Vulnerabilities > CVE-2010-1166 - Numeric Errors vulnerability in X X.Org 7.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition.
Common Weakness Enumeration (CWE)
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0382.NASL description Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An incorrect calculation flaw was discovered in the X.Org Render extension. A malicious, authorized client could exploit this issue to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2010-1166) Users of xorg-x11-server should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 46758 published 2010-06-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46758 title CentOS 5 : xorg-x11-server (CESA-2010:0382) NASL family SuSE Local Security Checks NASL id SUSE_11_XORG-X11-XVNC-100819.NASL description The X.Org X11 Server was updated to fix several bugs and 2 security issues : - This fix adds a workaround for overlapping stacks and heaps in case of OOM conditions.This workaround is necessary if the kernel is not properly adding guard or gap-pages below the stack. (CVE-2010-2240) - The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition. (CVE-2010-1166) Non-Security Bugs fixed : - Fix some shortcomings in the Xdmcp implementation. It used to suppress loopback addresses from the list of potential display addresses to report to xdm, even when talking to xdm through a loopback address. Now only display addresses of the same kind as the xdm connection are reported to xdm. - This most notably helps Xvnc servers contacting the local xdm, because they were severely affected by the suppression of last seen 2020-06-01 modified 2020-06-02 plugin id 51636 published 2011-01-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51636 title SuSE 11.1 Security Update : Xorg (SAT Patch Number 2968) NASL family SuSE Local Security Checks NASL id SUSE_XORG-X11-XVNC-7126.NASL description The X.Org X11 Server was updated to fix several bugs and 2 security issues : - This fix adds a workaround for overlapping stacks and heaps in case of OOM conditions.This workaround is necessary if the kernel is not properly adding guard or gap-pages below the stack. (CVE-2010-2240) - The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition. (CVE-2010-1166) Non-Security Bugs fixed : - Fix some shortcomings in the Xdmcp implementation. It used to suppress loopback addresses from the list of potential display addresses to report to xdm, even when talking to xdm through a loopback address. Now only display addresses of the same kind as the xdm connection are reported to xdm. - This most notably helps Xvnc servers contacting the local xdm, because they were severely affected by the suppression of last seen 2020-06-01 modified 2020-06-02 plugin id 49934 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49934 title SuSE 10 Security Update : Xorg (ZYPP Patch Number 7126) NASL family SuSE Local Security Checks NASL id SUSE_11_2_XORG-X11-XVNC-100805.NASL description This update fixes a memory corruption in the X Render extension in the X server. CVE-2010-1166: The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition. last seen 2020-06-01 modified 2020-06-02 plugin id 49139 published 2010-09-08 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49139 title openSUSE Security Update : xorg-x11-Xvnc (openSUSE-SU-2010:0583-1) NASL family SuSE Local Security Checks NASL id SUSE9_12612.NASL description X clients could cause a memory corruption in the X Render extension which crashes the X server (CVE-2010-1166). This has been fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 47688 published 2010-07-09 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47688 title SuSE9 Security Update : XFree86 (YOU Patch Number 12612) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0382.NASL description Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An incorrect calculation flaw was discovered in the X.Org Render extension. A malicious, authorized client could exploit this issue to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2010-1166) Users of xorg-x11-server should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 46303 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46303 title RHEL 5 : xorg-x11-server (RHSA-2010:0382) NASL family Scientific Linux Local Security Checks NASL id SL_20100428_XORG_X11_SERVER_ON_SL5_X.NASL description An incorrect calculation flaw was discovered in the X.Org Render extension. A malicious, authorized client could exploit this issue to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2010-1166) All running X.Org server instances must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60786 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60786 title Scientific Linux Security Update : xorg-x11-server on SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_XORG-X11-7002.NASL description X clients could cause a memory corruption in the X Render extension which crashes the X server (CVE-2010-1166). This has been fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 49933 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49933 title SuSE 10 Security Update : xorg-x11 (ZYPP Patch Number 7002) NASL family SuSE Local Security Checks NASL id SUSE9_12638.NASL description The X.Org X11 Server was updated to fix 2 security issues : - This fix adds a workaround for overlapping stacks and heaps in case of OOM conditions.This workaround is necessary if the kernel is not properly adding guard or gap-pages below the stack. (CVE-2010-2240) - The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition. (CVE-2010-1166) last seen 2020-06-01 modified 2020-06-02 plugin id 49757 published 2010-10-06 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49757 title SuSE9 Security Update : XFree86-server (YOU Patch Number 12638) NASL family SuSE Local Security Checks NASL id SUSE_11_3_XORG-X11-XVNC-100819.NASL description The X.Org X11 Server was updated to fix several bugs and 2 security issues : Two security issues were fixed: CVE-2010-2240: This fix adds a workaround for overlapping stacks and heaps in case of OOM conditions.This workaround is necessary if the kernel is not properly adding guard or gap-pages below the stack. CVE-2010-1166: The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition. Non-Security Bugs fixed: Fix some shortcomings in the Xdmcp implementation. It used to suppress loopback addresses from the list of potential display addresses to report to xdm, even when talking to xdm through a loopback address. Now only display addresses of the same kind as the xdm connection are reported to xdm. This most notably helps Xvnc servers contacting the local xdm, because they were severely affected by the suppression of loopback addresses. last seen 2020-06-01 modified 2020-06-02 plugin id 75779 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75779 title openSUSE Security Update : xorg-x11-Xvnc (openSUSE-SU-2010:0561-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0382.NASL description From Red Hat Security Advisory 2010:0382 : Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An incorrect calculation flaw was discovered in the X.Org Render extension. A malicious, authorized client could exploit this issue to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2010-1166) Users of xorg-x11-server should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68035 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68035 title Oracle Linux 5 : xorg-x11-server (ELSA-2010-0382) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-939-1.NASL description Loic Minier discovered that xvfb-run did not correctly keep the X.org session cookie private. A local attacker could gain access to any local sessions started by xvfb-run. Ubuntu 9.10 was not affected. (CVE-2009-1573) It was discovered that the X.org server did not correctly handle certain calculations. A remote attacker could exploit this to crash the X.org session or possibly run arbitrary code with root privileges. (CVE-2010-1166). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 46672 published 2010-05-19 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46672 title Ubuntu 8.04 LTS / 9.04 / 9.10 : xorg-server vulnerabilities (USN-939-1)
Oval
accepted | 2013-04-29T04:01:48.821-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition. | ||||||||||||
family | unix | ||||||||||||
id | oval:org.mitre.oval:def:10112 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
title | The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition. | ||||||||||||
version | 19 |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=495733
- http://securitytracker.com/id?1023929
- http://secunia.com/advisories/39650
- http://cgit.freedesktop.org/xorg/xserver/commit/?id=d2f813f7db
- https://bugzilla.redhat.com/show_bug.cgi?id=582601
- https://rhn.redhat.com/errata/RHSA-2010-0382.html
- http://www.vupen.com/english/advisories/2010/1185
- http://secunia.com/advisories/39834
- http://www.ubuntu.com/usn/USN-939-1
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10112