Vulnerabilities > CVE-2008-0006 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 | |
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0064.NASL description An updated X.Org libXfont package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libXfont package contains the X.Org X11 libXfont runtime library. A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) Users of X.Org libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 43671 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43671 title CentOS 5 : libXfont (CESA-2008:0064) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0064 and # CentOS Errata and Security Advisory 2008:0064 respectively. # include("compat.inc"); if (description) { script_id(43671); script_version("1.11"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2008-0006"); script_bugtraq_id(27352); script_xref(name:"RHSA", value:"2008:0064"); script_name(english:"CentOS 5 : libXfont (CESA-2008:0064)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An updated X.Org libXfont package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libXfont package contains the X.Org X11 libXfont runtime library. A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) Users of X.Org libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue." ); # https://lists.centos.org/pipermail/centos-announce/2008-January/014622.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ffb00c5e" ); # https://lists.centos.org/pipermail/centos-announce/2008-January/014623.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?74a02e63" ); script_set_attribute( attribute:"solution", value:"Update the affected libxfont packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libXfont"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libXfont-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/01/18"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"libXfont-1.2.2-1.0.3.el5_1")) flag++; if (rpm_check(release:"CentOS-5", reference:"libXfont-devel-1.2.2-1.0.3.el5_1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libXfont / libXfont-devel"); }NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_37972.NASL description s700_800 11.23 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. The vulnerabilities could be exploited remotely to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 34737 published 2008-11-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34737 title HP-UX PHSS_37972 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_37972. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # include("compat.inc"); if (description) { script_id(34737); script_version("1.17"); script_cvs_date("Date: 2019/07/10 16:04:14"); script_cve_id("CVE-2007-5958", "CVE-2007-6427", "CVE-2007-6429", "CVE-2008-0006", "CVE-2008-1377", "CVE-2008-1379"); script_bugtraq_id(27350, 27351, 27352, 27353, 27356, 29666, 29669); script_xref(name:"HP", value:"emr_na-c01543321"); script_xref(name:"HP", value:"HPSBUX02381"); script_xref(name:"HP", value:"SSRT080083"); script_name(english:"HP-UX PHSS_37972 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.23 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. The vulnerabilities could be exploited remotely to execute arbitrary code." ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a1fab10d" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_37972 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(119, 189, 200, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/01/18"); script_set_attribute(attribute:"patch_publication_date", value:"2011/05/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/11/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.23")) { exit(0, "The host is not affected since PHSS_37972 applies to a different OS release."); } patches = make_list("PHSS_37972", "PHSS_39257", "PHSS_40810", "PHSS_41260"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"Xserver.AGRM", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.DDX-ADVANCED", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.DDX-ENTRY", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.DDX-LOAD", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.DDX-SAM", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.DDX-SLS", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.DDX-UTILS", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.OEM-SERVER", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.OEM-SERVER-PA", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.X11-SERV", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.X11-SERV-MAN", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-DBE", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-DBE-MAN", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-DPMS", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-DPMS-MAN", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-HPCR", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-HPCR-MAN", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-MBX", version:"B.11.23")) flag++; if (hpux_check_patch(app:"Xserver.XEXT-RECORD", version:"B.11.23")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-023.NASL description An input validation flaw was found in the X.org server last seen 2020-06-01 modified 2020-06-02 plugin id 37567 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37567 title Mandriva Linux Security Advisory : x11-server (MDVSA-2008:023) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2008:023. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(37567); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:50"); script_cve_id("CVE-2007-5760", "CVE-2007-5958", "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429", "CVE-2008-0006"); script_xref(name:"MDVSA", value:"2008:023"); script_name(english:"Mandriva Linux Security Advisory : x11-server (MDVSA-2008:023)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An input validation flaw was found in the X.org server's XFree86-Misc extension that could allow a malicious authorized client to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.org server (CVE-2007-5760). A flaw was found in the X.org server's XC-SECURITY extension that could allow a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user (CVE-2007-5958). A memory corruption flaw was found in the X.org server's XInput extension that could allow a malicious authorized client to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server (CVE-2007-6427). An information disclosure flaw was found in the X.org server's TOG-CUP extension that could allow a malicious authorized client to cause a denial of service (crash) or potentially view arbitrary memory content within the X.org server's address space (CVE-2007-6428). Two integer overflow flaws were found in the X.org server's EVI and MIT-SHM modules that could allow a malicious authorized client to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server (CVE-2007-6429). The updated packages have been patched to correct these issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(119, 189, 200, 362, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xati"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xchips"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xephyr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xepson"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xfake"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xfbdev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xi810"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xmach64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xmga"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xneomagic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xnvidia"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xorg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xpm2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xprt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xr128"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xsdl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xsmi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xvesa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xvia"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:x11-server-xvnc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", reference:"x11-server-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"x11-server-common-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"x11-server-devel-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xati-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xchips-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"x11-server-xdmx-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"x11-server-xephyr-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xepson-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"x11-server-xfake-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"x11-server-xfbdev-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xi810-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xmach64-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xmga-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xneomagic-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"x11-server-xnest-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xnvidia-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"x11-server-xorg-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xpm2-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"x11-server-xprt-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xr128-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"x11-server-xsdl-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xsmi-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xvesa-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"x11-server-xvfb-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"x11-server-xvia-1.1.1-12.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-common-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-devel-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xati-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xchips-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xdmx-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xephyr-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xepson-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xfake-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xfbdev-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xi810-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xmach64-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xmga-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xneomagic-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xnest-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xnvidia-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xorg-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xpm2-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xprt-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xr128-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xsdl-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xsmi-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xvesa-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xvfb-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"x11-server-xvia-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"x11-server-xvnc-1.2.0-9.4mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"x11-server-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"x11-server-common-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"x11-server-devel-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xati-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xchips-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"x11-server-xdmx-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"x11-server-xephyr-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xepson-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"x11-server-xfake-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"x11-server-xfbdev-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xi810-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xmach64-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xmga-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xneomagic-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"x11-server-xnest-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xnvidia-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"x11-server-xorg-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xpm2-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xr128-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"x11-server-xsdl-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xsmi-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xvesa-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"x11-server-xvfb-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"x11-server-xvia-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"x11-server-xvnc-1.3.0.0-24.1mdv2008.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_118908.NASL description X11 6.7.0_x86: Xorg patch. Date this patch was last updated by Sun : Sep/23/08 last seen 2020-06-01 modified 2020-06-02 plugin id 23609 published 2006-11-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23609 title Solaris 9 (x86) : 118908-06 NASL family Scientific Linux Local Security Checks NASL id SL_20080117_LIBXFONT_ON_SL5_X.NASL description A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) last seen 2020-06-01 modified 2020-06-02 plugin id 60346 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60346 title Scientific Linux Security Update : libXfont on SL5.x i386/x86_64 NASL family Solaris Local Security Checks NASL id SOLARIS10_125719-54.NASL description X11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Oct/13/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107436 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107436 title Solaris 10 (sparc) : 125719-54 NASL family Fedora Local Security Checks NASL id FEDORA_2008-0760.NASL description CVE-2007-5760: XFree86-Misc Extension Invalid Array Index Vulnerability CVE-2007-5958: Xorg / XFree86 file existence disclosure vulnerability CVE-2007-6427: XInput Extension Memory Corruption Vulnerability CVE-2007-6428: TOG-CUP Extension Memory Corruption Vulnerability CVE-2007-6429: EVI and MIT-SHM Extension Integer Overflow Vulnerability CVE-2008-0006: PCF Font Vulnerability - this patch isn last seen 2020-06-01 modified 2020-06-02 plugin id 30073 published 2008-01-27 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30073 title Fedora 8 : xorg-x11-server-1.3.0.0-39.fc8 (2008-0760) NASL family Solaris Local Security Checks NASL id SOLARIS10_125719-56.NASL description X11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Nov/12/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107438 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107438 title Solaris 10 (sparc) : 125719-56 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0029.NASL description From Red Hat Security Advisory 2008:0029 : Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server last seen 2020-06-01 modified 2020-06-02 plugin id 67634 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67634 title Oracle Linux 3 : XFree86 (ELSA-2008-0029) NASL family SuSE Local Security Checks NASL id SUSE_XGL-5100.NASL description This update fixes several integer overflows in Xgl. (CVE-2007-6429 / CVE-2007-1003 / CVE-2007-5958 / CVE-2007-6427 / CVE-2007-6428 / CVE-2007-6429 / CVE-2008-0006) last seen 2020-06-01 modified 2020-06-02 plugin id 31780 published 2008-04-04 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31780 title SuSE 10 Security Update : Xgl (ZYPP Patch Number 5100) NASL family Solaris Local Security Checks NASL id SOLARIS10_125719-60.NASL description X11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Nov/04/19 last seen 2020-06-01 modified 2020-06-02 plugin id 130509 published 2019-11-05 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130509 title Solaris 10 (sparc) : 125719-60 NASL family Fedora Local Security Checks NASL id FEDORA_2008-0831.NASL description CVE-2007-5760: XFree86-Misc Extension Invalid Array Index Vulnerability CVE-2007-5958: Xorg / XFree86 file existence disclosure vulnerability CVE-2007-6427: XInput Extension Memory Corruption Vulnerability CVE-2007-6428: TOG-CUP Extension Memory Corruption Vulnerability CVE-2007-6429: EVI and MIT-SHM Extension Integer Overflow Vulnerability CVE-2008-0006: PCF Font Vulnerability - this patch isn last seen 2020-06-01 modified 2020-06-02 plugin id 30076 published 2008-01-27 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30076 title Fedora 7 : xorg-x11-server-1.3.0.0-15.fc7 (2008-0831) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0029.NASL description Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server last seen 2020-06-01 modified 2020-06-02 plugin id 30022 published 2008-01-21 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30022 title CentOS 3 : XFree86 (CESA-2008:0029) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0064.NASL description An updated X.Org libXfont package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libXfont package contains the X.Org X11 libXfont runtime library. A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) Users of X.Org libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 30004 published 2008-01-18 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30004 title RHEL 5 : libXfont (RHSA-2008:0064) NASL family Solaris Local Security Checks NASL id SOLARIS10_125719-55.NASL description X11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Jul/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107437 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107437 title Solaris 10 (sparc) : 125719-55 NASL family Solaris Local Security Checks NASL id SOLARIS10_125719-42.NASL description X11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Nov/28/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107435 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107435 title Solaris 10 (sparc) : 125719-42 NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2008-002.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-002 applied. This update contains several security fixes for a number of programs. last seen 2020-06-01 modified 2020-06-02 plugin id 31605 published 2008-03-19 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31605 title Mac OS X Multiple Vulnerabilities (Security Update 2008-002) NASL family Scientific Linux Local Security Checks NASL id SL_20080118_XFREE86_ON_SL3.NASL description Two integer overflow flaws were found in the XFree86 server last seen 2020-06-01 modified 2020-06-02 plugin id 60349 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60349 title Scientific Linux Security Update : XFree86 on SL3.x i386/x86_64 NASL family Solaris Local Security Checks NASL id SOLARIS10_125719-57.NASL description X11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Mar/09/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107439 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107439 title Solaris 10 (sparc) : 125719-57 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-571-2.NASL description USN-571-1 fixed vulnerabilities in X.org. The upstream fixes were incomplete, and under certain situations, applications using the MIT-SHM extension (e.g. Java, wxWidgets) would crash with BadAlloc X errors. This update fixes the problem. We apologize for the inconvenience. Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429) It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. (CVE-2007-5958) It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges. (CVE-2008-0006). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 30042 published 2008-01-21 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30042 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : xorg-server regression (USN-571-2) NASL family Fedora Local Security Checks NASL id FEDORA_2008-0891.NASL description CVE-2008-0006 Xorg / XFree86 PCF font parser buffer overflow Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 30079 published 2008-01-27 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30079 title Fedora 7 : libXfont-1.2.9-3.fc7 (2008-0891) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_38840.NASL description s700_800 11.31 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. The vulnerabilities could be exploited remotely to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 34738 published 2008-11-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34738 title HP-UX PHSS_38840 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2) NASL family Scientific Linux Local Security Checks NASL id SL_20080117_XORG_X11_ON_SL4_X.NASL description Two integer overflow flaws were found in the X.Org server last seen 2020-06-01 modified 2020-06-02 plugin id 60347 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60347 title Scientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64 NASL family Solaris Local Security Checks NASL id SOLARIS10_125719.NASL description X11 6.8.0: Xorg server patch. Date this patch was last updated by Sun : Jun/15/17 This plugin has been deprecated and either replaced with individual 125719 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 26989 published 2007-10-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=26989 title Solaris 10 (sparc) : 125719-58 (deprecated) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-024.NASL description A heap-based buffer overflow flaw was found in how the X.org server handled malformed font files that could allow a malicious local user to potentially execute arbitrary code with the privileges of the X.org server (CVE-2008-0006). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 36558 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36558 title Mandriva Linux Security Advisory : libxfont (MDVSA-2008:024) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0030.NASL description Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server last seen 2020-06-01 modified 2020-06-02 plugin id 30002 published 2008-01-18 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30002 title RHEL 4 : xorg-x11 (RHSA-2008:0030) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0030.NASL description From Red Hat Security Advisory 2008:0030 : Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server last seen 2020-06-01 modified 2020-06-02 plugin id 67635 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67635 title Oracle Linux 4 : xorg-x11 (ELSA-2008-0030) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_34392.NASL description s700_800 11.11 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. The vulnerabilities could be exploited remotely to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 34736 published 2008-11-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34736 title HP-UX PHSS_34392 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0030.NASL description Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server last seen 2020-06-01 modified 2020-06-02 plugin id 43667 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43667 title CentOS 4 : xorg-x11 (CESA-2008:0030) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0029.NASL description Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 18th January 2008] The original packages distributed with this errata had a bug which could cause some X applications to fail on 32-bit platforms. We have updated the packages to correct this bug. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. Two integer overflow flaws were found in the XFree86 server last seen 2020-06-01 modified 2020-06-02 plugin id 30001 published 2008-01-18 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30001 title RHEL 2.1 / 3 : XFree86 (RHSA-2008:0029) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_FE2B6597C9A411DC8DA80008A18A9961.NASL description Matthieu Herrb of X.Org reports : Several vulnerabilities have been identified in server code of the X window system caused by lack of proper input validation on user controlled data in various parts of the software, causing various kinds of overflows. Exploiting these overflows will crash the X server or, under certain circumstances allow the execution of arbitrary machine code. When the X server is running with root privileges (which is the case for the Xorg server and for most kdrive based servers), these vulnerabilities can thus also be used to raise privileges. All these vulnerabilities, to be exploited succesfully, require either an already established connection to a running X server (and normally running X servers are only accepting authenticated connections), or a shell access with a valid user on the machine where the vulnerable server is installed. last seen 2020-06-01 modified 2020-06-02 plugin id 30088 published 2008-01-27 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30088 title FreeBSD : xorg -- multiple vulnerabilities (fe2b6597-c9a4-11dc-8da8-0008a18a9961) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0064.NASL description From Red Hat Security Advisory 2008:0064 : An updated X.Org libXfont package that fixes a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libXfont package contains the X.Org X11 libXfont runtime library. A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) Users of X.Org libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67644 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67644 title Oracle Linux 5 : libXfont (ELSA-2008-0064) NASL family SuSE Local Security Checks NASL id SUSE_XGL-5099.NASL description This update fixes several integer overflows in Xgl (CVE-2007-6429, CVE-2007-1003, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006) last seen 2020-06-01 modified 2020-06-02 plugin id 31779 published 2008-04-04 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31779 title openSUSE 10 Security Update : xgl (xgl-5099) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1466.NASL description The X.org fix for CVE-2007-6429 introduced a regression in the MIT-SHM extension, which prevented the start of a few applications. This update provides updated packages for the xfree86 version included in Debian old stable (sarge) in addition to the fixed packages for Debian stable (etch), which were provided in DSA 1466-2. For reference the original advisory text below : Several local vulnerabilities have been discovered in the X.Org X server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5760 last seen 2020-06-01 modified 2020-06-02 plugin id 30059 published 2008-01-27 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30059 title Debian DSA-1466-1 : xorg-server - several vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2008-0794.NASL description CVE-2008-0006 Xorg / XFree86 PCF font parser buffer overflow Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 30074 published 2008-01-27 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30074 title Fedora 8 : libXfont-1.3.1-2.fc8 (2008-0794) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200801-09.NASL description The remote host is affected by the vulnerability described in GLSA-200801-09 (X.Org X server and Xfont library: Multiple vulnerabilities) regenrecht reported multiple vulnerabilities in various X server extension via iDefense: The XFree86-Misc extension does not properly sanitize a parameter within a PassMessage request, allowing the modification of a function pointer (CVE-2007-5760). Multiple functions in the XInput extension do not properly sanitize client requests for swapping bytes, leading to corruption of heap memory (CVE-2007-6427). Integer overflow vulnerabilities in the EVI extension and in the MIT-SHM extension can lead to buffer overflows (CVE-2007-6429). The TOG-CUP extension does not sanitize an index value in the ProcGetReservedColormapEntries() function, leading to arbitrary memory access (CVE-2007-6428). A buffer overflow was discovered in the Xfont library when processing PCF font files (CVE-2008-0006). The X server does not enforce restrictions when a user specifies a security policy file and attempts to open it (CVE-2007-5958). Impact : Remote attackers could exploit the vulnerability in the Xfont library by enticing a user to load a specially crafted PCF font file resulting in the execution of arbitrary code with the privileges of the user running the X server, typically root. Local attackers could exploit this and the vulnerabilities in the X.org extensions to gain elevated privileges. If the X server allows connections from the network, these vulnerabilities could be exploited remotely. A local attacker could determine the existence of arbitrary files by exploiting the last vulnerability or possibly cause a Denial of Service. Workaround : Workarounds for some of the vulnerabilities can be found in the X.Org security advisory as listed under References. last seen 2020-06-01 modified 2020-06-02 plugin id 30033 published 2008-01-21 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30033 title GLSA-200801-09 : X.Org X server and Xfont library: Multiple vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-571-1.NASL description Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429) It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. (CVE-2007-5958) It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges. (CVE-2008-0006). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 30019 published 2008-01-18 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30019 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libxfont, xorg-server vulnerabilities (USN-571-1)
Oval
| accepted | 2013-04-29T04:00:27.589-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table. | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:10021 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table. | ||||||||||||||||||||||||||||||||
| version | 28 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://bugs.gentoo.org/show_bug.cgi?id=204362
- http://docs.info.apple.com/article.html?artnum=307562
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
- http://jvn.jp/en/jp/JVN88935101/index.html
- http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://lists.freedesktop.org/archives/xorg/2008-January/031918.html
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
- http://secunia.com/advisories/28273
- http://secunia.com/advisories/28500
- http://secunia.com/advisories/28532
- http://secunia.com/advisories/28535
- http://secunia.com/advisories/28536
- http://secunia.com/advisories/28540
- http://secunia.com/advisories/28542
- http://secunia.com/advisories/28544
- http://secunia.com/advisories/28550
- http://secunia.com/advisories/28571
- http://secunia.com/advisories/28592
- http://secunia.com/advisories/28621
- http://secunia.com/advisories/28718
- http://secunia.com/advisories/28843
- http://secunia.com/advisories/28885
- http://secunia.com/advisories/28941
- http://secunia.com/advisories/29139
- http://secunia.com/advisories/29420
- http://secunia.com/advisories/29622
- http://secunia.com/advisories/29707
- http://secunia.com/advisories/30161
- http://secunia.com/advisories/32545
- http://security.gentoo.org/glsa/glsa-200801-09.xml
- http://security.gentoo.org/glsa/glsa-200804-05.xml
- http://securitytracker.com/id?1019232
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1
- http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm
- http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm
- http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
- http://www.kb.cert.org/vuls/id/203220
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:021
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:022
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:024
- http://www.openbsd.org/errata41.html#012_xorg
- http://www.openbsd.org/errata42.html#006_xorg
- http://www.redhat.com/support/errata/RHSA-2008-0029.html
- http://www.redhat.com/support/errata/RHSA-2008-0030.html
- http://www.redhat.com/support/errata/RHSA-2008-0064.html
- http://www.securityfocus.com/archive/1/487335/100/0/threaded
- http://www.securityfocus.com/bid/27336
- http://www.securityfocus.com/bid/27352
- http://www.vupen.com/english/advisories/2008/0179
- http://www.vupen.com/english/advisories/2008/0184
- http://www.vupen.com/english/advisories/2008/0497/references
- http://www.vupen.com/english/advisories/2008/0703
- http://www.vupen.com/english/advisories/2008/0924/references
- http://www.vupen.com/english/advisories/2008/3000
- http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities
- https://bugzilla.redhat.com/show_bug.cgi?id=428044
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39767
- https://issues.rpath.com/browse/RPL-2010
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10021
- https://usn.ubuntu.com/571-1/
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html