Vulnerabilities > CVE-2008-1377 - Numeric Errors vulnerability in X X11 R7.3

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
x
CWE-189
critical
nessus

Summary

The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.

Vulnerable Configurations

Part Description Count
Application
X
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12170.NASL
    descriptionThis update fixes multiple vulnerabilities reported by iDefense : - RENDER Extension heap buffer overflow. (CVE-2008-2360) - RENDER Extension crash. (CVE-2008-2361) - RENDER Extension memory corruption . (CVE-2008-2362) - MIT-SHM arbitrary memory read. (CVE-2008-1379) - RECORD and Security extensions memory corruption. (CVE-2008-1377)
    last seen2020-06-01
    modified2020-06-02
    plugin id41215
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41215
    titleSuSE9 Security Update : XFree86 (YOU Patch Number 12170)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41215);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:31");
    
      script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362");
    
      script_name(english:"SuSE9 Security Update : XFree86 (YOU Patch Number 12170)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes multiple vulnerabilities reported by iDefense :
    
      - RENDER Extension heap buffer overflow. (CVE-2008-2360)
    
      - RENDER Extension crash. (CVE-2008-2361)
    
      - RENDER Extension memory corruption . (CVE-2008-2362)
    
      - MIT-SHM arbitrary memory read. (CVE-2008-1379)
    
      - RECORD and Security extensions memory corruption.
        (CVE-2008-1377)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1377.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1379.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-2360.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-2361.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-2362.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12170.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", reference:"XFree86-Xnest-4.3.99.902-43.96")) flag++;
    if (rpm_check(release:"SUSE9", reference:"XFree86-Xprt-4.3.99.902-43.96")) flag++;
    if (rpm_check(release:"SUSE9", reference:"XFree86-Xvfb-4.3.99.902-43.96")) flag++;
    if (rpm_check(release:"SUSE9", reference:"XFree86-Xvnc-4.3.99.902-43.96")) flag++;
    if (rpm_check(release:"SUSE9", reference:"XFree86-server-4.3.99.902-43.96")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0502.NASL
    descriptionUpdated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. An input validation flaw was discovered in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id33170
    published2008-06-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33170
    titleCentOS 3 : XFree86 (CESA-2008:0502)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0502 and 
    # CentOS Errata and Security Advisory 2008:0502 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33170);
      script_version("1.17");
      script_cvs_date("Date: 2019/10/25 13:36:04");
    
      script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361");
      script_bugtraq_id(29665, 29666, 29668, 29669);
      script_xref(name:"RHSA", value:"2008:0502");
    
      script_name(english:"CentOS 3 : XFree86 (CESA-2008:0502)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated XFree86 packages that fix several security issues are now
    available for Red Hat Enterprise Linux 3.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    XFree86 is an implementation of the X Window System, which provides
    the core functionality for the Linux graphical desktop.
    
    An input validation flaw was discovered in X.org's Security and Record
    extensions. A malicious authorized client could exploit this issue to
    cause a denial of service (crash) or, potentially, execute arbitrary
    code with root privileges on the X.Org server. (CVE-2008-1377)
    
    Multiple integer overflow flaws were found in X.org's Render
    extension. A malicious authorized client could exploit these issues to
    cause a denial of service (crash) or, potentially, execute arbitrary
    code with root privileges on the X.Org server. (CVE-2008-2360,
    CVE-2008-2361)
    
    An input validation flaw was discovered in X.org's MIT-SHM extension.
    A client connected to the X.org server could read arbitrary server
    memory. This could result in the sensitive data of other users of the
    X.org server being disclosed. (CVE-2008-1379)
    
    Users of XFree86 are advised to upgrade to these updated packages,
    which contain backported patches to resolve these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2008-June/014973.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8dae8ca5"
      );
      # https://lists.centos.org/pipermail/centos-announce/2008-June/014974.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1a4d1a26"
      );
      # https://lists.centos.org/pipermail/centos-announce/2008-June/014981.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6af32cdc"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xfree86 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-14-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-14-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-15-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-15-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-2-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-2-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-9-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-9-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-Mesa-libGL");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-Mesa-libGLU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-Xnest");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-Xvfb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-base-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-cyrillic-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-font-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-libs-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-sdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-syriac-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-truetype-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-twm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-xauth");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-xdm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-xfs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/06/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-100dpi-fonts-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-75dpi-fonts-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-14-100dpi-fonts-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-14-75dpi-fonts-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-15-100dpi-fonts-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-15-75dpi-fonts-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-2-100dpi-fonts-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-2-75dpi-fonts-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-9-100dpi-fonts-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-9-75dpi-fonts-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-Mesa-libGL-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-Mesa-libGLU-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-Xnest-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-Xvfb-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-base-fonts-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-cyrillic-fonts-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-devel-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-doc-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-font-utils-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-libs-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-libs-data-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-sdk-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-syriac-fonts-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-tools-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-truetype-fonts-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-twm-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-xauth-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-xdm-4.3.0-128.EL")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"XFree86-xfs-4.3.0-128.EL")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "XFree86 / XFree86-100dpi-fonts / XFree86-75dpi-fonts / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-616-1.NASL
    descriptionMultiple flaws were found in the RENDER, RECORD, and Security extensions of X.org which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges or crash X. (CVE-2008-1377, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362) It was discovered that the MIT-SHM extension of X.org did not correctly validate the location of memory during an image copy. An authenticated attacker could exploit this to read arbitrary memory locations within X, exposing sensitive information. (CVE-2008-1379). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id33199
    published2008-06-16
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33199
    titleUbuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : xorg-server vulnerabilities (USN-616-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-616-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33199);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:33:02");
    
      script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362");
      script_bugtraq_id(29665, 29666, 29668, 29669, 29670);
      script_xref(name:"USN", value:"616-1");
    
      script_name(english:"Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : xorg-server vulnerabilities (USN-616-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple flaws were found in the RENDER, RECORD, and Security
    extensions of X.org which did not correctly validate function
    arguments. An authenticated attacker could send specially crafted
    requests and gain root privileges or crash X. (CVE-2008-1377,
    CVE-2008-2360, CVE-2008-2361, CVE-2008-2362)
    
    It was discovered that the MIT-SHM extension of X.org did not
    correctly validate the location of memory during an image copy. An
    authenticated attacker could exploit this to read arbitrary memory
    locations within X, exposing sensitive information. (CVE-2008-1379).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/616-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xdmx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xdmx-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xnest");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xprint");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xprint-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xephyr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xvfb");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(6\.06|7\.04|7\.10|8\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 7.04 / 7.10 / 8.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"6.06", pkgname:"xdmx", pkgver:"1.0.2-0ubuntu10.13")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"xdmx-tools", pkgver:"1.0.2-0ubuntu10.13")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"xnest", pkgver:"1.0.2-0ubuntu10.13")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"xserver-xorg-core", pkgver:"1:1.0.2-0ubuntu10.13")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"xserver-xorg-dev", pkgver:"1.0.2-0ubuntu10.13")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"xvfb", pkgver:"1.0.2-0ubuntu10.13")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"xdmx", pkgver:"1.2.0-3ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"xdmx-tools", pkgver:"1.2.0-3ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"xnest", pkgver:"1.2.0-3ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"xserver-xephyr", pkgver:"1.2.0-3ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"xserver-xorg-core", pkgver:"2:1.2.0-3ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"xserver-xorg-dev", pkgver:"1.2.0-3ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"xvfb", pkgver:"1.2.0-3ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xdmx", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xdmx-tools", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xnest", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xprint", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xprint-common", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xserver-xephyr", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xserver-xorg-core", pkgver:"2:1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xserver-xorg-core-dbg", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xserver-xorg-dev", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xvfb", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xnest", pkgver:"1.4.1~git20080131-1ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xserver-xephyr", pkgver:"1.4.1~git20080131-1ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xserver-xorg-core", pkgver:"2:1.4.1~git20080131-1ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xserver-xorg-core-dbg", pkgver:"1.4.1~git20080131-1ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xserver-xorg-dev", pkgver:"1.4.1~git20080131-1ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xvfb", pkgver:"1.4.1~git20080131-1ubuntu9.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xdmx / xdmx-tools / xnest / xprint / xprint-common / xserver-xephyr / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XORG-X11-SERVER-5316.NASL
    descriptionThis update fixes multiple vulnerabilities reported by iDefense : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption Additionally fixes for : - gnome-screensaver loses keyboard focus lock under compiz (CVE-2007-3920)
    last seen2020-06-01
    modified2020-06-02
    plugin id33166
    published2008-06-12
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33166
    titleopenSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-5316)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update xorg-x11-server-5316.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33166);
      script_version ("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:33");
    
      script_cve_id("CVE-2007-3920", "CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362");
    
      script_name(english:"openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-5316)");
      script_summary(english:"Check for the xorg-x11-server-5316 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes multiple vulnerabilities reported by iDefense :
    
      - CVE-2008-2360 - RENDER Extension heap buffer overflow
    
      - CVE-2008-2361 - RENDER Extension crash
    
      - CVE-2008-2362 - RENDER Extension memory corruption 
    
      - CVE-2008-1379 - MIT-SHM arbitrary memory read
    
      - CVE-2008-1377 - RECORD and Security extensions memory
        corruption Additionally fixes for :
    
      - gnome-screensaver loses keyboard focus lock under compiz
        (CVE-2007-3920)"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xorg-x11-server packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-sdk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.2", reference:"xorg-x11-server-7.2-30.15") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"xorg-x11-server-sdk-7.2-30.15") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server / xorg-x11-server-sdk");
    }
    
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_37972.NASL
    descriptions700_800 11.23 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. The vulnerabilities could be exploited remotely to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id34737
    published2008-11-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34737
    titleHP-UX PHSS_37972 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and patch checks in this plugin were 
    # extracted from HP patch PHSS_37972. The text itself is
    # copyright (C) Hewlett-Packard Development Company, L.P.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34737);
      script_version("1.17");
      script_cvs_date("Date: 2019/07/10 16:04:14");
    
      script_cve_id("CVE-2007-5958", "CVE-2007-6427", "CVE-2007-6429", "CVE-2008-0006", "CVE-2008-1377", "CVE-2008-1379");
      script_bugtraq_id(27350, 27351, 27352, 27353, 27356, 29666, 29669);
      script_xref(name:"HP", value:"emr_na-c01543321");
      script_xref(name:"HP", value:"HPSBUX02381");
      script_xref(name:"HP", value:"SSRT080083");
    
      script_name(english:"HP-UX PHSS_37972 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)");
      script_summary(english:"Checks for the patch in the swlist output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote HP-UX host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "s700_800 11.23 Xserver cumulative patch : 
    
    Potential security vulnerabilities have been identified with HP-UX
    running Xserver. The vulnerabilities could be exploited remotely to
    execute arbitrary code."
      );
      # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a1fab10d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install patch PHSS_37972 or subsequent."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(119, 189, 200, 362, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/01/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/05/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/11/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"HP-UX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("hpux.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
    if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if (!hpux_check_ctx(ctx:"11.23"))
    {
      exit(0, "The host is not affected since PHSS_37972 applies to a different OS release.");
    }
    
    patches = make_list("PHSS_37972", "PHSS_39257", "PHSS_40810", "PHSS_41260");
    foreach patch (patches)
    {
      if (hpux_installed(app:patch))
      {
        exit(0, "The host is not affected because patch "+patch+" is installed.");
      }
    }
    
    
    flag = 0;
    if (hpux_check_patch(app:"Xserver.AGRM", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.DDX-ADVANCED", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.DDX-ENTRY", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.DDX-LOAD", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.DDX-SAM", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.DDX-SLS", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.DDX-UTILS", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.OEM-SERVER", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.OEM-SERVER-PA", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.X11-SERV", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.X11-SERV-MAN", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-DBE", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-DBE-MAN", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-DPMS", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-DPMS-MAN", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-HPCR", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-HPCR-MAN", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-MBX", version:"B.11.23")) flag++;
    if (hpux_check_patch(app:"Xserver.XEXT-RECORD", version:"B.11.23")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_XORG-X11-XVNC-080616.NASL
    descriptionThis update fixes multiple vulnerabilities reported by iDefense : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption
    last seen2020-06-01
    modified2020-06-02
    plugin id40158
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40158
    titleopenSUSE Security Update : xorg-x11-Xvnc (xorg-x11-Xvnc-36)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update xorg-x11-Xvnc-36.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40158);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:31");
    
      script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362");
    
      script_name(english:"openSUSE Security Update : xorg-x11-Xvnc (xorg-x11-Xvnc-36)");
      script_summary(english:"Check for the xorg-x11-Xvnc-36 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes multiple vulnerabilities reported by iDefense :
    
      - CVE-2008-2360 - RENDER Extension heap buffer overflow
    
      - CVE-2008-2361 - RENDER Extension crash
    
      - CVE-2008-2362 - RENDER Extension memory corruption 
    
      - CVE-2008-1379 - MIT-SHM arbitrary memory read
    
      - CVE-2008-1377 - RECORD and Security extensions memory
        corruption"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=374318"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xorg-x11-Xvnc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-Xvnc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-sdk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.0", reference:"xorg-x11-Xvnc-7.3-110.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"xorg-x11-server-7.3-110.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"xorg-x11-server-extra-7.3-110.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"xorg-x11-server-sdk-7.3-110.2") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-Xvnc / xorg-x11-server / xorg-x11-server-extra / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0502.NASL
    descriptionUpdated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. An input validation flaw was discovered in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id33151
    published2008-06-12
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33151
    titleRHEL 3 : XFree86 (RHSA-2008:0502)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2008:0502. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33151);
      script_version ("1.28");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361");
      script_bugtraq_id(29665, 29666, 29668, 29669);
      script_xref(name:"RHSA", value:"2008:0502");
    
      script_name(english:"RHEL 3 : XFree86 (RHSA-2008:0502)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated XFree86 packages that fix several security issues are now
    available for Red Hat Enterprise Linux 3.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    XFree86 is an implementation of the X Window System, which provides
    the core functionality for the Linux graphical desktop.
    
    An input validation flaw was discovered in X.org's Security and Record
    extensions. A malicious authorized client could exploit this issue to
    cause a denial of service (crash) or, potentially, execute arbitrary
    code with root privileges on the X.Org server. (CVE-2008-1377)
    
    Multiple integer overflow flaws were found in X.org's Render
    extension. A malicious authorized client could exploit these issues to
    cause a denial of service (crash) or, potentially, execute arbitrary
    code with root privileges on the X.Org server. (CVE-2008-2360,
    CVE-2008-2361)
    
    An input validation flaw was discovered in X.org's MIT-SHM extension.
    A client connected to the X.org server could read arbitrary server
    memory. This could result in the sensitive data of other users of the
    X.org server being disclosed. (CVE-2008-1379)
    
    Users of XFree86 are advised to upgrade to these updated packages,
    which contain backported patches to resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1377"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-1379"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-2360"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2008-2361"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2008:0502"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-14-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-14-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-15-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-15-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-2-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-2-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-9-100dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-9-75dpi-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Mesa-libGL");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Mesa-libGLU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Xnest");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Xvfb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-base-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-cyrillic-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-font-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-libs-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-sdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-syriac-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-truetype-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-twm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-xauth");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-xdm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-xfs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/06/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2008:0502";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"XFree86-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-100dpi-fonts-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-75dpi-fonts-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-14-100dpi-fonts-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-14-75dpi-fonts-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-15-100dpi-fonts-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-15-75dpi-fonts-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-2-100dpi-fonts-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-2-75dpi-fonts-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-9-100dpi-fonts-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-9-75dpi-fonts-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-Mesa-libGL-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-Mesa-libGLU-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-Xnest-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-Xvfb-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-base-fonts-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-cyrillic-fonts-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-devel-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i386", reference:"XFree86-doc-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"XFree86-doc-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-font-utils-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-libs-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-libs-data-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"i386", reference:"XFree86-sdk-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"XFree86-sdk-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-syriac-fonts-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-tools-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-truetype-fonts-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-twm-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-xauth-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-xdm-4.3.0-128.EL")) flag++;
      if (rpm_check(release:"RHEL3", reference:"XFree86-xfs-4.3.0-128.EL")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "XFree86 / XFree86-100dpi-fonts / XFree86-75dpi-fonts / etc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-5279.NASL
    descriptionFor further details, see X.org security advisory: http://lists.freedesktop.org/archives/xorg/2008-June/036026.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id33180
    published2008-06-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33180
    titleFedora 8 : xorg-x11-server-1.3.0.0-46.fc8 (2008-5279)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2008-5279.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33180);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:27");
    
      script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362");
      script_xref(name:"FEDORA", value:"2008-5279");
    
      script_name(english:"Fedora 8 : xorg-x11-server-1.3.0.0-46.fc8 (2008-5279)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "For further details, see X.org security advisory:
    http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=445403"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=445414"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=448783"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=448784"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=448785"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-June/011389.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bad471f1"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xorg-x11-server package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC8", reference:"xorg-x11-server-1.3.0.0-46.fc8")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0503.NASL
    descriptionFrom Red Hat Security Advisory 2008:0503 : Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An input validation flaw was discovered in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id67701
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67701
    titleOracle Linux 4 : xorg-x11 (ELSA-2008-0503)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1595.NASL
    descriptionSeveral local vulnerabilities have been discovered in the X Window system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-1377 Lack of validation of the parameters of the SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions makes it possible for a specially crafted request to trigger the swapping of bytes outside the parameter of these requests, causing memory corruption. - CVE-2008-1379 An integer overflow in the validation of the parameters of the ShmPutImage() request makes it possible to trigger the copy of arbitrary server memory to a pixmap that can subsequently be read by the client, to read arbitrary parts of the X server memory space. - CVE-2008-2360 An integer overflow may occur in the computation of the size of the glyph to be allocated by the AllocateGlyph() function which will cause less memory to be allocated than expected, leading to later heap overflow. - CVE-2008-2361 An integer overflow may occur in the computation of the size of the glyph to be allocated by the ProcRenderCreateCursor() function which will cause less memory to be allocated than expected, leading later to dereferencing un-mapped memory, causing a crash of the X server. - CVE-2008-2362 Integer overflows can also occur in the code validating the parameters for the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient and SProcRenderCreateConicalGradient functions, leading to memory corruption by swapping bytes outside of the intended request parameters.
    last seen2020-06-01
    modified2020-06-02
    plugin id33176
    published2008-06-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33176
    titleDebian DSA-1595-1 : xorg-server - several vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2009-001.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm
    last seen2020-06-01
    modified2020-06-02
    plugin id35684
    published2009-02-13
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35684
    titleMac OS X Multiple Vulnerabilities (Security Update 2009-001)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XGL-5528.NASL
    descriptionThis update fixes multiple vulnerabilities reported by iDefense for the included X server : - RENDER Extension heap buffer overflow. (CVE-2008-2360) - RENDER Extension crash. (CVE-2008-2361) - RENDER Extension memory corruption. (CVE-2008-2362) - MIT-SHM arbitrary memory read. (CVE-2008-1379) - RECORD and Security extensions memory corruption. (CVE-2008-1377)
    last seen2020-06-01
    modified2020-06-02
    plugin id34303
    published2008-09-28
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34303
    titleSuSE 10 Security Update : Xgl (ZYPP Patch Number 5528)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XGL-5526.NASL
    descriptionThis update fixes multiple vulnerabilities reported by iDefense for the included X server : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption
    last seen2020-06-01
    modified2020-06-02
    plugin id34302
    published2008-09-28
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34302
    titleopenSUSE 10 Security Update : xgl (xgl-5526)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_XGL-080815.NASL
    descriptionThis update fixes multiple vulnerabilities reported by iDefense for the included X server : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption
    last seen2020-06-01
    modified2020-06-02
    plugin id40155
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40155
    titleopenSUSE Security Update : xgl (xgl-155)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-116.NASL
    descriptionAn input validation flaw was found in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id38138
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38138
    titleMandriva Linux Security Advisory : x11-server (MDVSA-2008:116)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080611_XFREE86_ON_SL3_X.NASL
    descriptionAn input validation flaw was discovered in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id60420
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60420
    titleScientific Linux Security Update : XFree86 on SL3.x i386/x86_64
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0504.NASL
    descriptionUpdated xorg-x11-server packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. X.Org is an open source implementation of the X Window System. It provides basic low-level functionality that full-fledged graphical user interfaces are designed upon. An input validation flaw was discovered in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id43690
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43690
    titleCentOS 5 : xorg-x11-server (CESA-2008:0504)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0512.NASL
    descriptionUpdated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. An input validation flaw was discovered in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id33154
    published2008-06-12
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33154
    titleRHEL 2.1 : XFree86 (RHSA-2008:0512)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_800E8BD53ACB11DD8842001302A18722.NASL
    descriptionMatthieu Herrb of X.Org reports : Several vulnerabilities have been found in the server-side code of some extensions in the X Window System. Improper validation of client-provided data can cause data corruption. Exploiting these overflows will crash the X server or, under certain circumstances allow the execution of arbitrary machine code. When the X server is running with root privileges (which is the case for the Xorg server and for most kdrive based servers), these vulnerabilities can thus also be used to raise privileges. All these vulnerabilities, to be exploited successfully, require either an already established connection to a running X server (and normally running X servers are only accepting authenticated connections), or a shell access with a valid user on the machine where the vulnerable server is installed.
    last seen2020-06-01
    modified2020-06-02
    plugin id33187
    published2008-06-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33187
    titleFreeBSD : xorg -- multiple vulnerabilities (800e8bd5-3acb-11dd-8842-001302a18722)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0504.NASL
    descriptionUpdated xorg-x11-server packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. X.Org is an open source implementation of the X Window System. It provides basic low-level functionality that full-fledged graphical user interfaces are designed upon. An input validation flaw was discovered in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id33153
    published2008-06-12
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33153
    titleRHEL 5 : xorg-x11-server (RHSA-2008:0504)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080611_XORG_X11_ON_SL4_X.NASL
    descriptionAn input validation flaw was discovered in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id60422
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60422
    titleScientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_38840.NASL
    descriptions700_800 11.31 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. The vulnerabilities could be exploited remotely to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id34738
    published2008-11-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34738
    titleHP-UX PHSS_38840 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0503.NASL
    descriptionUpdated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An input validation flaw was discovered in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id33364
    published2008-07-02
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33364
    titleCentOS 4 : xorg-x11 (CESA-2008:0503)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0504.NASL
    descriptionFrom Red Hat Security Advisory 2008:0504 : Updated xorg-x11-server packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. X.Org is an open source implementation of the X Window System. It provides basic low-level functionality that full-fledged graphical user interfaces are designed upon. An input validation flaw was discovered in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id67702
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67702
    titleOracle Linux 5 : xorg-x11-server (ELSA-2008-0504)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2008-183-01.NASL
    descriptionNew xorg-server packages are available for Slackware 12.1 and -current to fix security issues in xorg-server 1.4 prior to version 1.4.2.
    last seen2020-06-01
    modified2020-06-02
    plugin id33398
    published2008-07-08
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33398
    titleSlackware 12.1 / current : xorg-server (SSA:2008-183-01)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080611_XORG_X11_SERVER_ON_SL5_X.NASL
    descriptionAn input validation flaw was discovered in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id60423
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60423
    titleScientific Linux Security Update : xorg-x11-server on SL5.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XORG-X11-XVNC-5317.NASL
    descriptionThis update fixes multiple vulnerabilities reported by iDefense : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption Additionally fixes for : - XvReputImage crashes due to Nulled PortPriv->pDraw - gnome-screensaver loses keyboard focus lock under compiz (CVE-2007-3920)
    last seen2020-06-01
    modified2020-06-02
    plugin id33165
    published2008-06-12
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33165
    titleopenSUSE 10 Security Update : xorg-x11-Xvnc (xorg-x11-Xvnc-5317)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-5285.NASL
    descriptionFor further details, see X.org security advisory: http://lists.freedesktop.org/archives/xorg/2008-June/036026.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id33181
    published2008-06-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33181
    titleFedora 7 : xorg-x11-server-1.3.0.0-17.fc7 (2008-5285)
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_34392.NASL
    descriptions700_800 11.11 Xserver cumulative patch : Potential security vulnerabilities have been identified with HP-UX running Xserver. The vulnerabilities could be exploited remotely to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id34736
    published2008-11-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34736
    titleHP-UX PHSS_34392 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0502.NASL
    descriptionFrom Red Hat Security Advisory 2008:0502 : Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. An input validation flaw was discovered in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id67700
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67700
    titleOracle Linux 3 : XFree86 (ELSA-2008-0502)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XORG-X11-XNEST-5321.NASL
    descriptionThis update fixes multiple vulnerabilities reported by iDefense : - RENDER Extension heap buffer overflow. (CVE-2008-2360) - RENDER Extension crash. (CVE-2008-2361) - RENDER Extension memory corruption. (CVE-2008-2362) - MIT-SHM arbitrary memory read. (CVE-2008-1379) - RECORD and Security extensions memory corruption. (CVE-2008-1377)
    last seen2020-06-01
    modified2020-06-02
    plugin id33164
    published2008-06-12
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33164
    titleSuSE 10 Security Update : X.org (ZYPP Patch Number 5321)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200806-07.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200806-07 (X.Org X server: Multiple vulnerabilities) Regenrecht reported multiple vulnerabilities in various X server extensions via iDefense: The SProcSecurityGenerateAuthorization() and SProcRecordCreateContext() functions of the RECORD and Security extensions are lacking proper parameter validation (CVE-2008-1377). An integer overflow is possible in the function ShmPutImage() of the MIT-SHM extension (CVE-2008-1379). The RENDER extension contains several possible integer overflows in the AllocateGlyph() function (CVE-2008-2360) which could possibly lead to a heap-based buffer overflow. Further possible integer overflows have been found in the ProcRenderCreateCursor() function (CVE-2008-2361) as well as in the SProcRenderCreateLinearGradient(), SProcRenderCreateRadialGradient() and SProcRenderCreateConicalGradient() functions (CVE-2008-2362). Impact : Exploitation of these vulnerabilities could possibly lead to the remote execution of arbitrary code with root privileges, if the server is running as root, which is the default. It is also possible to crash the server by making use of these vulnerabilities. Workaround : It is possible to avoid these vulnerabilities by disabling the affected server extensions. Therefore edit the configuration file (/etc/X11/xorg.conf) to contain the following in the appropriate places: Section
    last seen2020-06-01
    modified2020-06-02
    plugin id33243
    published2008-06-24
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33243
    titleGLSA-200806-07 : X.Org X server: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0503.NASL
    descriptionUpdated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An input validation flaw was discovered in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id33152
    published2008-06-12
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33152
    titleRHEL 4 : xorg-x11 (RHSA-2008:0503)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-5254.NASL
    descriptionFor further details, see X.org security advisory: http://lists.freedesktop.org/archives/xorg/2008-June/036026.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id33179
    published2008-06-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33179
    titleFedora 9 : xorg-x11-server-1.4.99.902-3.20080612.fc9 (2008-5254)

Oval

accepted2013-04-29T04:01:44.981-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionThe (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
familyunix
idoval:org.mitre.oval:def:10109
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
version28

Redhat

advisories
  • rhsa
    idRHSA-2008:0502
  • rhsa
    idRHSA-2008:0503
  • rhsa
    idRHSA-2008:0504
  • rhsa
    idRHSA-2008:0512
rpms
  • XFree86-0:4.3.0-128.EL
  • XFree86-100dpi-fonts-0:4.3.0-128.EL
  • XFree86-75dpi-fonts-0:4.3.0-128.EL
  • XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-128.EL
  • XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-128.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-128.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-128.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-128.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-128.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-128.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-128.EL
  • XFree86-Mesa-libGL-0:4.3.0-128.EL
  • XFree86-Mesa-libGLU-0:4.3.0-128.EL
  • XFree86-Xnest-0:4.3.0-128.EL
  • XFree86-Xvfb-0:4.3.0-128.EL
  • XFree86-base-fonts-0:4.3.0-128.EL
  • XFree86-cyrillic-fonts-0:4.3.0-128.EL
  • XFree86-devel-0:4.3.0-128.EL
  • XFree86-doc-0:4.3.0-128.EL
  • XFree86-font-utils-0:4.3.0-128.EL
  • XFree86-libs-0:4.3.0-128.EL
  • XFree86-libs-data-0:4.3.0-128.EL
  • XFree86-sdk-0:4.3.0-128.EL
  • XFree86-syriac-fonts-0:4.3.0-128.EL
  • XFree86-tools-0:4.3.0-128.EL
  • XFree86-truetype-fonts-0:4.3.0-128.EL
  • XFree86-twm-0:4.3.0-128.EL
  • XFree86-xauth-0:4.3.0-128.EL
  • XFree86-xdm-0:4.3.0-128.EL
  • XFree86-xfs-0:4.3.0-128.EL
  • xorg-x11-0:6.8.2-1.EL.33.0.4
  • xorg-x11-Mesa-libGL-0:6.8.2-1.EL.33.0.4
  • xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.33.0.4
  • xorg-x11-Xdmx-0:6.8.2-1.EL.33.0.4
  • xorg-x11-Xnest-0:6.8.2-1.EL.33.0.4
  • xorg-x11-Xvfb-0:6.8.2-1.EL.33.0.4
  • xorg-x11-deprecated-libs-0:6.8.2-1.EL.33.0.4
  • xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.33.0.4
  • xorg-x11-devel-0:6.8.2-1.EL.33.0.4
  • xorg-x11-doc-0:6.8.2-1.EL.33.0.4
  • xorg-x11-font-utils-0:6.8.2-1.EL.33.0.4
  • xorg-x11-libs-0:6.8.2-1.EL.33.0.4
  • xorg-x11-sdk-0:6.8.2-1.EL.33.0.4
  • xorg-x11-tools-0:6.8.2-1.EL.33.0.4
  • xorg-x11-twm-0:6.8.2-1.EL.33.0.4
  • xorg-x11-xauth-0:6.8.2-1.EL.33.0.4
  • xorg-x11-xdm-0:6.8.2-1.EL.33.0.4
  • xorg-x11-xfs-0:6.8.2-1.EL.33.0.4
  • xorg-x11-server-Xdmx-0:1.1.1-48.41.el5_2.1
  • xorg-x11-server-Xephyr-0:1.1.1-48.41.el5_2.1
  • xorg-x11-server-Xnest-0:1.1.1-48.41.el5_2.1
  • xorg-x11-server-Xorg-0:1.1.1-48.41.el5_2.1
  • xorg-x11-server-Xvfb-0:1.1.1-48.41.el5_2.1
  • xorg-x11-server-debuginfo-0:1.1.1-48.41.el5_2.1
  • xorg-x11-server-sdk-0:1.1.1-48.41.el5_2.1
  • XFree86-0:4.1.0-88.EL
  • XFree86-100dpi-fonts-0:4.1.0-88.EL
  • XFree86-75dpi-fonts-0:4.1.0-88.EL
  • XFree86-ISO8859-15-100dpi-fonts-0:4.1.0-88.EL
  • XFree86-ISO8859-15-75dpi-fonts-0:4.1.0-88.EL
  • XFree86-ISO8859-2-100dpi-fonts-0:4.1.0-88.EL
  • XFree86-ISO8859-2-75dpi-fonts-0:4.1.0-88.EL
  • XFree86-ISO8859-9-100dpi-fonts-0:4.1.0-88.EL
  • XFree86-ISO8859-9-75dpi-fonts-0:4.1.0-88.EL
  • XFree86-Xnest-0:4.1.0-88.EL
  • XFree86-Xvfb-0:4.1.0-88.EL
  • XFree86-cyrillic-fonts-0:4.1.0-88.EL
  • XFree86-devel-0:4.1.0-88.EL
  • XFree86-doc-0:4.1.0-88.EL
  • XFree86-libs-0:4.1.0-88.EL
  • XFree86-tools-0:4.1.0-88.EL
  • XFree86-twm-0:4.1.0-88.EL
  • XFree86-xdm-0:4.1.0-88.EL
  • XFree86-xf86cfg-0:4.1.0-88.EL
  • XFree86-xfs-0:4.1.0-88.EL

References