Vulnerabilities > CVE-2008-2361 - Numeric Errors vulnerability in Xorg X11 R7.3

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

xorg

CWE-189

nessus

NVD

Published: 2008-06-16

Updated: 2024-11-21

Summary

Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory.

Vulnerable Configurations

Part	Description	Count
Application	Xorg Xorg X11 R7.3	1

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	SuSE Local Security Checks
NASL id	SUSE9_12170.NASL
description	This update fixes multiple vulnerabilities reported by iDefense : - RENDER Extension heap buffer overflow. (CVE-2008-2360) - RENDER Extension crash. (CVE-2008-2361) - RENDER Extension memory corruption . (CVE-2008-2362) - MIT-SHM arbitrary memory read. (CVE-2008-1379) - RECORD and Security extensions memory corruption. (CVE-2008-1377)
last seen	2020-06-01
modified	2020-06-02
plugin id	41215
published	2009-09-24
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/41215
title	SuSE9 Security Update : XFree86 (YOU Patch Number 12170)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41215); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362"); script_name(english:"SuSE9 Security Update : XFree86 (YOU Patch Number 12170)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update fixes multiple vulnerabilities reported by iDefense : - RENDER Extension heap buffer overflow. (CVE-2008-2360) - RENDER Extension crash. (CVE-2008-2361) - RENDER Extension memory corruption . (CVE-2008-2362) - MIT-SHM arbitrary memory read. (CVE-2008-1379) - RECORD and Security extensions memory corruption. (CVE-2008-1377)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1377.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1379.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2360.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2361.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2362.html" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12170."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/06/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"XFree86-Xnest-4.3.99.902-43.96")) flag++; if (rpm_check(release:"SUSE9", reference:"XFree86-Xprt-4.3.99.902-43.96")) flag++; if (rpm_check(release:"SUSE9", reference:"XFree86-Xvfb-4.3.99.902-43.96")) flag++; if (rpm_check(release:"SUSE9", reference:"XFree86-Xvnc-4.3.99.902-43.96")) flag++; if (rpm_check(release:"SUSE9", reference:"XFree86-server-4.3.99.902-43.96")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0502.NASL
description	Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. An input validation flaw was discovered in X.org
last seen	2020-06-01
modified	2020-06-02
plugin id	33170
published	2008-06-16
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33170
title	CentOS 3 : XFree86 (CESA-2008:0502)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0502 and # CentOS Errata and Security Advisory 2008:0502 respectively. # include("compat.inc"); if (description) { script_id(33170); script_version("1.17"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361"); script_bugtraq_id(29665, 29666, 29668, 29669); script_xref(name:"RHSA", value:"2008:0502"); script_name(english:"CentOS 3 : XFree86 (CESA-2008:0502)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. An input validation flaw was discovered in X.org's Security and Record extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or, potentially, execute arbitrary code with root privileges on the X.Org server. (CVE-2008-1377) Multiple integer overflow flaws were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or, potentially, execute arbitrary code with root privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361) An input validation flaw was discovered in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory. This could result in the sensitive data of other users of the X.org server being disclosed. (CVE-2008-1379) Users of XFree86 are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); # https://lists.centos.org/pipermail/centos-announce/2008-June/014973.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8dae8ca5" ); # https://lists.centos.org/pipermail/centos-announce/2008-June/014974.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1a4d1a26" ); # https://lists.centos.org/pipermail/centos-announce/2008-June/014981.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6af32cdc" ); script_set_attribute( attribute:"solution", value:"Update the affected xfree86 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-14-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-14-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-15-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-15-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-2-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-2-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-9-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-ISO8859-9-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-Mesa-libGL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-Mesa-libGLU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-base-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-cyrillic-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-font-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-libs-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-sdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-syriac-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-truetype-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-twm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-xauth"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-xdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:XFree86-xfs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/06/16"); script_set_attribute(attribute:"patch_publication_date", value:"2008/06/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"XFree86-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-100dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-75dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-14-100dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-14-75dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-15-100dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-15-75dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-2-100dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-2-75dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-9-100dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-ISO8859-9-75dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-Mesa-libGL-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-Mesa-libGLU-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-Xnest-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-Xvfb-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-base-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-cyrillic-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-devel-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-doc-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-font-utils-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-libs-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-libs-data-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-sdk-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-syriac-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-tools-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-truetype-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-twm-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-xauth-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-xdm-4.3.0-128.EL")) flag++; if (rpm_check(release:"CentOS-3", reference:"XFree86-xfs-4.3.0-128.EL")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "XFree86 / XFree86-100dpi-fonts / XFree86-75dpi-fonts / etc"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-616-1.NASL
description	Multiple flaws were found in the RENDER, RECORD, and Security extensions of X.org which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges or crash X. (CVE-2008-1377, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362) It was discovered that the MIT-SHM extension of X.org did not correctly validate the location of memory during an image copy. An authenticated attacker could exploit this to read arbitrary memory locations within X, exposing sensitive information. (CVE-2008-1379). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	33199
published	2008-06-16
reporter	Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33199
title	Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : xorg-server vulnerabilities (USN-616-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-616-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(33199); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362"); script_bugtraq_id(29665, 29666, 29668, 29669, 29670); script_xref(name:"USN", value:"616-1"); script_name(english:"Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : xorg-server vulnerabilities (USN-616-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Multiple flaws were found in the RENDER, RECORD, and Security extensions of X.org which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges or crash X. (CVE-2008-1377, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362) It was discovered that the MIT-SHM extension of X.org did not correctly validate the location of memory during an image copy. An authenticated attacker could exploit this to read arbitrary memory locations within X, exposing sensitive information. (CVE-2008-1379). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/616-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xdmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xdmx-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xprint"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xprint-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xephyr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xvfb"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"patch_publication_date", value:"2008/06/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06\|7\.04\|7\.10\|8\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 7.04 / 7.10 / 8.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"xdmx", pkgver:"1.0.2-0ubuntu10.13")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"xdmx-tools", pkgver:"1.0.2-0ubuntu10.13")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"xnest", pkgver:"1.0.2-0ubuntu10.13")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"xserver-xorg-core", pkgver:"1:1.0.2-0ubuntu10.13")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"xserver-xorg-dev", pkgver:"1.0.2-0ubuntu10.13")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"xvfb", pkgver:"1.0.2-0ubuntu10.13")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"xdmx", pkgver:"1.2.0-3ubuntu8.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"xdmx-tools", pkgver:"1.2.0-3ubuntu8.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"xnest", pkgver:"1.2.0-3ubuntu8.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"xserver-xephyr", pkgver:"1.2.0-3ubuntu8.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"xserver-xorg-core", pkgver:"2:1.2.0-3ubuntu8.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"xserver-xorg-dev", pkgver:"1.2.0-3ubuntu8.4")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"xvfb", pkgver:"1.2.0-3ubuntu8.4")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"xdmx", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"xdmx-tools", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"xnest", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"xprint", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"xprint-common", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"xserver-xephyr", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"xserver-xorg-core", pkgver:"2:1.3.0.0.dfsg-12ubuntu8.4")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"xserver-xorg-core-dbg", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"xserver-xorg-dev", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"xvfb", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xnest", pkgver:"1.4.1~git20080131-1ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xserver-xephyr", pkgver:"1.4.1~git20080131-1ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xserver-xorg-core", pkgver:"2:1.4.1~git20080131-1ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xserver-xorg-core-dbg", pkgver:"1.4.1~git20080131-1ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xserver-xorg-dev", pkgver:"1.4.1~git20080131-1ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"xvfb", pkgver:"1.4.1~git20080131-1ubuntu9.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xdmx / xdmx-tools / xnest / xprint / xprint-common / xserver-xephyr / etc"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_XORG-X11-SERVER-5316.NASL
description	This update fixes multiple vulnerabilities reported by iDefense : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption Additionally fixes for : - gnome-screensaver loses keyboard focus lock under compiz (CVE-2007-3920)
last seen	2020-06-01
modified	2020-06-02
plugin id	33166
published	2008-06-12
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33166
title	openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-5316)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update xorg-x11-server-5316. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(33166); script_version ("1.10"); script_cvs_date("Date: 2019/10/25 13:36:33"); script_cve_id("CVE-2007-3920", "CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362"); script_name(english:"openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-5316)"); script_summary(english:"Check for the xorg-x11-server-5316 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes multiple vulnerabilities reported by iDefense : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption Additionally fixes for : - gnome-screensaver loses keyboard focus lock under compiz (CVE-2007-3920)" ); script_set_attribute( attribute:"solution", value:"Update the affected xorg-x11-server packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-sdk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"patch_publication_date", value:"2008/06/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.2", reference:"xorg-x11-server-7.2-30.15") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"xorg-x11-server-sdk-7.2-30.15") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server / xorg-x11-server-sdk"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_0_XORG-X11-XVNC-080616.NASL
description	This update fixes multiple vulnerabilities reported by iDefense : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption
last seen	2020-06-01
modified	2020-06-02
plugin id	40158
published	2009-07-21
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40158
title	openSUSE Security Update : xorg-x11-Xvnc (xorg-x11-Xvnc-36)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update xorg-x11-Xvnc-36. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(40158); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:31"); script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362"); script_name(english:"openSUSE Security Update : xorg-x11-Xvnc (xorg-x11-Xvnc-36)"); script_summary(english:"Check for the xorg-x11-Xvnc-36 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes multiple vulnerabilities reported by iDefense : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=374318" ); script_set_attribute( attribute:"solution", value:"Update the affected xorg-x11-Xvnc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-Xvnc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-sdk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/06/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"xorg-x11-Xvnc-7.3-110.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"xorg-x11-server-7.3-110.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"xorg-x11-server-extra-7.3-110.2") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"xorg-x11-server-sdk-7.3-110.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-Xvnc / xorg-x11-server / xorg-x11-server-extra / etc"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0502.NASL
description	Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. An input validation flaw was discovered in X.org
last seen	2020-06-01
modified	2020-06-02
plugin id	33151
published	2008-06-12
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33151
title	RHEL 3 : XFree86 (RHSA-2008:0502)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0502. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(33151); script_version ("1.28"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361"); script_bugtraq_id(29665, 29666, 29668, 29669); script_xref(name:"RHSA", value:"2008:0502"); script_name(english:"RHEL 3 : XFree86 (RHSA-2008:0502)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. An input validation flaw was discovered in X.org's Security and Record extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or, potentially, execute arbitrary code with root privileges on the X.Org server. (CVE-2008-1377) Multiple integer overflow flaws were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or, potentially, execute arbitrary code with root privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361) An input validation flaw was discovered in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory. This could result in the sensitive data of other users of the X.org server being disclosed. (CVE-2008-1379) Users of XFree86 are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-1377" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-1379" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-2360" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-2361" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0502" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-14-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-14-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-15-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-15-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-2-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-2-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-9-100dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-ISO8859-9-75dpi-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Mesa-libGL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Mesa-libGLU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Xnest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-Xvfb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-base-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-cyrillic-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-font-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-libs-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-sdk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-syriac-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-truetype-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-twm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-xauth"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-xdm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:XFree86-xfs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/06/16"); script_set_attribute(attribute:"patch_publication_date", value:"2008/06/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0502"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"XFree86-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-100dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-75dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-14-100dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-14-75dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-15-100dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-15-75dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-2-100dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-2-75dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-9-100dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-ISO8859-9-75dpi-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-Mesa-libGL-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-Mesa-libGLU-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-Xnest-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-Xvfb-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-base-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-cyrillic-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-devel-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"XFree86-doc-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"XFree86-doc-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-font-utils-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-libs-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-libs-data-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"XFree86-sdk-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"x86_64", reference:"XFree86-sdk-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-syriac-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-tools-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-truetype-fonts-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-twm-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-xauth-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-xdm-4.3.0-128.EL")) flag++; if (rpm_check(release:"RHEL3", reference:"XFree86-xfs-4.3.0-128.EL")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "XFree86 / XFree86-100dpi-fonts / XFree86-75dpi-fonts / etc"); } }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-5279.NASL
description	For further details, see X.org security advisory: http://lists.freedesktop.org/archives/xorg/2008-June/036026.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	33180
published	2008-06-16
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33180
title	Fedora 8 : xorg-x11-server-1.3.0.0-46.fc8 (2008-5279)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-5279. # include("compat.inc"); if (description) { script_id(33180); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:27"); script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362"); script_xref(name:"FEDORA", value:"2008-5279"); script_name(english:"Fedora 8 : xorg-x11-server-1.3.0.0-46.fc8 (2008-5279)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "For further details, see X.org security advisory: http://lists.freedesktop.org/archives/xorg/2008-June/036026.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://lists.freedesktop.org/archives/xorg/2008-June/036026.html script_set_attribute( attribute:"see_also", value:"https://lists.freedesktop.org/archives/xorg/2008-June/036026.html" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=445403" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=445414" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=448783" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=448784" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=448785" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-June/011389.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bad471f1" ); script_set_attribute( attribute:"solution", value:"Update the affected xorg-x11-server package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8"); script_set_attribute(attribute:"patch_publication_date", value:"2008/06/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^8([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC8", reference:"xorg-x11-server-1.3.0.0-46.fc8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server"); }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2008-0503.NASL
description	From Red Hat Security Advisory 2008:0503 : Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An input validation flaw was discovered in X.org
last seen	2020-06-01
modified	2020-06-02
plugin id	67701
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67701
title	Oracle Linux 4 : xorg-x11 (ELSA-2008-0503)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1595.NASL
description	Several local vulnerabilities have been discovered in the X Window system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-1377 Lack of validation of the parameters of the SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions makes it possible for a specially crafted request to trigger the swapping of bytes outside the parameter of these requests, causing memory corruption. - CVE-2008-1379 An integer overflow in the validation of the parameters of the ShmPutImage() request makes it possible to trigger the copy of arbitrary server memory to a pixmap that can subsequently be read by the client, to read arbitrary parts of the X server memory space. - CVE-2008-2360 An integer overflow may occur in the computation of the size of the glyph to be allocated by the AllocateGlyph() function which will cause less memory to be allocated than expected, leading to later heap overflow. - CVE-2008-2361 An integer overflow may occur in the computation of the size of the glyph to be allocated by the ProcRenderCreateCursor() function which will cause less memory to be allocated than expected, leading later to dereferencing un-mapped memory, causing a crash of the X server. - CVE-2008-2362 Integer overflows can also occur in the code validating the parameters for the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient and SProcRenderCreateConicalGradient functions, leading to memory corruption by swapping bytes outside of the intended request parameters.
last seen	2020-06-01
modified	2020-06-02
plugin id	33176
published	2008-06-16
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33176
title	Debian DSA-1595-1 : xorg-server - several vulnerabilities

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2009-001.NASL
description	The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm
last seen	2020-06-01
modified	2020-06-02
plugin id	35684
published	2009-02-13
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/35684
title	Mac OS X Multiple Vulnerabilities (Security Update 2009-001)

NASL family	SuSE Local Security Checks
NASL id	SUSE_XGL-5528.NASL
description	This update fixes multiple vulnerabilities reported by iDefense for the included X server : - RENDER Extension heap buffer overflow. (CVE-2008-2360) - RENDER Extension crash. (CVE-2008-2361) - RENDER Extension memory corruption. (CVE-2008-2362) - MIT-SHM arbitrary memory read. (CVE-2008-1379) - RECORD and Security extensions memory corruption. (CVE-2008-1377)
last seen	2020-06-01
modified	2020-06-02
plugin id	34303
published	2008-09-28
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34303
title	SuSE 10 Security Update : Xgl (ZYPP Patch Number 5528)

NASL family	SuSE Local Security Checks
NASL id	SUSE_XGL-5526.NASL
description	This update fixes multiple vulnerabilities reported by iDefense for the included X server : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption
last seen	2020-06-01
modified	2020-06-02
plugin id	34302
published	2008-09-28
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34302
title	openSUSE 10 Security Update : xgl (xgl-5526)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_0_XGL-080815.NASL
description	This update fixes multiple vulnerabilities reported by iDefense for the included X server : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption
last seen	2020-06-01
modified	2020-06-02
plugin id	40155
published	2009-07-21
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40155
title	openSUSE Security Update : xgl (xgl-155)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2008-116.NASL
description	An input validation flaw was found in X.org
last seen	2020-06-01
modified	2020-06-02
plugin id	38138
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/38138
title	Mandriva Linux Security Advisory : x11-server (MDVSA-2008:116)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20080611_XFREE86_ON_SL3_X.NASL
description	An input validation flaw was discovered in X.org
last seen	2020-06-01
modified	2020-06-02
plugin id	60420
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60420
title	Scientific Linux Security Update : XFree86 on SL3.x i386/x86_64

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0504.NASL
description	Updated xorg-x11-server packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. X.Org is an open source implementation of the X Window System. It provides basic low-level functionality that full-fledged graphical user interfaces are designed upon. An input validation flaw was discovered in X.org
last seen	2020-06-01
modified	2020-06-02
plugin id	43690
published	2010-01-06
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43690
title	CentOS 5 : xorg-x11-server (CESA-2008:0504)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_800E8BD53ACB11DD8842001302A18722.NASL
description	Matthieu Herrb of X.Org reports : Several vulnerabilities have been found in the server-side code of some extensions in the X Window System. Improper validation of client-provided data can cause data corruption. Exploiting these overflows will crash the X server or, under certain circumstances allow the execution of arbitrary machine code. When the X server is running with root privileges (which is the case for the Xorg server and for most kdrive based servers), these vulnerabilities can thus also be used to raise privileges. All these vulnerabilities, to be exploited successfully, require either an already established connection to a running X server (and normally running X servers are only accepting authenticated connections), or a shell access with a valid user on the machine where the vulnerable server is installed.
last seen	2020-06-01
modified	2020-06-02
plugin id	33187
published	2008-06-16
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33187
title	FreeBSD : xorg -- multiple vulnerabilities (800e8bd5-3acb-11dd-8842-001302a18722)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0504.NASL
description	Updated xorg-x11-server packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. X.Org is an open source implementation of the X Window System. It provides basic low-level functionality that full-fledged graphical user interfaces are designed upon. An input validation flaw was discovered in X.org
last seen	2020-06-01
modified	2020-06-02
plugin id	33153
published	2008-06-12
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33153
title	RHEL 5 : xorg-x11-server (RHSA-2008:0504)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20080611_XORG_X11_ON_SL4_X.NASL
description	An input validation flaw was discovered in X.org
last seen	2020-06-01
modified	2020-06-02
plugin id	60422
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60422
title	Scientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2008-0503.NASL
description	Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An input validation flaw was discovered in X.org
last seen	2020-06-01
modified	2020-06-02
plugin id	33364
published	2008-07-02
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33364
title	CentOS 4 : xorg-x11 (CESA-2008:0503)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2008-0504.NASL
description	From Red Hat Security Advisory 2008:0504 : Updated xorg-x11-server packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. X.Org is an open source implementation of the X Window System. It provides basic low-level functionality that full-fledged graphical user interfaces are designed upon. An input validation flaw was discovered in X.org
last seen	2020-06-01
modified	2020-06-02
plugin id	67702
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67702
title	Oracle Linux 5 : xorg-x11-server (ELSA-2008-0504)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2008-183-01.NASL
description	New xorg-server packages are available for Slackware 12.1 and -current to fix security issues in xorg-server 1.4 prior to version 1.4.2.
last seen	2020-06-01
modified	2020-06-02
plugin id	33398
published	2008-07-08
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33398
title	Slackware 12.1 / current : xorg-server (SSA:2008-183-01)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20080611_XORG_X11_SERVER_ON_SL5_X.NASL
description	An input validation flaw was discovered in X.org
last seen	2020-06-01
modified	2020-06-02
plugin id	60423
published	2012-08-01
reporter	This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/60423
title	Scientific Linux Security Update : xorg-x11-server on SL5.x i386/x86_64

NASL family	SuSE Local Security Checks
NASL id	SUSE_XORG-X11-XVNC-5317.NASL
description	This update fixes multiple vulnerabilities reported by iDefense : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption Additionally fixes for : - XvReputImage crashes due to Nulled PortPriv->pDraw - gnome-screensaver loses keyboard focus lock under compiz (CVE-2007-3920)
last seen	2020-06-01
modified	2020-06-02
plugin id	33165
published	2008-06-12
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33165
title	openSUSE 10 Security Update : xorg-x11-Xvnc (xorg-x11-Xvnc-5317)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-5285.NASL
description	For further details, see X.org security advisory: http://lists.freedesktop.org/archives/xorg/2008-June/036026.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	33181
published	2008-06-16
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33181
title	Fedora 7 : xorg-x11-server-1.3.0.0-17.fc7 (2008-5285)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2008-179.NASL
description	An input validation flaw was found in X.org
last seen	2020-06-01
modified	2020-06-02
plugin id	36890
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/36890
title	Mandriva Linux Security Advisory : metisse (MDVSA-2008:179)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2008-0502.NASL
description	From Red Hat Security Advisory 2008:0502 : Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. An input validation flaw was discovered in X.org
last seen	2020-06-01
modified	2020-06-02
plugin id	67700
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67700
title	Oracle Linux 3 : XFree86 (ELSA-2008-0502)

NASL family	SuSE Local Security Checks
NASL id	SUSE_XORG-X11-XNEST-5321.NASL
description	This update fixes multiple vulnerabilities reported by iDefense : - RENDER Extension heap buffer overflow. (CVE-2008-2360) - RENDER Extension crash. (CVE-2008-2361) - RENDER Extension memory corruption. (CVE-2008-2362) - MIT-SHM arbitrary memory read. (CVE-2008-1379) - RECORD and Security extensions memory corruption. (CVE-2008-1377)
last seen	2020-06-01
modified	2020-06-02
plugin id	33164
published	2008-06-12
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33164
title	SuSE 10 Security Update : X.org (ZYPP Patch Number 5321)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200806-07.NASL
description	The remote host is affected by the vulnerability described in GLSA-200806-07 (X.Org X server: Multiple vulnerabilities) Regenrecht reported multiple vulnerabilities in various X server extensions via iDefense: The SProcSecurityGenerateAuthorization() and SProcRecordCreateContext() functions of the RECORD and Security extensions are lacking proper parameter validation (CVE-2008-1377). An integer overflow is possible in the function ShmPutImage() of the MIT-SHM extension (CVE-2008-1379). The RENDER extension contains several possible integer overflows in the AllocateGlyph() function (CVE-2008-2360) which could possibly lead to a heap-based buffer overflow. Further possible integer overflows have been found in the ProcRenderCreateCursor() function (CVE-2008-2361) as well as in the SProcRenderCreateLinearGradient(), SProcRenderCreateRadialGradient() and SProcRenderCreateConicalGradient() functions (CVE-2008-2362). Impact : Exploitation of these vulnerabilities could possibly lead to the remote execution of arbitrary code with root privileges, if the server is running as root, which is the default. It is also possible to crash the server by making use of these vulnerabilities. Workaround : It is possible to avoid these vulnerabilities by disabling the affected server extensions. Therefore edit the configuration file (/etc/X11/xorg.conf) to contain the following in the appropriate places: Section
last seen	2020-06-01
modified	2020-06-02
plugin id	33243
published	2008-06-24
reporter	This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/33243
title	GLSA-200806-07 : X.Org X server: Multiple vulnerabilities

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2008-0503.NASL
description	Updated xorg-x11 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An input validation flaw was discovered in X.org
last seen	2020-06-01
modified	2020-06-02
plugin id	33152
published	2008-06-12
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33152
title	RHEL 4 : xorg-x11 (RHSA-2008:0503)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2008-5254.NASL
description	For further details, see X.org security advisory: http://lists.freedesktop.org/archives/xorg/2008-June/036026.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	33179
published	2008-06-16
reporter	This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/33179
title	Fedora 9 : xorg-x11-server-1.4.99.902-3.20080612.fc9 (2008-5254)

Oval

accepted

2013-04-29T04:18:04.559-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990
comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:8978

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

bugzilla

id	448784
title	CVE-2008-2361 X.org Render extension ProcRenderCreateCursor() crash

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment xorg-x11-xauth is earlier than 0:6.8.2-1.EL.33.0.4
oval oval:com.redhat.rhsa:tst:20080503001
comment xorg-x11-xauth is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451032
AND
comment xorg-x11-twm is earlier than 0:6.8.2-1.EL.33.0.4
oval oval:com.redhat.rhsa:tst:20080503003
comment xorg-x11-twm is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451028
AND
comment xorg-x11-Xdmx is earlier than 0:6.8.2-1.EL.33.0.4
oval oval:com.redhat.rhsa:tst:20080503005
comment xorg-x11-Xdmx is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451018
AND
comment xorg-x11-devel is earlier than 0:6.8.2-1.EL.33.0.4
oval oval:com.redhat.rhsa:tst:20080503007
comment xorg-x11-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451020

AND

comment xorg-x11-font-utils is earlier than 0:6.8.2-1.EL.33.0.4
oval oval:com.redhat.rhsa:tst:20080503009
comment xorg-x11-font-utils is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451004

AND
comment xorg-x11-tools is earlier than 0:6.8.2-1.EL.33.0.4
oval oval:com.redhat.rhsa:tst:20080503011
comment xorg-x11-tools is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451014
AND
comment xorg-x11-sdk is earlier than 0:6.8.2-1.EL.33.0.4
oval oval:com.redhat.rhsa:tst:20080503013
comment xorg-x11-sdk is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451024
AND
comment xorg-x11-libs is earlier than 0:6.8.2-1.EL.33.0.4
oval oval:com.redhat.rhsa:tst:20080503015
comment xorg-x11-libs is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451010

AND

comment xorg-x11-Mesa-libGL is earlier than 0:6.8.2-1.EL.33.0.4
oval oval:com.redhat.rhsa:tst:20080503017
comment xorg-x11-Mesa-libGL is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451022

AND

comment xorg-x11-deprecated-libs is earlier than 0:6.8.2-1.EL.33.0.4
oval oval:com.redhat.rhsa:tst:20080503019
comment xorg-x11-deprecated-libs is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451034

AND

comment xorg-x11-Mesa-libGLU is earlier than 0:6.8.2-1.EL.33.0.4
oval oval:com.redhat.rhsa:tst:20080503021
comment xorg-x11-Mesa-libGLU is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451030

AND
comment xorg-x11 is earlier than 0:6.8.2-1.EL.33.0.4
oval oval:com.redhat.rhsa:tst:20080503023
comment xorg-x11 is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451036
AND
comment xorg-x11-doc is earlier than 0:6.8.2-1.EL.33.0.4
oval oval:com.redhat.rhsa:tst:20080503025
comment xorg-x11-doc is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451002
AND
comment xorg-x11-Xvfb is earlier than 0:6.8.2-1.EL.33.0.4
oval oval:com.redhat.rhsa:tst:20080503027
comment xorg-x11-Xvfb is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451026
AND
comment xorg-x11-xdm is earlier than 0:6.8.2-1.EL.33.0.4
oval oval:com.redhat.rhsa:tst:20080503029
comment xorg-x11-xdm is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451008
AND
comment xorg-x11-Xnest is earlier than 0:6.8.2-1.EL.33.0.4
oval oval:com.redhat.rhsa:tst:20080503031
comment xorg-x11-Xnest is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451006
AND
comment xorg-x11-xfs is earlier than 0:6.8.2-1.EL.33.0.4
oval oval:com.redhat.rhsa:tst:20080503033
comment xorg-x11-xfs is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451012

AND

comment xorg-x11-deprecated-libs-devel is earlier than 0:6.8.2-1.EL.33.0.4
oval oval:com.redhat.rhsa:tst:20080503035
comment xorg-x11-deprecated-libs-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060451016

rhsa

id	RHSA-2008:0503
released	2008-06-11
severity	Important
title	RHSA-2008:0503: xorg-x11 security update (Important)

rhsa
id RHSA-2008:0502
rhsa
id RHSA-2008:0504

rpms

XFree86-0:4.3.0-128.EL
XFree86-100dpi-fonts-0:4.3.0-128.EL
XFree86-75dpi-fonts-0:4.3.0-128.EL
XFree86-ISO8859-14-100dpi-fonts-0:4.3.0-128.EL
XFree86-ISO8859-14-75dpi-fonts-0:4.3.0-128.EL
XFree86-ISO8859-15-100dpi-fonts-0:4.3.0-128.EL
XFree86-ISO8859-15-75dpi-fonts-0:4.3.0-128.EL
XFree86-ISO8859-2-100dpi-fonts-0:4.3.0-128.EL
XFree86-ISO8859-2-75dpi-fonts-0:4.3.0-128.EL
XFree86-ISO8859-9-100dpi-fonts-0:4.3.0-128.EL
XFree86-ISO8859-9-75dpi-fonts-0:4.3.0-128.EL
XFree86-Mesa-libGL-0:4.3.0-128.EL
XFree86-Mesa-libGLU-0:4.3.0-128.EL
XFree86-Xnest-0:4.3.0-128.EL
XFree86-Xvfb-0:4.3.0-128.EL
XFree86-base-fonts-0:4.3.0-128.EL
XFree86-cyrillic-fonts-0:4.3.0-128.EL
XFree86-devel-0:4.3.0-128.EL
XFree86-doc-0:4.3.0-128.EL
XFree86-font-utils-0:4.3.0-128.EL
XFree86-libs-0:4.3.0-128.EL
XFree86-libs-data-0:4.3.0-128.EL
XFree86-sdk-0:4.3.0-128.EL
XFree86-syriac-fonts-0:4.3.0-128.EL
XFree86-tools-0:4.3.0-128.EL
XFree86-truetype-fonts-0:4.3.0-128.EL
XFree86-twm-0:4.3.0-128.EL
XFree86-xauth-0:4.3.0-128.EL
XFree86-xdm-0:4.3.0-128.EL
XFree86-xfs-0:4.3.0-128.EL
xorg-x11-0:6.8.2-1.EL.33.0.4
xorg-x11-Mesa-libGL-0:6.8.2-1.EL.33.0.4
xorg-x11-Mesa-libGLU-0:6.8.2-1.EL.33.0.4
xorg-x11-Xdmx-0:6.8.2-1.EL.33.0.4
xorg-x11-Xnest-0:6.8.2-1.EL.33.0.4
xorg-x11-Xvfb-0:6.8.2-1.EL.33.0.4
xorg-x11-deprecated-libs-0:6.8.2-1.EL.33.0.4
xorg-x11-deprecated-libs-devel-0:6.8.2-1.EL.33.0.4
xorg-x11-devel-0:6.8.2-1.EL.33.0.4
xorg-x11-doc-0:6.8.2-1.EL.33.0.4
xorg-x11-font-utils-0:6.8.2-1.EL.33.0.4
xorg-x11-libs-0:6.8.2-1.EL.33.0.4
xorg-x11-sdk-0:6.8.2-1.EL.33.0.4
xorg-x11-tools-0:6.8.2-1.EL.33.0.4
xorg-x11-twm-0:6.8.2-1.EL.33.0.4
xorg-x11-xauth-0:6.8.2-1.EL.33.0.4
xorg-x11-xdm-0:6.8.2-1.EL.33.0.4
xorg-x11-xfs-0:6.8.2-1.EL.33.0.4
xorg-x11-server-Xdmx-0:1.1.1-48.41.el5_2.1
xorg-x11-server-Xephyr-0:1.1.1-48.41.el5_2.1
xorg-x11-server-Xnest-0:1.1.1-48.41.el5_2.1
xorg-x11-server-Xorg-0:1.1.1-48.41.el5_2.1
xorg-x11-server-Xvfb-0:1.1.1-48.41.el5_2.1
xorg-x11-server-debuginfo-0:1.1.1-48.41.el5_2.1
xorg-x11-server-sdk-0:1.1.1-48.41.el5_2.1

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 29665 CVE(CAN) ID: CVE-2008-2361 Xorg X Server是多个厂商操作系统中所捆绑的X窗口系统显示服务器。 X.Org X Server的RENDER扩展中的ProcRenderCreateCursor()函数在解析客户端请求时直接将请求中的值用于计算动态缓冲区的大小。这个计算中可能出现整数溢出，导致分配不充分的缓冲区和访问无效内存，X Server可能会崩溃。如果攻击者能够访问控制台的话，就可以通过向受影响的X服务器发送命令触发这个溢出；如果将X服务器配置为监听基于TCP的客户端连接，且允许客户端通过xhosts文件创建会话，就可以远程利用这些漏洞。 X.org X11 R7.3 临时解决方法： * 禁用有漏洞的扩展： Section "Extensions" Option "RENDER" "disable" EndSection 厂商补丁： Debian ------ Debian已经为此发布了一个安全公告（DSA-1595-1）以及相应补丁: DSA-1595-1：New xorg-server packages fix several vulnerabilities 链接：<a href=http://www.debian.org/security/2008/dsa-1595 target=_blank>http://www.debian.org/security/2008/dsa-1595</a> 补丁下载： Source archives: <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1.orig.tar.gz</a> Size/MD5 checksum: 8388609 15852049050e49f380f953d8715500b9 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch5.diff.gz target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch5.diff.gz</a> Size/MD5 checksum: 632764 c982d4e00ede14d7627297a457d0320b <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch5.dsc target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch5.dsc</a> Size/MD5 checksum: 2024 fc534ccff948c702a4ef0cf531deaccf alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_alpha.deb</a> Size/MD5 checksum: 353656 2706862a69138ee94fcbb31211e0c4a5 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_alpha.deb</a> Size/MD5 checksum: 4455548 ff3a26b71c5e317258df73baa97ab7e2 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_alpha.deb</a> Size/MD5 checksum: 1030886 44ff2d44fcfaf0473e7bdc43180f0beb <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_alpha.deb</a> Size/MD5 checksum: 1767104 79c0289e2d897f6173240887459a6bd4 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_alpha.deb</a> Size/MD5 checksum: 1930704 c6ef24273a6f88b77088e2cd8cd8db1e <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_alpha.deb</a> Size/MD5 checksum: 140478 286561a4926171499be367df85bc7146 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_alpha.deb</a> Size/MD5 checksum: 1964526 22a6658d46f631e0a60c618dd4fb723d amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_amd64.deb</a> Size/MD5 checksum: 134018 08d9419fdbff4f1e163122fa5112e336 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_amd64.deb</a> Size/MD5 checksum: 1654086 37abd310608a1204a95e90878fd0e1d1 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_amd64.deb</a> Size/MD5 checksum: 859948 37099efb5371cb17f6689e3c90dd0038 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_amd64.deb</a> Size/MD5 checksum: 1472576 c0e587f113cc6fd656587ed08959bff2 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_amd64.deb</a> Size/MD5 checksum: 1622812 ccb434f8e7dc1908c61652f71a4512cd <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_amd64.deb</a> Size/MD5 checksum: 350956 5cf742aa111b5e006d015e85bb7afdfb <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_amd64.deb</a> Size/MD5 checksum: 3919134 e1befedf8342c06a50ea3dd84ac5da5f arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_arm.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_arm.deb</a> Size/MD5 checksum: 125572 4f0f268985c0596e0f5b059459308abd <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_arm.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_arm.deb</a> Size/MD5 checksum: 3778010 e716984d0990375c62a0d5a4a5cbabc0 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_arm.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_arm.deb</a> Size/MD5 checksum: 352298 462cb5ee2ccfb0d220a94413b4fa0e77 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_arm.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_arm.deb</a> Size/MD5 checksum: 1446028 cd0fca4306ea72641d82bcf8751fc418 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_arm.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_arm.deb</a> Size/MD5 checksum: 1598864 db43f26ed6a6f1b3125e0af7920b3f89 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_arm.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_arm.deb</a> Size/MD5 checksum: 854518 16a33b692e5ca981e6a7e71a15e650bb <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_arm.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_arm.deb</a> Size/MD5 checksum: 1622894 0c2289bee8b093b0f9c3328faebcb02e hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_hppa.deb</a> Size/MD5 checksum: 1822068 48fe44f3fdf125336657a8c1b019daf8 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_hppa.deb</a> Size/MD5 checksum: 1662618 64d8f779fcce4a61b1556a5f13669204 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_hppa.deb</a> Size/MD5 checksum: 4400602 0f72c68314ef61163178688104e2cf8d <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_hppa.deb</a> Size/MD5 checksum: 353908 5ffc6917aff7513248e4042617197871 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_hppa.deb</a> Size/MD5 checksum: 910136 59828e23227be68ea9553b2cf71328e9 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_hppa.deb</a> Size/MD5 checksum: 1854792 9b60b9f61b0481817166b94c261c6c44 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_hppa.deb</a> Size/MD5 checksum: 134908 649b2e1b4d1f2349305d1a8345bc2b4a i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_i386.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_i386.deb</a> Size/MD5 checksum: 1388494 2d75e017e06d12fef00abd3516b19aa1 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_i386.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_i386.deb</a> Size/MD5 checksum: 808458 f243812b25df4f648a428fbe0e53f387 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_i386.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_i386.deb</a> Size/MD5 checksum: 1538312 cd554920bc9601c748383d64bd4072ac <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_i386.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_i386.deb</a> Size/MD5 checksum: 121818 ed0f888cfc27db61a3e8f723b93ad1bb <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_i386.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_i386.deb</a> Size/MD5 checksum: 345606 72c2acb632d6c86fdcd2b05759747ec8 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_i386.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_i386.deb</a> Size/MD5 checksum: 3655134 44748e455c0430134e2b81704276ab64 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_i386.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_i386.deb</a> Size/MD5 checksum: 1563522 a68b5bb2ded4aaeb38af7bb1d069eaa1 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_ia64.deb</a> Size/MD5 checksum: 2496678 f696eadca3cc5646d5c5cfa3d45f737e <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_ia64.deb</a> Size/MD5 checksum: 2448490 5e86a9c9f46fdae3d838df88a6a08f29 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_ia64.deb</a> Size/MD5 checksum: 5491656 0778e3c6a23cd6190f789b5b790526ed <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_ia64.deb</a> Size/MD5 checksum: 2220690 6e88b371e6de346a26a5b157601e13f3 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_ia64.deb</a> Size/MD5 checksum: 161788 cd678648723e9cab464144dab81f7b3d <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_ia64.deb</a> Size/MD5 checksum: 1306936 ff26354f105c0b08424588b5dd44023a <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_ia64.deb</a> Size/MD5 checksum: 345528 aab6138fba10180d29e2a849aa5d1d11 mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_mips.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_mips.deb</a> Size/MD5 checksum: 137652 cbaf8796e7f4db0dc869ff9607caa230 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_mips.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_mips.deb</a> Size/MD5 checksum: 3842442 38aa5e3b6cf0ed22f0322d7acad35d10 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_mips.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_mips.deb</a> Size/MD5 checksum: 1682974 0a04a328ea52ac64d6d3b35b4aafc2d6 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_mips.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_mips.deb</a> Size/MD5 checksum: 1537288 9d0cf23ee7ef9ebb25467e1ec15659e2 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_mips.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_mips.deb</a> Size/MD5 checksum: 1714678 a7dc64ea9d8ea2b4c88075235f2c465d <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_mips.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_mips.deb</a> Size/MD5 checksum: 862590 dae745db6339d6b3ee874f9cf5991d7c <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_mips.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_mips.deb</a> Size/MD5 checksum: 353814 3a0181d7c775dce97018d5457c75bf33 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_mipsel.deb</a> Size/MD5 checksum: 134954 f61f2419ef8fad397243d7efc638db98 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_mipsel.deb</a> Size/MD5 checksum: 345558 f5ba2c73c9a1ed528b7ff1ba173f0114 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_mipsel.deb</a> Size/MD5 checksum: 1528702 5d453afbb299c865d1c75daf8eb2bf64 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_mipsel.deb</a> Size/MD5 checksum: 1674800 6324ac98164b8a9afa527149494ea044 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_mipsel.deb</a> Size/MD5 checksum: 1709264 6a837175dff2a568b8bc81007038c1eb <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_mipsel.deb</a> Size/MD5 checksum: 3710732 b554e87fb4100c6495853da0b09df739 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_mipsel.deb</a> Size/MD5 checksum: 862620 b1cf7114eda921f92e0c49a2ec081682 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_powerpc.deb</a> Size/MD5 checksum: 842676 0db68c7ca974d3e136f296d8651efb07 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_powerpc.deb</a> Size/MD5 checksum: 3983816 8a1b74966c423a5c473997a46abb55c1 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_powerpc.deb</a> Size/MD5 checksum: 1612710 57561a7d212cadb23fe56e4e663d3274 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_powerpc.deb</a> Size/MD5 checksum: 1448654 2fba5a0781f499ffed19e04f8d0ebb21 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_powerpc.deb</a> Size/MD5 checksum: 1587794 c4054528cfcc1d159769002064633724 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_powerpc.deb</a> Size/MD5 checksum: 345594 68d046b496080fb1bf02f874b76a47c0 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_powerpc.deb</a> Size/MD5 checksum: 136982 f9736a4fe2dc18a6b48e64c08012204a s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_s390.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_s390.deb</a> Size/MD5 checksum: 4132622 f4a24c252b0c631f9f167b17ccaee281 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_s390.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_s390.deb</a> Size/MD5 checksum: 1740820 dc93f80715edf4824e0ab9132f2cec4c <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_s390.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_s390.deb</a> Size/MD5 checksum: 1566750 f62c4b61e2bdc5a04c4a5365af064313 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_s390.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_s390.deb</a> Size/MD5 checksum: 130744 b5c7f27981f36b56d6a5c640514f3ee6 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_s390.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_s390.deb</a> Size/MD5 checksum: 345526 048f84d8a5e196fedff3c96dcecfcedd <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_s390.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_s390.deb</a> Size/MD5 checksum: 885218 bdd1fda7f1340585fd9884ace64f12c2 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_s390.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_s390.deb</a> Size/MD5 checksum: 1709994 54fd0c7a4ccaf8c739d77d1b4a2af64f sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_sparc.deb</a> Size/MD5 checksum: 346026 fa0865d3f1c20f78a8c7f8cf862a19c2 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_sparc.deb</a> Size/MD5 checksum: 1524636 f1173aaf52f47a537cdf0d101d59118b <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_sparc.deb</a> Size/MD5 checksum: 1392106 616401ab84a3aacfc160a1778905db3e <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_sparc.deb</a> Size/MD5 checksum: 1548902 df4d826882bc583849c18f956986f12b <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_sparc.deb</a> Size/MD5 checksum: 120070 20a1f9d22a7c91443e24a903e34c89ae <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_sparc.deb</a> Size/MD5 checksum: 779658 fbe53553bbb53dabb36bdaabce4dfc17 <a href=http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_sparc.deb</a> Size/MD5 checksum: 3697696 266f42a55e01cca9a1cae85eaf35e67e 补丁安装方法： 1. 手工安装补丁包：首先，使用下面的命令来下载补丁软件： # wget url (url是补丁下载链接地址) 然后，使用下面的命令来安装补丁： # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包：首先，使用下面的命令更新内部数据库： # apt-get update 然后，使用下面的命令安装更新软件包： # apt-get upgrade RedHat ------ RedHat已经为此发布了一个安全公告（RHSA-2008:0503-01）以及相应补丁: RHSA-2008:0503-01：Important: xorg-x11 security update 链接：<a href=https://www.redhat.com/support/errata/RHSA-2008-0503.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0503.html</a> Sun --- Sun已经为此发布了一个安全公告（Sun-Alert-238686）以及相应补丁: Sun-Alert-238686：Multiple security vulnerabilities in the Solaris X Server Extensions may lead to a Denial of Service (DoS) condition or allow Execution of Arbitrary Code 链接：<a href=http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-238686-1 target=_blank>http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-238686-1</a> X.org ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2361.diff target=_blank>ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2361.diff</a>
id	SSV:3424
last seen	2017-11-19
modified	2008-06-14
published	2008-06-14
reporter	Root
title	X.Org X server RENDER扩展ProcRenderCreateCursor()拒绝服务漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Oval

Redhat

Seebug

References