Vulnerabilities > CVE-2013-4396 - Resource Management Errors vulnerability in X X.Org X11
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. Per: https://bugzilla.redhat.com/show_bug.cgi?id=1014561 "' A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges.'
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | X
| 22 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1990-1.NASL description Pedro Ribeiro discovered that the X.Org X server incorrectly handled memory operations when handling ImageText requests. An attacker could use this issue to cause X.Org to crash, or to possibly execute arbitrary code. (CVE-2013-4396) It was discovered that non-root X.Org X servers such as Xephyr incorrectly used cached xkb files. A local attacker could use this flaw to cause a xkb cache file to be loaded by another user, resulting in a denial of service. (CVE-2013-1056). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 70492 published 2013-10-18 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70492 title Ubuntu 12.04 LTS / 12.10 / 13.04 : xorg-server, xorg-server-lts-quantal, xorg-server-lts-raring vulnerabilities (USN-1990-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1990-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(70492); script_version("1.8"); script_cvs_date("Date: 2019/09/19 12:54:29"); script_cve_id("CVE-2013-1056", "CVE-2013-4396"); script_bugtraq_id(62892); script_xref(name:"USN", value:"1990-1"); script_name(english:"Ubuntu 12.04 LTS / 12.10 / 13.04 : xorg-server, xorg-server-lts-quantal, xorg-server-lts-raring vulnerabilities (USN-1990-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Pedro Ribeiro discovered that the X.Org X server incorrectly handled memory operations when handling ImageText requests. An attacker could use this issue to cause X.Org to crash, or to possibly execute arbitrary code. (CVE-2013-4396) It was discovered that non-root X.Org X servers such as Xephyr incorrectly used cached xkb files. A local attacker could use this flaw to cause a xkb cache file to be loaded by another user, resulting in a denial of service. (CVE-2013-1056). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1990-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected xserver-xorg-core, xserver-xorg-core-lts-quantal and / or xserver-xorg-core-lts-raring packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core-lts-quantal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core-lts-raring"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:13.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/10"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|12\.10|13\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 12.10 / 13.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"xserver-xorg-core", pkgver:"2:1.11.4-0ubuntu10.14")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"xserver-xorg-core-lts-quantal", pkgver:"2:1.13.0-0ubuntu6.1~precise4")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"xserver-xorg-core-lts-raring", pkgver:"2:1.13.3-0ubuntu6~precise3")) flag++; if (ubuntu_check(osver:"12.10", pkgname:"xserver-xorg-core", pkgver:"2:1.13.0-0ubuntu6.4")) flag++; if (ubuntu_check(osver:"13.04", pkgname:"xserver-xorg-core", pkgver:"2:1.13.3-0ubuntu6.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xserver-xorg-core / xserver-xorg-core-lts-quantal / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2015-3964.NASL description Update to 3.5.0.29 : - further reduction of code size by Mike Gabriel - ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101, CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo - other (build) bug fixes Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs last seen 2020-06-05 modified 2015-03-27 plugin id 82279 published 2015-03-27 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82279 title Fedora 20 : nx-libs-3.5.0.29-1.fc20 (2015-3964) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-3964. # include("compat.inc"); if (description) { script_id(82279); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_xref(name:"FEDORA", value:"2015-3964"); script_name(english:"Fedora 20 : nx-libs-3.5.0.29-1.fc20 (2015-3964)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to 3.5.0.29 : - further reduction of code size by Mike Gabriel - ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101, CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo - other (build) bug fixes Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs's four-digit version string. Thanks to Nito Martinez from TheQVD project! - Fix unowned directories - Minor cleanup Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152878.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?98af766f" ); script_set_attribute( attribute:"solution", value:"Update the affected nx-libs package." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nx-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"nx-libs-3.5.0.29-1.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nx-libs"); }NASL family AIX Local Security Checks NASL id AIX_IV53331.NASL description Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. last seen 2020-06-01 modified 2020-06-02 plugin id 72070 published 2014-01-22 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72070 title AIX 5.3 TL 12 : xorg (IV53331) NASL family AIX Local Security Checks NASL id AIX_IV52185.NASL description Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. last seen 2020-06-01 modified 2020-06-02 plugin id 72068 published 2014-01-22 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72068 title AIX 7.1 TL 1 : xorg (IV52185) NASL family AIX Local Security Checks NASL id AIX_IV53246.NASL description Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. last seen 2020-06-01 modified 2020-06-02 plugin id 72288 published 2014-02-05 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72288 title AIX 7.1 TL 3 : xorg (IV53246) NASL family AIX Local Security Checks NASL id AIX_IV52181.NASL description Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. last seen 2020-06-01 modified 2020-06-02 plugin id 72066 published 2014-01-22 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72066 title AIX 6.1 TL 7 : xorg (IV52181) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_9A57C6073CAB11E3B4D9BCAEC565249C.NASL description Alan Coopersmith reports : Pedro Ribeiro (pedrib at gmail.com) reported an issue to the X.Org security team in which an authenticated X client can cause an X server to use memory after it was freed, potentially leading to crash and/or memory corruption. last seen 2020-06-01 modified 2020-06-02 plugin id 70595 published 2013-10-25 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70595 title FreeBSD : xorg-server -- use-after-free (9a57c607-3cab-11e3-b4d9-bcaec565249c) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-259.NASL description Updated x11-server packages fix security vulnerability : Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure (CVE-2013-4396). last seen 2020-06-01 modified 2020-06-02 plugin id 70679 published 2013-10-29 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70679 title Mandriva Linux Security Advisory : x11-server (MDVSA-2013:259) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1426.NASL description Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2013-4396) Red Hat would like to thank the X.Org security team for reporting this issue. Upstream acknowledges Pedro Ribeiro as the original reporter. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 70451 published 2013-10-16 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70451 title RHEL 5 / 6 : xorg-x11-server (RHSA-2013:1426) NASL family Fedora Local Security Checks NASL id FEDORA_2015-3948.NASL description Update to 3.5.0.29 : - further reduction of code size by Mike Gabriel - ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101, CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo - other (build) bug fixes Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs last seen 2020-06-05 modified 2015-03-27 plugin id 82278 published 2015-03-27 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82278 title Fedora 21 : nx-libs-3.5.0.29-1.fc21 (2015-3948) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2784.NASL description Pedro Ribeiro discovered a use-after-free in the handling of ImageText requests in the Xorg Xserver, which could result in denial of service or privilege escalation. last seen 2020-03-17 modified 2013-10-23 plugin id 70548 published 2013-10-23 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70548 title Debian DSA-2784-1 : xorg-server - use-after-free NASL family AIX Local Security Checks NASL id AIX_IV52184.NASL description Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. last seen 2020-06-01 modified 2020-06-02 plugin id 72067 published 2014-01-22 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72067 title AIX 6.1 TL 8 : xorg (IV52184) NASL family Scientific Linux Local Security Checks NASL id SL_20131015_XORG_X11_SERVER_ON_SL5_X.NASL description A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2013-4396) Users of proprietary drivers may need to reinstall the driver after applying this update. Some users have reported the inability to load X without reloading the nVidia or the ATI drivers. You can use last seen 2020-03-18 modified 2013-10-17 plugin id 70468 published 2013-10-17 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70468 title Scientific Linux Security Update : xorg-x11-server on SL5.x, SL6.x i386/x86_64 (20131015) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-807.NASL description Fixes the following security issue : - an authenticated X client can cause an X server to use memory after it was freed, potentially leading to crash and/or memory corruption. (CVE-2013-4396, bnc#843652) and the following bug was fixed too : - rfbAuthReenable is accessing rfbClient structure that was in most cases already freed. It actually needs only ScreenPtr, so pass it directly. (bnc#816813) last seen 2020-06-05 modified 2014-06-13 plugin id 75179 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75179 title openSUSE Security Update : xorg-x11-server (openSUSE-SU-2013:1610-1) NASL family Fedora Local Security Checks NASL id FEDORA_2015-3953.NASL description Update to 3.5.0.29 : - further reduction of code size by Mike Gabriel - ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101, CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo - other (build) bug fixes Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs last seen 2020-06-05 modified 2015-03-23 plugin id 81988 published 2015-03-23 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81988 title Fedora 22 : nx-libs-3.5.0.29-1.fc22 (2015-3953) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-234.NASL description A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2013-4396) last seen 2020-06-01 modified 2020-06-02 plugin id 70896 published 2013-11-14 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70896 title Amazon Linux AMI : xorg-x11-server (ALAS-2013-234) NASL family AIX Local Security Checks NASL id AIX_IV52186.NASL description Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. last seen 2020-06-01 modified 2020-06-02 plugin id 72069 published 2014-01-22 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72069 title AIX 7.1 TL 2 : xorg (IV52186) NASL family SuSE Local Security Checks NASL id SUSE_11_XORG-X11-XVNC-131022.NASL description xorg-x11-server was updated to fix the following security issue : - Fixed a security issue in which an authenticated X client can cause an X server to use memory after it was freed, potentially leading to crash and/or memory corruption. (CVE-2013-4396, bnc#843652) A non-security issues was also fixed : - rfbAuthReenable is accessing rfbClient structure that was in most cases already freed. It actually needs only ScreenPtr, so pass it directly. (bnc#816813) last seen 2020-06-05 modified 2013-11-19 plugin id 70961 published 2013-11-19 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70961 title SuSE 11.2 / 11.3 Security Update : xorg-x11-server (SAT Patch Numbers 8463 / 8464) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-1426.NASL description Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2013-4396) Red Hat would like to thank the X.Org security team for reporting this issue. Upstream acknowledges Pedro Ribeiro as the original reporter. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 70464 published 2013-10-17 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70464 title CentOS 5 / 6 : xorg-x11-server (CESA-2013:1426) NASL family AIX Local Security Checks NASL id AIX_IV52978.NASL description Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. last seen 2020-06-01 modified 2020-06-02 plugin id 72287 published 2014-02-05 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72287 title AIX 6.1 TL 9 : xorg (IV52978) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-1426.NASL description From Red Hat Security Advisory 2013:1426 : Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2013-4396) Red Hat would like to thank the X.Org security team for reporting this issue. Upstream acknowledges Pedro Ribeiro as the original reporter. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 70450 published 2013-10-16 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70450 title Oracle Linux 5 / 6 : xorg-x11-server (ELSA-2013-1426) NASL family Solaris Local Security Checks NASL id SOLARIS11_XORG_20141014.NASL description The remote Solaris system is missing necessary patches to address security updates : - Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure. (CVE-2013-4396) last seen 2020-06-01 modified 2020-06-02 plugin id 80821 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80821 title Oracle Solaris Third-Party Patch Update : xorg (cve_2013_4396_use_after) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2013-287-05.NASL description New xorg-server packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 70441 published 2013-10-15 reporter This script is Copyright (C) 2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70441 title Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : xorg-server (SSA:2013-287-05) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201405-07.NASL description The remote host is affected by the vulnerability described in GLSA-201405-07 (X.Org X Server: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in X.Org X Server. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 74028 published 2014-05-16 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74028 title GLSA-201405-07 : X.Org X Server: Multiple vulnerabilities
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00056.html
- http://lists.opensuse.org/opensuse-updates/2013-10/msg00060.html
- http://lists.x.org/archives/xorg-announce/2013-October/002332.html
- http://openwall.com/lists/oss-security/2013/10/08/6
- http://rhn.redhat.com/errata/RHSA-2013-1426.html
- http://www.debian.org/security/2013/dsa-2784
- http://www.securityfocus.com/bid/62892
- http://www.ubuntu.com/usn/USN-1990-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1014561