Vulnerabilities > CVE-2007-5958 - Information Exposure vulnerability in X.Org Xserver

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
x-org
CWE-200
nessus
exploit available

Summary

X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.

Vulnerable Configurations

Part Description Count
Application
X.Org
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Exploit-Db

descriptionX.Org xorg-server. CVE-2007-5958. Dos exploits for multiple platform
fileexploits/multiple/dos/5152.sh
idEDB-ID:5152
last seen2016-01-31
modified2008-02-19
platformmultiple
port
published2008-02-19
reportervl4dZ
sourcehttps://www.exploit-db.com/download/5152/
titleX.Org xorg-server <= 1.1.1-48.13 - Probe for Files Exploit PoC
typedos

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_XORG-X11-LIBS-4860.NASL
    descriptionThis update fixes various Xserver security issues. File existence disclosure vulnerability. (CVE-2007-5958) XInput Extension Memory Corruption Vulnerability [IDEF2888 CVE-2007-6427]. TOG-CUP Extension Memory Corruption Vulnerability [IDEF2901 CVE-2007-6428]. EVI Extension Integer Overflow Vulnerability [IDEF2902 CVE-2007-6429]. MIT-SHM Extension Integer Overflow Vulnerability [IDEF2904 CVE-2007-6429]. XFree86-MISC Extension Invalid Array Index Vulnerability [IDEF2903 CVE-2007-5760]. PCF font parser vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id30041
    published2008-01-21
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30041
    titleSuSE 10 Security Update : X11 libs and server (ZYPP Patch Number 4860)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(30041);
      script_version ("1.19");
      script_cvs_date("Date: 2019/10/25 13:36:33");
    
      script_cve_id("CVE-2007-5760", "CVE-2007-5958", "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429");
    
      script_name(english:"SuSE 10 Security Update : X11 libs and server (ZYPP Patch Number 4860)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes various Xserver security issues. File existence
    disclosure vulnerability. (CVE-2007-5958)
    
    XInput Extension Memory Corruption Vulnerability [IDEF2888
    CVE-2007-6427].
    
    TOG-CUP Extension Memory Corruption Vulnerability [IDEF2901
    CVE-2007-6428].
    
    EVI Extension Integer Overflow Vulnerability [IDEF2902 CVE-2007-6429].
    
    MIT-SHM Extension Integer Overflow Vulnerability [IDEF2904
    CVE-2007-6429]. 
    
    XFree86-MISC Extension Invalid Array Index Vulnerability [IDEF2903
    CVE-2007-5760]. 
    
    PCF font parser vulnerability."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5760.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-5958.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-6427.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-6428.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2007-6429.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 4860.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(189, 200, 362, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/01/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:1, reference:"xorg-x11-libs-6.9.0-50.54.5")) flag++;
    if (rpm_check(release:"SLED10", sp:1, reference:"xorg-x11-server-6.9.0-50.54.5")) flag++;
    if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"xorg-x11-libs-32bit-6.9.0-50.54.5")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"xorg-x11-libs-6.9.0-50.54.5")) flag++;
    if (rpm_check(release:"SLES10", sp:1, reference:"xorg-x11-server-6.9.0-50.54.5")) flag++;
    if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"xorg-x11-libs-32bit-6.9.0-50.54.5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_37972.NASL
    descriptions700_800 11.23 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. The vulnerabilities could be exploited remotely to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id34737
    published2008-11-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34737
    titleHP-UX PHSS_37972 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHSS_37972. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34737);
      script_version("1.17");
      script_cvs_date("Date: 2019/07/10 16:04:14");
    
      script_cve_id("CVE-2007-5958", "CVE-2007-6427", "CVE-2007-6429", "CVE-2008-0006", "CVE-2008-1377", "CVE-2008-1379");
      script_bugtraq_id(27350, 27351, 27352, 27353, 27356, 29666, 29669);
      script_xref(name:"HP", value:"emr_na-c01543321");
      script_xref(name:"HP", value:"HPSBUX02381");
      script_xref(name:"HP", value:"SSRT080083");
    
      script_name(english:"HP-UX PHSS_37972 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.23 Xserver cumulative patch : 
    
    Potential security vulnerabilities have been identified with HP-UX
    running Xserver. The vulnerabilities could be exploited remotely to
    execute arbitrary code."
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a1fab10d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHSS_37972 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(119, 189, 200, 362, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/01/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/05/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/11/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.23"))
    {
      exit(0, "The host is not affected since PHSS_37972 applies to a different OS release.");
    }
    
    patches = make_list("PHSS_37972", "PHSS_39257", "PHSS_40810", "PHSS_41260");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"Xserver.AGRM", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.DDX-ADVANCED", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.DDX-ENTRY", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.DDX-LOAD", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.DDX-SAM", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.DDX-SLS", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.DDX-UTILS", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.OEM-SERVER", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.OEM-SERVER-PA", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.X11-SERV", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.X11-SERV-MAN", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-DBE", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-DBE-MAN", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-DPMS", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-DPMS-MAN", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-HPCR", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-HPCR-MAN", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-MBX", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-RECORD", version:"B.11.23")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-025.NASL
    descriptionAn input validation flaw was found in the X.org server
    last seen2020-06-01
    modified2020-06-02
    plugin id37710
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37710
    titleMandriva Linux Security Advisory : x11-server-xgl (MDVSA-2008:025)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2008:025. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(37710);
      script_version ("1.20");
      script_cvs_date("Date: 2019/08/02 13:32:50");
    
      script_cve_id("CVE-2007-5760", "CVE-2007-5958", "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429");
      script_bugtraq_id(27350, 27351, 27353, 27354, 27355, 27356);
      script_xref(name:"MDVSA", value:"2008:025");
    
      script_name(english:"Mandriva Linux Security Advisory : x11-server-xgl (MDVSA-2008:025)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Mandriva Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An input validation flaw was found in the X.org server's XFree86-Misc
    extension that could allow a malicious authorized client to cause a
    denial of service (crash), or potentially execute arbitrary code with
    root privileges on the X.org server (CVE-2007-5760).
    
    A flaw was found in the X.org server's XC-SECURITY extension that
    could allow a local user to verify the existence of an arbitrary file,
    even in directories that are not normally accessible to that user
    (CVE-2007-5958).
    
    A memory corruption flaw was found in the X.org server's XInput
    extension that could allow a malicious authorized client to cause a
    denial of service (crash) or potentially execute arbitrary code with
    root privileges on the X.org server (CVE-2007-6427).
    
    An information disclosure flaw was found in the X.org server's TOG-CUP
    extension that could allow a malicious authorized client to cause a
    denial of service (crash) or potentially view arbitrary memory content
    within the X.org server's address space (CVE-2007-6428).
    
    Two integer overflow flaws were found in the X.org server's EVI and
    MIT-SHM modules that could allow a malicious authorized client to
    cause a denial of service (crash) or potentially execute arbitrary
    code with the privileges of the X.org server (CVE-2007-6429).
    
    The updated packages have been patched to correct these issues."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected x11-server-xgl package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(189, 200, 362, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xgl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/01/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2007.0", reference:"x11-server-xgl-0.0.1-0.20060714.11.3mdv2007.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xgl-0.0.1-0.20070105.4.3mdv2007.1", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2008.0", reference:"x11-server-xgl-0.0.1-0.20070917.2.1mdv2008.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080117_XORG_X11_SERVER_ON_SL5_X.NASL
    descriptionTwo integer overflow flaws were found in the X.Org server
    last seen2020-06-01
    modified2020-06-02
    plugin id60348
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60348
    titleScientific Linux Security Update : xorg-x11-server on SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60348);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/25 13:36:17");
    
      script_cve_id("CVE-2007-5760", "CVE-2007-5958", "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429");
    
      script_name(english:"Scientific Linux Security Update : xorg-x11-server on SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Two integer overflow flaws were found in the X.Org server's EVI and
    MIT-SHM modules. A malicious authorized client could exploit these
    issues to cause a denial of service (crash), or potentially execute
    arbitrary code with root privileges on the X.Org server.
    (CVE-2007-6429)
    
    A memory corruption flaw was found in the X.Org server's XInput
    extension. A malicious authorized client could exploit this issue to
    cause a denial of service (crash), or potentially execute arbitrary
    code with root privileges on the X.Org server. (CVE-2007-6427)
    
    An input validation flaw was found in the X.Org server's XFree86-Misc
    extension. A malicious authorized client could exploit this issue to
    cause a denial of service (crash), or potentially execute arbitrary
    code with root privileges on the X.Org server. (CVE-2007-5760)
    
    An information disclosure flaw was found in the X.Org server's TOG-CUP
    extension. A malicious authorized client could exploit this issue to
    cause a denial of service (crash), or potentially view arbitrary
    memory content within the X server's address space. (CVE-2007-6428)
    
    A flaw was found in the X.Org server's XC-SECURITY extension, that
    could have allowed a local user to verify the existence of an
    arbitrary file, even in directories that are not normally accessible
    to that user. (CVE-2007-5958)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0801&L=scientific-linux-errata&T=0&P=1227
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ce21d06a"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(189, 200, 362, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/01/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL5", reference:"xorg-x11-server-Xdmx-1.1.1-48.26.el5_1.4")) flag++;
    if (rpm_check(release:"SL5", reference:"xorg-x11-server-Xephyr-1.1.1-48.26.el5_1.4")) flag++;
    if (rpm_check(release:"SL5", reference:"xorg-x11-server-Xnest-1.1.1-48.26.el5_1.4")) flag++;
    if (rpm_check(release:"SL5", reference:"xorg-x11-server-Xorg-1.1.1-48.26.el5_1.4")) flag++;
    if (rpm_check(release:"SL5", reference:"xorg-x11-server-Xvfb-1.1.1-48.26.el5_1.4")) flag++;
    if (rpm_check(release:"SL5", reference:"xorg-x11-server-sdk-1.1.1-48.26.el5_1.4")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-023.NASL
    descriptionAn input validation flaw was found in the X.org server
    last seen2020-06-01
    modified2020-06-02
    plugin id37567
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37567
    titleMandriva Linux Security Advisory : x11-server (MDVSA-2008:023)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2008:023. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(37567);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:50");
    
      script_cve_id("CVE-2007-5760", "CVE-2007-5958", "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429", "CVE-2008-0006");
      script_xref(name:"MDVSA", value:"2008:023");
    
      script_name(english:"Mandriva Linux Security Advisory : x11-server (MDVSA-2008:023)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An input validation flaw was found in the X.org server's XFree86-Misc
    extension that could allow a malicious authorized client to cause a
    denial of service (crash), or potentially execute arbitrary code with
    root privileges on the X.org server (CVE-2007-5760).
    
    A flaw was found in the X.org server's XC-SECURITY extension that
    could allow a local user to verify the existence of an arbitrary file,
    even in directories that are not normally accessible to that user
    (CVE-2007-5958).
    
    A memory corruption flaw was found in the X.org server's XInput
    extension that could allow a malicious authorized client to cause a
    denial of service (crash) or potentially execute arbitrary code with
    root privileges on the X.org server (CVE-2007-6427).
    
    An information disclosure flaw was found in the X.org server's TOG-CUP
    extension that could allow a malicious authorized client to cause a
    denial of service (crash) or potentially view arbitrary memory content
    within the X.org server's address space (CVE-2007-6428).
    
    Two integer overflow flaws were found in the X.org server's EVI and
    MIT-SHM modules that could allow a malicious authorized client to
    cause a denial of service (crash) or potentially execute arbitrary
    code with the privileges of the X.org server (CVE-2007-6429).
    
    The updated packages have been patched to correct these issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(119, 189, 200, 362, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xati");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xchips");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xdmx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xephyr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xepson");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xfake");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xfbdev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xi810");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xmach64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xmga");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xneomagic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xnest");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xnvidia");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xorg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xpm2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xprt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xr128");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xsdl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xsmi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xvesa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xvfb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xvia");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xvnc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/01/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2007.0", reference:"x11-server-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"x11-server-common-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"x11-server-devel-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xati-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xchips-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"x11-server-xdmx-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"x11-server-xephyr-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xepson-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"x11-server-xfake-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"x11-server-xfbdev-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xi810-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xmach64-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xmga-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xneomagic-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"x11-server-xnest-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xnvidia-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"x11-server-xorg-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xpm2-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"x11-server-xprt-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xr128-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"x11-server-xsdl-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xsmi-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xvesa-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"x11-server-xvfb-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xvia-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-common-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-devel-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xati-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xchips-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xdmx-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xephyr-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xepson-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xfake-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xfbdev-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xi810-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xmach64-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xmga-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xneomagic-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xnest-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xnvidia-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xorg-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xpm2-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xprt-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xr128-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xsdl-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xsmi-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xvesa-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xvfb-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xvia-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.1", reference:"x11-server-xvnc-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++;
    
    if (rpm_check(release:"MDK2008.0", reference:"x11-server-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"x11-server-common-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"x11-server-devel-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xati-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xchips-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"x11-server-xdmx-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"x11-server-xephyr-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xepson-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"x11-server-xfake-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"x11-server-xfbdev-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xi810-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xmach64-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xmga-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xneomagic-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"x11-server-xnest-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xnvidia-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"x11-server-xorg-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xpm2-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xr128-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"x11-server-xsdl-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xsmi-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xvesa-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"x11-server-xvfb-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xvia-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2008.0", reference:"x11-server-xvnc-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_118908.NASL
    descriptionX11 6.7.0_x86: Xorg patch. Date this patch was last updated by Sun : Sep/23/08
    last seen2020-06-01
    modified2020-06-02
    plugin id23609
    published2006-11-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23609
    titleSolaris 9 (x86) : 118908-06
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_125719-54.NASL
    descriptionX11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Oct/13/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107436
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107436
    titleSolaris 10 (sparc) : 125719-54
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-0760.NASL
    descriptionCVE-2007-5760: XFree86-Misc Extension Invalid Array Index Vulnerability CVE-2007-5958: Xorg / XFree86 file existence disclosure vulnerability CVE-2007-6427: XInput Extension Memory Corruption Vulnerability CVE-2007-6428: TOG-CUP Extension Memory Corruption Vulnerability CVE-2007-6429: EVI and MIT-SHM Extension Integer Overflow Vulnerability CVE-2008-0006: PCF Font Vulnerability - this patch isn
    last seen2020-06-01
    modified2020-06-02
    plugin id30073
    published2008-01-27
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30073
    titleFedora 8 : xorg-x11-server-1.3.0.0-39.fc8 (2008-0760)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_125719-56.NASL
    descriptionX11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Nov/12/15
    last seen2020-06-01
    modified2020-06-02
    plugin id107438
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107438
    titleSolaris 10 (sparc) : 125719-56
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0029.NASL
    descriptionFrom Red Hat Security Advisory 2008:0029 : Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server
    last seen2020-06-01
    modified2020-06-02
    plugin id67634
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67634
    titleOracle Linux 3 : XFree86 (ELSA-2008-0029)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XGL-5100.NASL
    descriptionThis update fixes several integer overflows in Xgl. (CVE-2007-6429 / CVE-2007-1003 / CVE-2007-5958 / CVE-2007-6427 / CVE-2007-6428 / CVE-2007-6429 / CVE-2008-0006)
    last seen2020-06-01
    modified2020-06-02
    plugin id31780
    published2008-04-04
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31780
    titleSuSE 10 Security Update : Xgl (ZYPP Patch Number 5100)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_125719-60.NASL
    descriptionX11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Nov/04/19
    last seen2020-06-01
    modified2020-06-02
    plugin id130509
    published2019-11-05
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130509
    titleSolaris 10 (sparc) : 125719-60
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-0831.NASL
    descriptionCVE-2007-5760: XFree86-Misc Extension Invalid Array Index Vulnerability CVE-2007-5958: Xorg / XFree86 file existence disclosure vulnerability CVE-2007-6427: XInput Extension Memory Corruption Vulnerability CVE-2007-6428: TOG-CUP Extension Memory Corruption Vulnerability CVE-2007-6429: EVI and MIT-SHM Extension Integer Overflow Vulnerability CVE-2008-0006: PCF Font Vulnerability - this patch isn
    last seen2020-06-01
    modified2020-06-02
    plugin id30076
    published2008-01-27
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30076
    titleFedora 7 : xorg-x11-server-1.3.0.0-15.fc7 (2008-0831)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0029.NASL
    descriptionUpdated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server
    last seen2020-06-01
    modified2020-06-02
    plugin id30022
    published2008-01-21
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30022
    titleCentOS 3 : XFree86 (CESA-2008:0029)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_125719-55.NASL
    descriptionX11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Jul/13/15
    last seen2020-06-01
    modified2020-06-02
    plugin id107437
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107437
    titleSolaris 10 (sparc) : 125719-55
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0031.NASL
    descriptionUpdated xorg-x11-server packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. X.Org is an open source implementation of the X Window System. It provides basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server
    last seen2020-06-01
    modified2020-06-02
    plugin id43668
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43668
    titleCentOS 5 : xorg-x11-server (CESA-2008:0031)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_125719-42.NASL
    descriptionX11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Nov/28/11
    last seen2020-06-01
    modified2020-06-02
    plugin id107435
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107435
    titleSolaris 10 (sparc) : 125719-42
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2008-002.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs.
    last seen2020-06-01
    modified2020-06-02
    plugin id31605
    published2008-03-19
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31605
    titleMac OS X Multiple Vulnerabilities (Security Update 2008-002)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12043.NASL
    descriptionThis update fixes various Xserver security issues. - File existence disclosure vulnerability. (CVE-2007-5958) - XInput Extension Memory Corruption Vulnerability [IDEF2888 CVE-2007-6427]. - TOG-CUP Extension Memory Corruption Vulnerability [IDEF2901 CVE-2007-6428]. - EVI Extension Integer Overflow Vulnerability [IDEF2902 CVE-2007-6429]. - MIT-SHM Extension Integer Overflow Vulnerability [IDEF2904 CVE-2007-6429]. - XFree86-MISC Extension Invalid Array Index Vulnerability [IDEF2903 CVE-2007-5760]. - PCF font parser vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id41183
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41183
    titleSuSE9 Security Update : XFree86-Xnest (YOU Patch Number 12043)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080118_XFREE86_ON_SL3.NASL
    descriptionTwo integer overflow flaws were found in the XFree86 server
    last seen2020-06-01
    modified2020-06-02
    plugin id60349
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60349
    titleScientific Linux Security Update : XFree86 on SL3.x i386/x86_64
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_125719-57.NASL
    descriptionX11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Mar/09/17
    last seen2020-06-01
    modified2020-06-02
    plugin id107439
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107439
    titleSolaris 10 (sparc) : 125719-57
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-571-2.NASL
    descriptionUSN-571-1 fixed vulnerabilities in X.org. The upstream fixes were incomplete, and under certain situations, applications using the MIT-SHM extension (e.g. Java, wxWidgets) would crash with BadAlloc X errors. This update fixes the problem. We apologize for the inconvenience. Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429) It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. (CVE-2007-5958) It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges. (CVE-2008-0006). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id30042
    published2008-01-21
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30042
    titleUbuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : xorg-server regression (USN-571-2)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0031.NASL
    descriptionFrom Red Hat Security Advisory 2008:0031 : Updated xorg-x11-server packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. X.Org is an open source implementation of the X Window System. It provides basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server
    last seen2020-06-01
    modified2020-06-02
    plugin id67636
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67636
    titleOracle Linux 5 : xorg-x11-server (ELSA-2008-0031)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XORG-X11-XNEST-4875.NASL
    descriptionThis update fixes various Xserver security issues. File existence disclosure vulnerability. (CVE-2007-5958) XInput Extension Memory Corruption Vulnerability [IDEF2888 CVE-2007-6427]. TOG-CUP Extension Memory Corruption Vulnerability [IDEF2901 CVE-2007-6428]. EVI Extension Integer Overflow Vulnerability [IDEF2902 CVE-2007-6429]. MIT-SHM Extension Integer Overflow Vulnerability [IDEF2904 CVE-2007-6429]. XFree86-MISC Extension Invalid Array Index Vulnerability [IDEF2903 CVE-2007-5760]. PCF font parser vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id30040
    published2008-01-21
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30040
    titleSuSE 10 Security Update : xorg-x11-Xnest (ZYPP Patch Number 4875)
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_38840.NASL
    descriptions700_800 11.31 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. The vulnerabilities could be exploited remotely to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id34738
    published2008-11-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34738
    titleHP-UX PHSS_38840 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080117_XORG_X11_ON_SL4_X.NASL
    descriptionTwo integer overflow flaws were found in the X.Org server
    last seen2020-06-01
    modified2020-06-02
    plugin id60347
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60347
    titleScientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_125719.NASL
    descriptionX11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Jun/15/17 This plugin has been deprecated and either replaced with individual 125719 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id26989
    published2007-10-12
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=26989
    titleSolaris 10 (sparc) : 125719-58 (deprecated)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0031.NASL
    descriptionUpdated xorg-x11-server packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. X.Org is an open source implementation of the X Window System. It provides basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server
    last seen2020-06-01
    modified2020-06-02
    plugin id30003
    published2008-01-18
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30003
    titleRHEL 5 : xorg-x11-server (RHSA-2008:0031)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0030.NASL
    descriptionUpdated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server
    last seen2020-06-01
    modified2020-06-02
    plugin id30002
    published2008-01-18
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30002
    titleRHEL 4 : xorg-x11 (RHSA-2008:0030)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0030.NASL
    descriptionFrom Red Hat Security Advisory 2008:0030 : Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server
    last seen2020-06-01
    modified2020-06-02
    plugin id67635
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67635
    titleOracle Linux 4 : xorg-x11 (ELSA-2008-0030)
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_34392.NASL
    descriptions700_800 11.11 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. The vulnerabilities could be exploited remotely to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id34736
    published2008-11-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34736
    titleHP-UX PHSS_34392 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0030.NASL
    descriptionUpdated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server
    last seen2020-06-01
    modified2020-06-02
    plugin id43667
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43667
    titleCentOS 4 : xorg-x11 (CESA-2008:0030)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0029.NASL
    descriptionUpdated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server
    last seen2020-06-01
    modified2020-06-02
    plugin id30001
    published2008-01-18
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30001
    titleRHEL 2.1 / 3 : XFree86 (RHSA-2008:0029)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_FE2B6597C9A411DC8DA80008A18A9961.NASL
    descriptionMatthieu Herrb of X.Org reports : Several vulnerabilities have been identified in server code of the X window system caused by lack of proper input validation on user controlled data in various parts of the software, causing various kinds of overflows. Exploiting these overflows will crash the X server or, under certain circumstances allow the execution of arbitrary machine code. When the X server is running with root privileges (which is the case for the Xorg server and for most kdrive based servers), these vulnerabilities can thus also be used to raise privileges. All these vulnerabilities, to be exploited succesfully, require either an already established connection to a running X server (and normally running X servers are only accepting authenticated connections), or a shell access with a valid user on the machine where the vulnerable server is installed.
    last seen2020-06-01
    modified2020-06-02
    plugin id30088
    published2008-01-27
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30088
    titleFreeBSD : xorg -- multiple vulnerabilities (fe2b6597-c9a4-11dc-8da8-0008a18a9961)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XORG-X11-XNEST-4859.NASL
    descriptionThis update fixes various Xserver security issues. File existence disclosure vulnerability (CVE-2007-5958). XInput Extension Memory Corruption Vulnerability [IDEF2888 CVE-2007-6427]. TOG-CUP Extension Memory Corruption Vulnerability [IDEF2901 CVE-2007-6428]. EVI Extension Integer Overflow Vulnerability [IDEF2902 CVE-2007-6429]. MIT-SHM Extension Integer Overflow Vulnerability [IDEF2904 CVE-2007-6429]. XFree86-MISC Extension Invalid Array Index Vulnerability [IDEF2903 CVE-2007-5760]. PCF font parser vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id30017
    published2008-01-18
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30017
    titleopenSUSE 10 Security Update : xorg-x11-Xnest (xorg-x11-Xnest-4859)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XGL-5099.NASL
    descriptionThis update fixes several integer overflows in Xgl (CVE-2007-6429, CVE-2007-1003, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006)
    last seen2020-06-01
    modified2020-06-02
    plugin id31779
    published2008-04-04
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31779
    titleopenSUSE 10 Security Update : xgl (xgl-5099)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1466.NASL
    descriptionThe X.org fix for CVE-2007-6429 introduced a regression in the MIT-SHM extension, which prevented the start of a few applications. This update provides updated packages for the xfree86 version included in Debian old stable (sarge) in addition to the fixed packages for Debian stable (etch), which were provided in DSA 1466-2. For reference the original advisory text below : Several local vulnerabilities have been discovered in the X.Org X server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5760
    last seen2020-06-01
    modified2020-06-02
    plugin id30059
    published2008-01-27
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30059
    titleDebian DSA-1466-1 : xorg-server - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12040.NASL
    descriptionThis update fixes various Xserver security issues. - File existence disclosure vulnerability. (CVE-2007-5958) - XInput Extension Memory Corruption Vulnerability [IDEF2888 CVE-2007-6427]. - TOG-CUP Extension Memory Corruption Vulnerability [IDEF2901 CVE-2007-6428]. - EVI Extension Integer Overflow Vulnerability [IDEF2902 CVE-2007-6429]. - MIT-SHM Extension Integer Overflow Vulnerability [IDEF2904 CVE-2007-6429]. - XFree86-MISC Extension Invalid Array Index Vulnerability [IDEF2903 CVE-2007-5760]. - PCF font parser vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id41182
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41182
    titleSuSE9 Security Update : XFree86-libs (YOU Patch Number 12040)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200801-09.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200801-09 (X.Org X server and Xfont library: Multiple vulnerabilities) regenrecht reported multiple vulnerabilities in various X server extension via iDefense: The XFree86-Misc extension does not properly sanitize a parameter within a PassMessage request, allowing the modification of a function pointer (CVE-2007-5760). Multiple functions in the XInput extension do not properly sanitize client requests for swapping bytes, leading to corruption of heap memory (CVE-2007-6427). Integer overflow vulnerabilities in the EVI extension and in the MIT-SHM extension can lead to buffer overflows (CVE-2007-6429). The TOG-CUP extension does not sanitize an index value in the ProcGetReservedColormapEntries() function, leading to arbitrary memory access (CVE-2007-6428). A buffer overflow was discovered in the Xfont library when processing PCF font files (CVE-2008-0006). The X server does not enforce restrictions when a user specifies a security policy file and attempts to open it (CVE-2007-5958). Impact : Remote attackers could exploit the vulnerability in the Xfont library by enticing a user to load a specially crafted PCF font file resulting in the execution of arbitrary code with the privileges of the user running the X server, typically root. Local attackers could exploit this and the vulnerabilities in the X.org extensions to gain elevated privileges. If the X server allows connections from the network, these vulnerabilities could be exploited remotely. A local attacker could determine the existence of arbitrary files by exploiting the last vulnerability or possibly cause a Denial of Service. Workaround : Workarounds for some of the vulnerabilities can be found in the X.Org security advisory as listed under References.
    last seen2020-06-01
    modified2020-06-02
    plugin id30033
    published2008-01-21
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30033
    titleGLSA-200801-09 : X.Org X server and Xfont library: Multiple vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-571-1.NASL
    descriptionMultiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429) It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. (CVE-2007-5958) It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges. (CVE-2008-0006). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id30019
    published2008-01-18
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30019
    titleUbuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libxfont, xorg-server vulnerabilities (USN-571-1)

Oval

  • accepted2013-04-29T04:10:31.561-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionX.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.
    familyunix
    idoval:org.mitre.oval:def:10991
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleX.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.
    version27
  • accepted2008-03-24T04:00:46.668-04:00
    classvulnerability
    contributors
    namePai Peng
    organizationHewlett-Packard
    definition_extensions
    • commentSolaris 8 (SPARC) is installed
      ovaloval:org.mitre.oval:def:1539
    • commentSolaris 9 (SPARC) is installed
      ovaloval:org.mitre.oval:def:1457
    • commentSolaris 10 (SPARC) is installed
      ovaloval:org.mitre.oval:def:1440
    • commentSolaris 8 (x86) is installed
      ovaloval:org.mitre.oval:def:2059
    • commentSolaris 9 (x86) is installed
      ovaloval:org.mitre.oval:def:1683
    • commentSolaris 10 (x86) is installed
      ovaloval:org.mitre.oval:def:1926
    descriptionX.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.
    familyunix
    idoval:org.mitre.oval:def:5393
    statusaccepted
    submitted2008-02-12T08:48:34.000-05:00
    titleSecurity Vulnerability in the Solaris X Server May Lead to Unauthorized Disclosure of Information on Access Restricted Files and Directories
    version35

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/63817/xorg-disclose.txt
idPACKETSTORM:63817
last seen2016-12-05
published2008-02-20
reportervl4dZ
sourcehttps://packetstormsecurity.com/files/63817/xorg-disclose.txt.html
titlexorg-disclose.txt

Redhat

advisories
  • rhsa
    idRHSA-2008:0029
  • rhsa
    idRHSA-2008:0030
  • rhsa
    idRHSA-2008:0031
rpms
  • XFree86-0:4.1.0-86.EL
  • XFree86-0:4.3.0-126.EL
  • XFree86-100dpi-fonts-0:4.1.0-86.EL
  • XFree86-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-75dpi-fonts-0:4.1.0-86.EL
  • XFree86-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.1.0-86.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.1.0-86.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.1.0-86.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.1.0-86.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.1.0-86.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-126.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.1.0-86.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-126.EL
  • XFree86-Mesa-libGL-0:4.3.0-126.EL
  • XFree86-Mesa-libGLU-0:4.3.0-126.EL
  • XFree86-Xnest-0:4.1.0-86.EL
  • XFree86-Xnest-0:4.3.0-126.EL
  • XFree86-Xvfb-0:4.1.0-86.EL
  • XFree86-Xvfb-0:4.3.0-126.EL
  • XFree86-base-fonts-0:4.3.0-126.EL
  • XFree86-cyrillic-fonts-0:4.1.0-86.EL
  • XFree86-cyrillic-fonts-0:4.3.0-126.EL
  • XFree86-devel-0:4.1.0-86.EL
  • XFree86-devel-0:4.3.0-126.EL
  • XFree86-doc-0:4.1.0-86.EL
  • XFree86-doc-0:4.3.0-126.EL
  • XFree86-font-utils-0:4.3.0-126.EL
  • XFree86-libs-0:4.1.0-86.EL
  • XFree86-libs-0:4.3.0-126.EL
  • XFree86-libs-data-0:4.3.0-126.EL
  • XFree86-sdk-0:4.3.0-126.EL
  • XFree86-syriac-fonts-0:4.3.0-126.EL
  • XFree86-tools-0:4.1.0-86.EL
  • XFree86-tools-0:4.3.0-126.EL
  • XFree86-truetype-fonts-0:4.3.0-126.EL
  • XFree86-twm-0:4.1.0-86.EL
  • XFree86-twm-0:4.3.0-126.EL
  • XFree86-xauth-0:4.3.0-126.EL
  • XFree86-xdm-0:4.1.0-86.EL
  • XFree86-xdm-0:4.3.0-126.EL
  • XFree86-xf86cfg-0:4.1.0-86.EL
  • XFree86-xfs-0:4.1.0-86.EL
  • XFree86-xfs-0:4.3.0-126.EL
  • xorg-x11-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Mesa-libGL-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Xdmx-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Xnest-0:6.8.2-1.EL.33.0.2
  • xorg-x11-Xvfb-0:6.8.2-1.EL.33.0.2
  • xorg-x11-deprecated-libs-0:6.8.2-1.EL.33.0.2
  • xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.33.0.2
  • xorg-x11-devel-0:6.8.2-1.EL.33.0.2
  • xorg-x11-doc-0:6.8.2-1.EL.33.0.2
  • xorg-x11-font-utils-0:6.8.2-1.EL.33.0.2
  • xorg-x11-libs-0:6.8.2-1.EL.33.0.2
  • xorg-x11-sdk-0:6.8.2-1.EL.33.0.2
  • xorg-x11-tools-0:6.8.2-1.EL.33.0.2
  • xorg-x11-twm-0:6.8.2-1.EL.33.0.2
  • xorg-x11-xauth-0:6.8.2-1.EL.33.0.2
  • xorg-x11-xdm-0:6.8.2-1.EL.33.0.2
  • xorg-x11-xfs-0:6.8.2-1.EL.33.0.2
  • xorg-x11-server-Xdmx-0:1.1.1-48.26.el5_1.5
  • xorg-x11-server-Xephyr-0:1.1.1-48.26.el5_1.5
  • xorg-x11-server-Xnest-0:1.1.1-48.26.el5_1.5
  • xorg-x11-server-Xorg-0:1.1.1-48.26.el5_1.5
  • xorg-x11-server-Xvfb-0:1.1.1-48.26.el5_1.5
  • xorg-x11-server-debuginfo-0:1.1.1-48.26.el5_1.5
  • xorg-x11-server-sdk-0:1.1.1-48.26.el5_1.5

Seebug

  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:8146
    last seen2017-11-19
    modified2008-02-21
    published2008-02-21
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-8146
    titleX.Org xorg-server &lt;= 1.1.1-48.13 Probe for Files Exploit PoC
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:65214
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-65214
    titleX.Org xorg-server <= 1.1.1-48.13 - Probe for Files Exploit PoC

References