonts / XFree86-75dpi-fonts / etc"); }NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-002.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 31605 published 2008-03-19 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31605 title Mac OS X Multiple Vulnerabilities (Security Update 2008-002) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if (description) { script_id(31605); script_version ("1.38"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2005-3352", "CVE-2005-4077", "CVE-2006-3334", "CVE-2006-3747", "CVE-2006-5793", "CVE-2006-6481", "CVE-2007-0897", "CVE-2007-0898", "CVE-2007-1659", "CVE-2007-1660", "CVE-2007-1661", "CVE-2007-1662", "CVE-2007-1745", "CVE-2007-1997", "CVE-2007-2445", "CVE-2007-2799", "CVE-2007-3378", "CVE-2007-3725", "CVE-2007-3799", "CVE-2007-3847", "CVE-2007-4510", "CVE-2007-4560", "CVE-2007-4568", "CVE-2007-4752", "CVE-2007-4766", "CVE-2007-4767", "CVE-2007-4768", "CVE-2007-4887", "CVE-2007-4990", "CVE-2007-5000", "CVE-2007-5266", "CVE-2007-5267", "CVE-2007-5268", "CVE-2007-5269", "CVE-2007-5795", "CVE-2007-5901", "CVE-2007-5958", "CVE-2007-5971", "CVE-2007-6109", "CVE-2007-6203", "CVE-2007-6335", "CVE-2007-6336", "CVE-2007-6337", "CVE-2007-6388", "CVE-2007-6421", "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429", "CVE-2008-0005", "CVE-2008-0006", "CVE-2008-0044", "CVE-2008-0045", "CVE-2008-0046", "CVE-2008-0047", "CVE-2008-0048", "CVE-2008-0049", "CVE-2008-0050", "CVE-2008-0051", "CVE-2008-0052", "CVE-2008-0053", "CVE-2008-0054", "CVE-2008-0055", "CVE-2008-0056", "CVE-2008-0057", "CVE-2008-0058", "CVE-2008-0059", "CVE-2008-0060", "CVE-2008-0062", "CVE-2008-0063", "CVE-2008-0318", "CVE-2008-0596", "CVE-2008-0728", "CVE-2008-0882", "CVE-2008-0987", "CVE-2008-0988", "CVE-2008-0989", "CVE-2008-0990", "CVE-2008-0992", "CVE-2008-0993", "CVE-2008-0994", "CVE-2008-0995", "CVE-2008-0996", "CVE-2008-0997", "CVE-2008-0998", "CVE-2008-0999", "CVE-2008-1000"); script_bugtraq_id(19204, 21078, 24268, 25398, 25439, 25489, 25498, 26346, 26750, 26838, 26927, 26946, 27234, 27236, 27751, 27988, 28278, 28303, 28304, 28307, 28320, 28323, 28334, 28339, 28340, 28341, 28343, 28344, 28345, 28357, 28358, 28359, 28363, 28364, 28365, 28367, 28368, 28371, 28371, 28372, 28374, 28375, 28384, 28385, 28386, 28387, 28388, 28389); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2008-002)"); script_summary(english:"Check for the presence of Security Update 2008-002"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute(attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs." ); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=307562" ); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" ); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/14242" ); script_set_attribute(attribute:"solution", value: "Install Security Update 2008-002 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'ClamAV Milter Blackhole-Mode Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 22, 78, 79, 94, 119, 134, 189, 200, 255, 264, 362, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2008/03/19"); script_set_attribute(attribute:"patch_publication_date", value: "2007/08/24"); script_set_attribute(attribute:"vuln_publication_date", value: "2007/06/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(0); if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages"); if (!packages) exit(0); if (!egrep(pattern:"^SecUpd(Srvr)?(2008-00[2-8]|2009-|20[1-9][0-9]-)", string:packages)) security_hole(0); } else if (egrep(pattern:"Darwin.* (9\.[0-2]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(0); if (!egrep(pattern:"^com\.apple\.pkg\.update\.security\.2008\.002\.bom", string:packages)) security_hole(0); }NASL family Scientific Linux Local Security Checks NASL id SL_20080118_XFREE86_ON_SL3.NASL description Two integer overflow flaws were found in the XFree86 server last seen 2020-06-01 modified 2020-06-02 plugin id 60349 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60349 title Scientific Linux Security Update : XFree86 on SL3.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60349); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:17"); script_cve_id("CVE-2007-4568", "CVE-2007-4990", "CVE-2007-5958", "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429", "CVE-2008-0006"); script_name(english:"Scientific Linux Security Update : XFree86 on SL3.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Two integer overflow flaws were found in the XFree86 server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the XFree86 server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the XFree86 server. (CVE-2008-0006) A memory corruption flaw was found in the XFree86 server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-6427) An information disclosure flaw was found in the XFree86 server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the XFree86 server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the XFree86 server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0801&L=scientific-linux-errata&T=0&P=1352 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0f0a0b59" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(119, 189, 200, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL3", reference:"XFree86-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-100dpi-fonts-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-75dpi-fonts-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-ISO8859-14-100dpi-fonts-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-ISO8859-14-75dpi-fonts-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-ISO8859-15-100dpi-fonts-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-ISO8859-15-75dpi-fonts-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-ISO8859-2-100dpi-fonts-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-ISO8859-2-75dpi-fonts-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-ISO8859-9-100dpi-fonts-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-ISO8859-9-75dpi-fonts-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-Mesa-libGL-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-Mesa-libGLU-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-Xnest-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-Xvfb-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-base-fonts-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-cyrillic-fonts-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-devel-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-doc-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-font-utils-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-libs-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-libs-data-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-sdk-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-syriac-fonts-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-tools-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-truetype-fonts-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-twm-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-xauth-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-xdm-4.3.0-125.EL")) flag++; if (rpm_check(release:"SL3", reference:"XFree86-xfs-4.3.0-125.EL")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_37225.NASL description s700_800 11.23 X Font Server Patch : A potential security vulnerability has been identified with HP-UX running the X Font Server (xfs). The vulnerability could be exploited remotely to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 30046 published 2008-01-22 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30046 title HP-UX PHSS_37225 : HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code (HPSBUX02303 SSRT071468 rev.1) NASL family Scientific Linux Local Security Checks NASL id SL_20080117_XORG_X11_ON_SL4_X.NASL description Two integer overflow flaws were found in the X.Org server last seen 2020-06-01 modified 2020-06-02 plugin id 60347 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60347 title Scientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64 NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-210.NASL description Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow. (CVE-2007-4568) The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. (CVE-2007-4990) Updated package fixes these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27817 published 2007-11-07 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27817 title Mandrake Linux Security Advisory : xfs (MDKSA-2007:210) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_37224.NASL description s700_800 11.11 X Font Server Patch : A potential security vulnerability has been identified with HP-UX running the X Font Server (xfs). The vulnerability could be exploited remotely to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 30045 published 2008-01-22 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30045 title HP-UX PHSS_37224 : HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code (HPSBUX02303 SSRT071468 rev.1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0030.NASL description Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server last seen 2020-06-01 modified 2020-06-02 plugin id 30002 published 2008-01-18 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30002 title RHEL 4 : xorg-x11 (RHSA-2008:0030) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_37226.NASL description s700_800 11.31 X Font Server Patch : A potential security vulnerability has been identified with HP-UX running the X Font Server (xfs). The vulnerability could be exploited remotely to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 30047 published 2008-01-22 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30047 title HP-UX PHSS_37226 : HP-UX Running X Font Server (xfs) Software, Remote Execution of Arbitrary Code (HPSBUX02303 SSRT071468 rev.1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0030.NASL description From Red Hat Security Advisory 2008:0030 : Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server last seen 2020-06-01 modified 2020-06-02 plugin id 67635 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67635 title Oracle Linux 4 : xorg-x11 (ELSA-2008-0030) NASL family Fedora Local Security Checks NASL id FEDORA_2007-4263.NASL description - Bug #373261 - CVE-2007-4568 xfs integer overflow in the build_range function [f7] - Bug #373331 - CVE-2007-4990 xfs heap overflow in the swap_char2b function [f7] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 29278 published 2007-12-11 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29278 title Fedora 7 : xorg-x11-xfs-1.0.5-1.fc7 (2007-4263) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200710-11.NASL description The remote host is affected by the vulnerability described in GLSA-200710-11 (X Font Server: Multiple Vulnerabilities) iDefense reported that the xfs init script does not correctly handle a race condition when setting permissions of a temporary file (CVE-2007-3103). Sean Larsson discovered an integer overflow vulnerability in the build_range() function possibly leading to a heap-based buffer overflow when handling last seen 2020-06-01 modified 2020-06-02 plugin id 27046 published 2007-10-15 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27046 title GLSA-200710-11 : X Font Server: Multiple Vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0030.NASL description Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server last seen 2020-06-01 modified 2020-06-02 plugin id 43667 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43667 title CentOS 4 : xorg-x11 (CESA-2008:0030) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0029.NASL description Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server last seen 2020-06-01 modified 2020-06-02 plugin id 30001 published 2008-01-18 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30001 title RHEL 2.1 / 3 : XFree86 (RHSA-2008:0029)
Oval
| accepted | 2013-04-29T04:14:53.412-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:11599 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-10-08 |
| organization | Red Hat |
| statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4990 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. |
References
- http://bugs.freedesktop.org/show_bug.cgi?id=12299
- http://bugs.gentoo.org/show_bug.cgi?id=194606
- http://docs.info.apple.com/article.html?artnum=307562
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01323725
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html
- http://secunia.com/advisories/27040
- http://secunia.com/advisories/27052
- http://secunia.com/advisories/27060
- http://secunia.com/advisories/27176
- http://secunia.com/advisories/27228
- http://secunia.com/advisories/27240
- http://secunia.com/advisories/27560
- http://secunia.com/advisories/28004
- http://secunia.com/advisories/28514
- http://secunia.com/advisories/28536
- http://secunia.com/advisories/28542
- http://secunia.com/advisories/29420
- http://security.gentoo.org/glsa/glsa-200710-11.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103114-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200642-1
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:210
- http://www.novell.com/linux/security/advisories/2007_54_xorg.html
- http://www.redhat.com/support/errata/RHSA-2008-0029.html
- http://www.redhat.com/support/errata/RHSA-2008-0030.html
- http://www.securityfocus.com/archive/1/481432/100/0/threaded
- http://www.securityfocus.com/bid/25898
- http://www.securitytracker.com/id?1018763
- http://www.vupen.com/english/advisories/2007/3337
- http://www.vupen.com/english/advisories/2007/3338
- http://www.vupen.com/english/advisories/2007/3467
- http://www.vupen.com/english/advisories/2008/0149
- http://www.vupen.com/english/advisories/2008/0924/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36920
- https://issues.rpath.com/browse/RPL-1756
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11599
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html