Vulnerabilities > CVE-2008-2362 - Numeric Errors vulnerability in X X11 R7.3

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
x
CWE-189
critical
nessus

Summary

Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.

Vulnerable Configurations

Part Description Count
Application
X
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12170.NASL
    descriptionThis update fixes multiple vulnerabilities reported by iDefense : - RENDER Extension heap buffer overflow. (CVE-2008-2360) - RENDER Extension crash. (CVE-2008-2361) - RENDER Extension memory corruption . (CVE-2008-2362) - MIT-SHM arbitrary memory read. (CVE-2008-1379) - RECORD and Security extensions memory corruption. (CVE-2008-1377)
    last seen2020-06-01
    modified2020-06-02
    plugin id41215
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41215
    titleSuSE9 Security Update : XFree86 (YOU Patch Number 12170)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41215);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:31");
    
      script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362");
    
      script_name(english:"SuSE9 Security Update : XFree86 (YOU Patch Number 12170)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes multiple vulnerabilities reported by iDefense :
    
      - RENDER Extension heap buffer overflow. (CVE-2008-2360)
    
      - RENDER Extension crash. (CVE-2008-2361)
    
      - RENDER Extension memory corruption . (CVE-2008-2362)
    
      - MIT-SHM arbitrary memory read. (CVE-2008-1379)
    
      - RECORD and Security extensions memory corruption.
        (CVE-2008-1377)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1377.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1379.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-2360.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-2361.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-2362.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12170.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", reference:"XFree86-Xnest-4.3.99.902-43.96")) flag++;
    if (rpm_check(release:"SUSE9", reference:"XFree86-Xprt-4.3.99.902-43.96")) flag++;
    if (rpm_check(release:"SUSE9", reference:"XFree86-Xvfb-4.3.99.902-43.96")) flag++;
    if (rpm_check(release:"SUSE9", reference:"XFree86-Xvnc-4.3.99.902-43.96")) flag++;
    if (rpm_check(release:"SUSE9", reference:"XFree86-server-4.3.99.902-43.96")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-616-1.NASL
    descriptionMultiple flaws were found in the RENDER, RECORD, and Security extensions of X.org which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges or crash X. (CVE-2008-1377, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362) It was discovered that the MIT-SHM extension of X.org did not correctly validate the location of memory during an image copy. An authenticated attacker could exploit this to read arbitrary memory locations within X, exposing sensitive information. (CVE-2008-1379). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id33199
    published2008-06-16
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33199
    titleUbuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : xorg-server vulnerabilities (USN-616-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-616-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33199);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:33:02");
    
      script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362");
      script_bugtraq_id(29665, 29666, 29668, 29669, 29670);
      script_xref(name:"USN", value:"616-1");
    
      script_name(english:"Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : xorg-server vulnerabilities (USN-616-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple flaws were found in the RENDER, RECORD, and Security
    extensions of X.org which did not correctly validate function
    arguments. An authenticated attacker could send specially crafted
    requests and gain root privileges or crash X. (CVE-2008-1377,
    CVE-2008-2360, CVE-2008-2361, CVE-2008-2362)
    
    It was discovered that the MIT-SHM extension of X.org did not
    correctly validate the location of memory during an image copy. An
    authenticated attacker could exploit this to read arbitrary memory
    locations within X, exposing sensitive information. (CVE-2008-1379).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/616-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xdmx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xdmx-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xnest");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xprint");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xprint-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xephyr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xvfb");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(6\.06|7\.04|7\.10|8\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 7.04 / 7.10 / 8.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"6.06", pkgname:"xdmx", pkgver:"1.0.2-0ubuntu10.13")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"xdmx-tools", pkgver:"1.0.2-0ubuntu10.13")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"xnest", pkgver:"1.0.2-0ubuntu10.13")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"xserver-xorg-core", pkgver:"1:1.0.2-0ubuntu10.13")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"xserver-xorg-dev", pkgver:"1.0.2-0ubuntu10.13")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"xvfb", pkgver:"1.0.2-0ubuntu10.13")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"xdmx", pkgver:"1.2.0-3ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"xdmx-tools", pkgver:"1.2.0-3ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"xnest", pkgver:"1.2.0-3ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"xserver-xephyr", pkgver:"1.2.0-3ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"xserver-xorg-core", pkgver:"2:1.2.0-3ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"xserver-xorg-dev", pkgver:"1.2.0-3ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"xvfb", pkgver:"1.2.0-3ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xdmx", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xdmx-tools", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xnest", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xprint", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xprint-common", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xserver-xephyr", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xserver-xorg-core", pkgver:"2:1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xserver-xorg-core-dbg", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xserver-xorg-dev", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"xvfb", pkgver:"1.3.0.0.dfsg-12ubuntu8.4")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xnest", pkgver:"1.4.1~git20080131-1ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xserver-xephyr", pkgver:"1.4.1~git20080131-1ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xserver-xorg-core", pkgver:"2:1.4.1~git20080131-1ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xserver-xorg-core-dbg", pkgver:"1.4.1~git20080131-1ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xserver-xorg-dev", pkgver:"1.4.1~git20080131-1ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"8.04", pkgname:"xvfb", pkgver:"1.4.1~git20080131-1ubuntu9.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xdmx / xdmx-tools / xnest / xprint / xprint-common / xserver-xephyr / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XORG-X11-SERVER-5316.NASL
    descriptionThis update fixes multiple vulnerabilities reported by iDefense : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption Additionally fixes for : - gnome-screensaver loses keyboard focus lock under compiz (CVE-2007-3920)
    last seen2020-06-01
    modified2020-06-02
    plugin id33166
    published2008-06-12
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33166
    titleopenSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-5316)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update xorg-x11-server-5316.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33166);
      script_version ("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:33");
    
      script_cve_id("CVE-2007-3920", "CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362");
    
      script_name(english:"openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-5316)");
      script_summary(english:"Check for the xorg-x11-server-5316 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes multiple vulnerabilities reported by iDefense :
    
      - CVE-2008-2360 - RENDER Extension heap buffer overflow
    
      - CVE-2008-2361 - RENDER Extension crash
    
      - CVE-2008-2362 - RENDER Extension memory corruption 
    
      - CVE-2008-1379 - MIT-SHM arbitrary memory read
    
      - CVE-2008-1377 - RECORD and Security extensions memory
        corruption Additionally fixes for :
    
      - gnome-screensaver loses keyboard focus lock under compiz
        (CVE-2007-3920)"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xorg-x11-server packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-sdk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.2", reference:"xorg-x11-server-7.2-30.15") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"xorg-x11-server-sdk-7.2-30.15") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server / xorg-x11-server-sdk");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_XORG-X11-XVNC-080616.NASL
    descriptionThis update fixes multiple vulnerabilities reported by iDefense : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption
    last seen2020-06-01
    modified2020-06-02
    plugin id40158
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40158
    titleopenSUSE Security Update : xorg-x11-Xvnc (xorg-x11-Xvnc-36)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update xorg-x11-Xvnc-36.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40158);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:31");
    
      script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362");
    
      script_name(english:"openSUSE Security Update : xorg-x11-Xvnc (xorg-x11-Xvnc-36)");
      script_summary(english:"Check for the xorg-x11-Xvnc-36 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes multiple vulnerabilities reported by iDefense :
    
      - CVE-2008-2360 - RENDER Extension heap buffer overflow
    
      - CVE-2008-2361 - RENDER Extension crash
    
      - CVE-2008-2362 - RENDER Extension memory corruption 
    
      - CVE-2008-1379 - MIT-SHM arbitrary memory read
    
      - CVE-2008-1377 - RECORD and Security extensions memory
        corruption"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=374318"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xorg-x11-Xvnc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-Xvnc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xorg-x11-server-sdk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.0", reference:"xorg-x11-Xvnc-7.3-110.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"xorg-x11-server-7.3-110.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"xorg-x11-server-extra-7.3-110.2") ) flag++;
    if ( rpm_check(release:"SUSE11.0", reference:"xorg-x11-server-sdk-7.3-110.2") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-Xvnc / xorg-x11-server / xorg-x11-server-extra / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-5279.NASL
    descriptionFor further details, see X.org security advisory: http://lists.freedesktop.org/archives/xorg/2008-June/036026.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id33180
    published2008-06-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33180
    titleFedora 8 : xorg-x11-server-1.3.0.0-46.fc8 (2008-5279)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2008-5279.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33180);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:27");
    
      script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362");
      script_xref(name:"FEDORA", value:"2008-5279");
    
      script_name(english:"Fedora 8 : xorg-x11-server-1.3.0.0-46.fc8 (2008-5279)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "For further details, see X.org security advisory:
    http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=445403"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=445414"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=448783"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=448784"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=448785"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-June/011389.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bad471f1"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected xorg-x11-server package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC8", reference:"xorg-x11-server-1.3.0.0-46.fc8")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1595.NASL
    descriptionSeveral local vulnerabilities have been discovered in the X Window system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-1377 Lack of validation of the parameters of the SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions makes it possible for a specially crafted request to trigger the swapping of bytes outside the parameter of these requests, causing memory corruption. - CVE-2008-1379 An integer overflow in the validation of the parameters of the ShmPutImage() request makes it possible to trigger the copy of arbitrary server memory to a pixmap that can subsequently be read by the client, to read arbitrary parts of the X server memory space. - CVE-2008-2360 An integer overflow may occur in the computation of the size of the glyph to be allocated by the AllocateGlyph() function which will cause less memory to be allocated than expected, leading to later heap overflow. - CVE-2008-2361 An integer overflow may occur in the computation of the size of the glyph to be allocated by the ProcRenderCreateCursor() function which will cause less memory to be allocated than expected, leading later to dereferencing un-mapped memory, causing a crash of the X server. - CVE-2008-2362 Integer overflows can also occur in the code validating the parameters for the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient and SProcRenderCreateConicalGradient functions, leading to memory corruption by swapping bytes outside of the intended request parameters.
    last seen2020-06-01
    modified2020-06-02
    plugin id33176
    published2008-06-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33176
    titleDebian DSA-1595-1 : xorg-server - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1595. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(33176);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:21");
    
      script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362");
      script_bugtraq_id(29665, 29666, 29668, 29669, 29670);
      script_xref(name:"DSA", value:"1595");
    
      script_name(english:"Debian DSA-1595-1 : xorg-server - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several local vulnerabilities have been discovered in the X Window
    system. The Common Vulnerabilities and Exposures project identifies
    the following problems :
    
      - CVE-2008-1377
        Lack of validation of the parameters of the
        SProcSecurityGenerateAuthorization and
        SProcRecordCreateContext functions makes it possible for
        a specially crafted request to trigger the swapping of
        bytes outside the parameter of these requests, causing
        memory corruption.
    
      - CVE-2008-1379
        An integer overflow in the validation of the parameters
        of the ShmPutImage() request makes it possible to
        trigger the copy of arbitrary server memory to a pixmap
        that can subsequently be read by the client, to read
        arbitrary parts of the X server memory space.
    
      - CVE-2008-2360
        An integer overflow may occur in the computation of the
        size of the glyph to be allocated by the AllocateGlyph()
        function which will cause less memory to be allocated
        than expected, leading to later heap overflow.
    
      - CVE-2008-2361
        An integer overflow may occur in the computation of the
        size of the glyph to be allocated by the
        ProcRenderCreateCursor() function which will cause less
        memory to be allocated than expected, leading later to
        dereferencing un-mapped memory, causing a crash of the X
        server.
    
      - CVE-2008-2362
        Integer overflows can also occur in the code validating
        the parameters for the SProcRenderCreateLinearGradient,
        SProcRenderCreateRadialGradient and
        SProcRenderCreateConicalGradient functions, leading to
        memory corruption by swapping bytes outside of the
        intended request parameters."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1377"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-1379"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-2360"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-2361"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2008-2362"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2008/dsa-1595"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the xorg-server package.
    
    For the stable distribution (etch), these problems have been fixed in
    version 2:1.1.1-21etch5."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xorg-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/06/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"4.0", prefix:"xdmx", reference:"2:1.1.1-21etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"xdmx-tools", reference:"2:1.1.1-21etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"xnest", reference:"2:1.1.1-21etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"xserver-xephyr", reference:"2:1.1.1-21etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"xserver-xorg-core", reference:"2:1.1.1-21etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"xserver-xorg-dev", reference:"2:1.1.1-21etch5")) flag++;
    if (deb_check(release:"4.0", prefix:"xvfb", reference:"2:1.1.1-21etch5")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2009-001.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm
    last seen2020-06-01
    modified2020-06-02
    plugin id35684
    published2009-02-13
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35684
    titleMac OS X Multiple Vulnerabilities (Security Update 2009-001)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3004) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(35684);
      script_version("1.32");
      script_cvs_date("Date: 2018/07/16 12:48:31");
    
      script_cve_id("CVE-2006-1861", "CVE-2006-3467", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1667",
                    "CVE-2007-4565", "CVE-2007-4965", "CVE-2008-1377", "CVE-2008-1379", "CVE-2008-1679",
                    "CVE-2008-1721", "CVE-2008-1806", "CVE-2008-1807", "CVE-2008-1808", "CVE-2008-1887",
                    "CVE-2008-1927", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-2360", "CVE-2008-2361",
                    "CVE-2008-2362", "CVE-2008-2379", "CVE-2008-2711", "CVE-2008-3142", "CVE-2008-3144",
                    "CVE-2008-3663", "CVE-2008-4864", "CVE-2008-5031", "CVE-2008-5050", "CVE-2008-5183",
                    "CVE-2008-5314", "CVE-2009-0009", "CVE-2009-0011", "CVE-2009-0012", "CVE-2009-0013",
                    "CVE-2009-0014", "CVE-2009-0015", "CVE-2009-0017", "CVE-2009-0018", "CVE-2009-0019",
                    "CVE-2009-0020", "CVE-2009-0137", "CVE-2009-0138", "CVE-2009-0139", "CVE-2009-0140",
                    "CVE-2009-0141", "CVE-2009-0142");
      script_bugtraq_id(25495, 25696, 28715, 28749, 28928, 29705, 30491, 31976, 32207, 32555,
                        33187, 33796, 33798, 33800, 33806, 33808, 33809, 33810, 33811, 33812,
                        33813, 33814, 33815, 33816, 33820, 33821);
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-001)");
      script_summary(english:"Check for the presence of Security Update 2009-001");
    
      script_set_attribute(  attribute:"synopsis",   value:
    "The remote host is missing a Mac OS X update that fixes various
    security issues."  );
      script_set_attribute( attribute:"description", value:
    "The remote host is running a version of Mac OS X 10.5 or 10.4 that
    does not have Security Update 2009-001 applied.
    
    This security update contains fixes for the following products :
    
      - AFP Server
      - Apple Pixlet Video
      - CarbonCore
      - CFNetwork
      - Certificate Assistant
      - ClamAV
      - CoreText
      - CUPS
      - DS Tools
      - fetchmail
      - Folder Manager
      - FSEvents
      - Network Time
      - perl
      - Printing
      - python
      - Remote Apple Events
      - Safari RSS
      - servermgrd
      - SMB
      - SquirrelMail
      - X11
      - XTerm"  );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://support.apple.com/kb/ht3438"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
      );
      script_set_attribute( attribute:"solution", value:
        "Install Security Update 2009-001 or later." );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(20, 79, 119, 189, 255, 264, 287, 310, 362, 399);
      script_set_attribute(attribute:"plugin_publication_date", value: "2009/02/13");
      script_set_attribute(attribute:"patch_publication_date", value: "2009/02/12");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/MacOSX/packages", "Host/uname");
      exit(0);
    }
    
    #
    
    uname = get_kb_item("Host/uname");
    if (!uname) exit(1, "The 'Host/uname' KB item is missing.");
    
    if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname))
    {
      packages = get_kb_item("Host/MacOSX/packages");
      if (!packages) exit(1, "The 'Host/MacOSX/packages' KB item is missing.");
    
      if (egrep(pattern:"^SecUpd(Srvr)?(2009-00[1-9]|20[1-9][0-9]-)", string:packages))
        exit(0, "The host has Security Update 2009-001 or later installed and therefore is not affected.");
      else
        security_hole(0);
    }
    else if (egrep(pattern:"Darwin.* (9\.[0-6]\.)", string:uname))
    {
      packages = get_kb_item("Host/MacOSX/packages/boms");
      if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing.");
    
      if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[1-9]|20[1-9][0-9]\.[0-9]+)\.bom", string:packages))
        exit(0, "The host has Security Update 2009-001 or later installed and therefore is not affected.");
      else
        security_hole(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XGL-5528.NASL
    descriptionThis update fixes multiple vulnerabilities reported by iDefense for the included X server : - RENDER Extension heap buffer overflow. (CVE-2008-2360) - RENDER Extension crash. (CVE-2008-2361) - RENDER Extension memory corruption. (CVE-2008-2362) - MIT-SHM arbitrary memory read. (CVE-2008-1379) - RECORD and Security extensions memory corruption. (CVE-2008-1377)
    last seen2020-06-01
    modified2020-06-02
    plugin id34303
    published2008-09-28
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34303
    titleSuSE 10 Security Update : Xgl (ZYPP Patch Number 5528)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34303);
      script_version ("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:33");
    
      script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362");
    
      script_name(english:"SuSE 10 Security Update : Xgl (ZYPP Patch Number 5528)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes multiple vulnerabilities reported by iDefense for
    the included X server :
    
      - RENDER Extension heap buffer overflow. (CVE-2008-2360)
    
      - RENDER Extension crash. (CVE-2008-2361)
    
      - RENDER Extension memory corruption. (CVE-2008-2362)
    
      - MIT-SHM arbitrary memory read. (CVE-2008-1379)
    
      - RECORD and Security extensions memory corruption.
        (CVE-2008-1377)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1377.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-1379.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-2360.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-2361.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2008-2362.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5528.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/08/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:1, reference:"xgl-cvs_060522-0.37.9")) flag++;
    if (rpm_check(release:"SLED10", sp:2, reference:"xgl-cvs_060522-0.44")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XGL-5526.NASL
    descriptionThis update fixes multiple vulnerabilities reported by iDefense for the included X server : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption
    last seen2020-06-01
    modified2020-06-02
    plugin id34302
    published2008-09-28
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34302
    titleopenSUSE 10 Security Update : xgl (xgl-5526)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update xgl-5526.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(34302);
      script_version ("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:33");
    
      script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362");
    
      script_name(english:"openSUSE 10 Security Update : xgl (xgl-5526)");
      script_summary(english:"Check for the xgl-5526 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes multiple vulnerabilities reported by iDefense for
    the included X server :
    
      - CVE-2008-2360 - RENDER Extension heap buffer overflow
    
      - CVE-2008-2361 - RENDER Extension crash
    
      - CVE-2008-2362 - RENDER Extension memory corruption 
    
      - CVE-2008-1379 - MIT-SHM arbitrary memory read
    
      - CVE-2008-1377 - RECORD and Security extensions memory
        corruption"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected xgl package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xgl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/08/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/09/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2 / 10.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.2", reference:"xgl-cvs_060522-45") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"xgl-git_070104-77.6") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xgl");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_XGL-080815.NASL
    descriptionThis update fixes multiple vulnerabilities reported by iDefense for the included X server : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption
    last seen2020-06-01
    modified2020-06-02
    plugin id40155
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40155
    titleopenSUSE Security Update : xgl (xgl-155)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update xgl-155.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40155);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:31");
    
      script_cve_id("CVE-2008-1377", "CVE-2008-1379", "CVE-2008-2360", "CVE-2008-2361", "CVE-2008-2362");
    
      script_name(english:"openSUSE Security Update : xgl (xgl-155)");
      script_summary(english:"Check for the xgl-155 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes multiple vulnerabilities reported by iDefense for
    the included X server :
    
      - CVE-2008-2360 - RENDER Extension heap buffer overflow
    
      - CVE-2008-2361 - RENDER Extension crash
    
      - CVE-2008-2362 - RENDER Extension memory corruption 
    
      - CVE-2008-1379 - MIT-SHM arbitrary memory read
    
      - CVE-2008-1377 - RECORD and Security extensions memory
        corruption"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=332447"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=387544"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected xgl package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xgl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/08/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.0", reference:"xgl-git_071026-79.3") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xgl");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-116.NASL
    descriptionAn input validation flaw was found in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id38138
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38138
    titleMandriva Linux Security Advisory : x11-server (MDVSA-2008:116)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0504.NASL
    descriptionUpdated xorg-x11-server packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. X.Org is an open source implementation of the X Window System. It provides basic low-level functionality that full-fledged graphical user interfaces are designed upon. An input validation flaw was discovered in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id43690
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43690
    titleCentOS 5 : xorg-x11-server (CESA-2008:0504)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_800E8BD53ACB11DD8842001302A18722.NASL
    descriptionMatthieu Herrb of X.Org reports : Several vulnerabilities have been found in the server-side code of some extensions in the X Window System. Improper validation of client-provided data can cause data corruption. Exploiting these overflows will crash the X server or, under certain circumstances allow the execution of arbitrary machine code. When the X server is running with root privileges (which is the case for the Xorg server and for most kdrive based servers), these vulnerabilities can thus also be used to raise privileges. All these vulnerabilities, to be exploited successfully, require either an already established connection to a running X server (and normally running X servers are only accepting authenticated connections), or a shell access with a valid user on the machine where the vulnerable server is installed.
    last seen2020-06-01
    modified2020-06-02
    plugin id33187
    published2008-06-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33187
    titleFreeBSD : xorg -- multiple vulnerabilities (800e8bd5-3acb-11dd-8842-001302a18722)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0504.NASL
    descriptionUpdated xorg-x11-server packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. X.Org is an open source implementation of the X Window System. It provides basic low-level functionality that full-fledged graphical user interfaces are designed upon. An input validation flaw was discovered in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id33153
    published2008-06-12
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33153
    titleRHEL 5 : xorg-x11-server (RHSA-2008:0504)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0504.NASL
    descriptionFrom Red Hat Security Advisory 2008:0504 : Updated xorg-x11-server packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. X.Org is an open source implementation of the X Window System. It provides basic low-level functionality that full-fledged graphical user interfaces are designed upon. An input validation flaw was discovered in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id67702
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67702
    titleOracle Linux 5 : xorg-x11-server (ELSA-2008-0504)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2008-183-01.NASL
    descriptionNew xorg-server packages are available for Slackware 12.1 and -current to fix security issues in xorg-server 1.4 prior to version 1.4.2.
    last seen2020-06-01
    modified2020-06-02
    plugin id33398
    published2008-07-08
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33398
    titleSlackware 12.1 / current : xorg-server (SSA:2008-183-01)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080611_XORG_X11_SERVER_ON_SL5_X.NASL
    descriptionAn input validation flaw was discovered in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id60423
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60423
    titleScientific Linux Security Update : xorg-x11-server on SL5.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XORG-X11-XVNC-5317.NASL
    descriptionThis update fixes multiple vulnerabilities reported by iDefense : - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption Additionally fixes for : - XvReputImage crashes due to Nulled PortPriv->pDraw - gnome-screensaver loses keyboard focus lock under compiz (CVE-2007-3920)
    last seen2020-06-01
    modified2020-06-02
    plugin id33165
    published2008-06-12
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33165
    titleopenSUSE 10 Security Update : xorg-x11-Xvnc (xorg-x11-Xvnc-5317)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-5285.NASL
    descriptionFor further details, see X.org security advisory: http://lists.freedesktop.org/archives/xorg/2008-June/036026.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id33181
    published2008-06-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33181
    titleFedora 7 : xorg-x11-server-1.3.0.0-17.fc7 (2008-5285)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-179.NASL
    descriptionAn input validation flaw was found in X.org
    last seen2020-06-01
    modified2020-06-02
    plugin id36890
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36890
    titleMandriva Linux Security Advisory : metisse (MDVSA-2008:179)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XORG-X11-XNEST-5321.NASL
    descriptionThis update fixes multiple vulnerabilities reported by iDefense : - RENDER Extension heap buffer overflow. (CVE-2008-2360) - RENDER Extension crash. (CVE-2008-2361) - RENDER Extension memory corruption. (CVE-2008-2362) - MIT-SHM arbitrary memory read. (CVE-2008-1379) - RECORD and Security extensions memory corruption. (CVE-2008-1377)
    last seen2020-06-01
    modified2020-06-02
    plugin id33164
    published2008-06-12
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33164
    titleSuSE 10 Security Update : X.org (ZYPP Patch Number 5321)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200806-07.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200806-07 (X.Org X server: Multiple vulnerabilities) Regenrecht reported multiple vulnerabilities in various X server extensions via iDefense: The SProcSecurityGenerateAuthorization() and SProcRecordCreateContext() functions of the RECORD and Security extensions are lacking proper parameter validation (CVE-2008-1377). An integer overflow is possible in the function ShmPutImage() of the MIT-SHM extension (CVE-2008-1379). The RENDER extension contains several possible integer overflows in the AllocateGlyph() function (CVE-2008-2360) which could possibly lead to a heap-based buffer overflow. Further possible integer overflows have been found in the ProcRenderCreateCursor() function (CVE-2008-2361) as well as in the SProcRenderCreateLinearGradient(), SProcRenderCreateRadialGradient() and SProcRenderCreateConicalGradient() functions (CVE-2008-2362). Impact : Exploitation of these vulnerabilities could possibly lead to the remote execution of arbitrary code with root privileges, if the server is running as root, which is the default. It is also possible to crash the server by making use of these vulnerabilities. Workaround : It is possible to avoid these vulnerabilities by disabling the affected server extensions. Therefore edit the configuration file (/etc/X11/xorg.conf) to contain the following in the appropriate places: Section
    last seen2020-06-01
    modified2020-06-02
    plugin id33243
    published2008-06-24
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33243
    titleGLSA-200806-07 : X.Org X server: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-5254.NASL
    descriptionFor further details, see X.org security advisory: http://lists.freedesktop.org/archives/xorg/2008-June/036026.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id33179
    published2008-06-16
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33179
    titleFedora 9 : xorg-x11-server-1.4.99.902-3.20080612.fc9 (2008-5254)

Oval

accepted2013-04-29T04:12:38.817-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionMultiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.
familyunix
idoval:org.mitre.oval:def:11246
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMultiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption.
version19

Redhat

advisories
bugzilla
id448785
titleCVE-2008-2362 X.org Render extension input validation flaw causing memory corruption
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentxorg-x11-server-Xvfb is earlier than 0:1.1.1-48.41.el5_2.1
          ovaloval:com.redhat.rhsa:tst:20080504001
        • commentxorg-x11-server-Xvfb is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070127004
      • AND
        • commentxorg-x11-server-Xdmx is earlier than 0:1.1.1-48.41.el5_2.1
          ovaloval:com.redhat.rhsa:tst:20080504003
        • commentxorg-x11-server-Xdmx is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070127008
      • AND
        • commentxorg-x11-server-Xorg is earlier than 0:1.1.1-48.41.el5_2.1
          ovaloval:com.redhat.rhsa:tst:20080504005
        • commentxorg-x11-server-Xorg is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070127006
      • AND
        • commentxorg-x11-server-Xnest is earlier than 0:1.1.1-48.41.el5_2.1
          ovaloval:com.redhat.rhsa:tst:20080504007
        • commentxorg-x11-server-Xnest is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070127010
      • AND
        • commentxorg-x11-server-Xephyr is earlier than 0:1.1.1-48.41.el5_2.1
          ovaloval:com.redhat.rhsa:tst:20080504009
        • commentxorg-x11-server-Xephyr is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070127012
      • AND
        • commentxorg-x11-server-sdk is earlier than 0:1.1.1-48.41.el5_2.1
          ovaloval:com.redhat.rhsa:tst:20080504011
        • commentxorg-x11-server-sdk is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070127002
rhsa
idRHSA-2008:0504
released2008-06-11
severityImportant
titleRHSA-2008:0504: xorg-x11-server security update (Important)
rpms
  • xorg-x11-server-Xdmx-0:1.1.1-48.41.el5_2.1
  • xorg-x11-server-Xephyr-0:1.1.1-48.41.el5_2.1
  • xorg-x11-server-Xnest-0:1.1.1-48.41.el5_2.1
  • xorg-x11-server-Xorg-0:1.1.1-48.41.el5_2.1
  • xorg-x11-server-Xvfb-0:1.1.1-48.41.el5_2.1
  • xorg-x11-server-debuginfo-0:1.1.1-48.41.el5_2.1
  • xorg-x11-server-sdk-0:1.1.1-48.41.el5_2.1

References