Vulnerabilities > CVE-2013-6462 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in X Libxfont

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
x
CWE-119
critical
nessus

Summary

Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-3964.NASL
    descriptionUpdate to 3.5.0.29 : - further reduction of code size by Mike Gabriel - ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101, CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo - other (build) bug fixes Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs
    last seen2020-06-05
    modified2015-03-27
    plugin id82279
    published2015-03-27
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82279
    titleFedora 20 : nx-libs-3.5.0.29-1.fc20 (2015-3964)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2015-3964.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82279);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_xref(name:"FEDORA", value:"2015-3964");
    
      script_name(english:"Fedora 20 : nx-libs-3.5.0.29-1.fc20 (2015-3964)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 3.5.0.29 :
    
      - further reduction of code size by Mike Gabriel
    
        - ~/.x2go/config/keystrokes.cfg,
          /etc/x2go/keystrokes.cfg and
          /etc/nxagent/keystrokes.cfg are now respected thanks
          to Horst Schirmeier
    
      - security fixes for CVE-2011-2895, CVE-2011-4028,
        CVE-2013-4396, CVE-2013-6462, CVE-2014-0209,
        CVE-2014-0210, CVE-2014-0211, CVE-2014-8092,
        CVE-2014-8097, CVE-2014-8095, CVE-2014-8096,
        CVE-2014-8099, CVE-2014-8100, CVE-2014-8102,
        CVE-2014-8101, CVE-2014-8093, CVE-2014-8098,
        CVE-2015-0255 by Michael DePaulo
    
      - other (build) bug fixes
    
    Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt
    applications when Xfixes extension is enabled in NX. Thanks to Ulrich
    Sibiller! o Adapt X11 launchd socket path for recent Mac OS X
    versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on
    systems that had dpkg-dev installed) and all RPM based distros. o
    Partly make nxcomp aware of nx-libs's four-digit version string.
    Thanks to Nito Martinez from TheQVD project!
    
      - Fix unowned directories
    
        - Minor cleanup
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152878.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?98af766f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected nx-libs package."
      );
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nx-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/03/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC20", reference:"nx-libs-3.5.0.29-1.fc20")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nx-libs");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-282.NASL
    descriptionA stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2013-6462)
    last seen2020-06-01
    modified2020-06-02
    plugin id72300
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72300
    titleAmazon Linux AMI : libXfont (ALAS-2014-282)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2014-282.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72300);
      script_version("1.5");
      script_cvs_date("Date: 2018/04/18 15:09:35");
    
      script_cve_id("CVE-2013-6462");
      script_xref(name:"ALAS", value:"2014-282");
      script_xref(name:"RHSA", value:"2014:0018");
    
      script_name(english:"Amazon Linux AMI : libXfont (ALAS-2014-282)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A stack-based buffer overflow flaw was found in the way the libXfont
    library parsed Glyph Bitmap Distribution Format (BDF) fonts. A
    malicious, local user could exploit this issue to potentially execute
    arbitrary code with the privileges of the X.Org server.
    (CVE-2013-6462)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2014-282.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update libXfont' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libXfont");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libXfont-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libXfont-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/02/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"libXfont-1.4.5-3.8.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"libXfont-debuginfo-1.4.5-3.8.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"libXfont-devel-1.4.5-3.8.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libXfont / libXfont-debuginfo / libXfont-devel");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0018.NASL
    descriptionFrom Red Hat Security Advisory 2014:0018 : Updated libXfont packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2013-6462) Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id71908
    published2014-01-12
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71908
    titleOracle Linux 5 / 6 : libxfont (ELSA-2014-0018)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2014:0018 and 
    # Oracle Linux Security Advisory ELSA-2014-0018 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71908);
      script_version("1.10");
      script_cvs_date("Date: 2019/09/30 10:58:18");
    
      script_cve_id("CVE-2013-6462");
      script_bugtraq_id(64694);
      script_xref(name:"RHSA", value:"2014:0018");
    
      script_name(english:"Oracle Linux 5 / 6 : libxfont (ELSA-2014-0018)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2014:0018 :
    
    Updated libXfont packages that fix one security issue are now
    available for Red Hat Enterprise Linux 5 and 6.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. A Common Vulnerability Scoring System
    (CVSS) base score, which gives a detailed severity rating, is
    available from the CVE link in the References section.
    
    The libXfont packages provide the X.Org libXfont runtime library.
    X.Org is an open source implementation of the X Window System.
    
    A stack-based buffer overflow flaw was found in the way the libXfont
    library parsed Glyph Bitmap Distribution Format (BDF) fonts. A
    malicious, local user could exploit this issue to potentially execute
    arbitrary code with the privileges of the X.Org server.
    (CVE-2013-6462)
    
    Users of libXfont should upgrade to these updated packages, which
    contain a backported patch to resolve this issue. All running X.Org
    server instances must be restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-January/003910.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-January/003911.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libxfont packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libXfont");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libXfont-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"libXfont-1.2.2-1.0.5.el5_10")) flag++;
    if (rpm_check(release:"EL5", reference:"libXfont-devel-1.2.2-1.0.5.el5_10")) flag++;
    
    if (rpm_check(release:"EL6", reference:"libXfont-1.4.5-3.el6_5")) flag++;
    if (rpm_check(release:"EL6", reference:"libXfont-devel-1.4.5-3.el6_5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libXfont / libXfont-devel");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0018.NASL
    descriptionUpdated libXfont packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2013-6462) Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id71909
    published2014-01-12
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71909
    titleRHEL 5 / 6 : libXfont (RHSA-2014:0018)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:0018. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71909);
      script_version("1.13");
      script_cvs_date("Date: 2019/10/24 15:35:37");
    
      script_cve_id("CVE-2013-6462");
      script_xref(name:"RHSA", value:"2014:0018");
    
      script_name(english:"RHEL 5 / 6 : libXfont (RHSA-2014:0018)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated libXfont packages that fix one security issue are now
    available for Red Hat Enterprise Linux 5 and 6.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. A Common Vulnerability Scoring System
    (CVSS) base score, which gives a detailed severity rating, is
    available from the CVE link in the References section.
    
    The libXfont packages provide the X.Org libXfont runtime library.
    X.Org is an open source implementation of the X Window System.
    
    A stack-based buffer overflow flaw was found in the way the libXfont
    library parsed Glyph Bitmap Distribution Format (BDF) fonts. A
    malicious, local user could exploit this issue to potentially execute
    arbitrary code with the privileges of the X.Org server.
    (CVE-2013-6462)
    
    Users of libXfont should upgrade to these updated packages, which
    contain a backported patch to resolve this issue. All running X.Org
    server instances must be restarted for the update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:0018"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-6462"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected libXfont, libXfont-debuginfo and / or
    libXfont-devel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libXfont");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libXfont-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libXfont-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:0018";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", reference:"libXfont-1.2.2-1.0.5.el5_10")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"libXfont-debuginfo-1.2.2-1.0.5.el5_10")) flag++;
    
      if (rpm_check(release:"RHEL5", reference:"libXfont-devel-1.2.2-1.0.5.el5_10")) flag++;
    
    
      if (rpm_check(release:"RHEL6", reference:"libXfont-1.4.5-3.el6_5")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"libXfont-debuginfo-1.4.5-3.el6_5")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"libXfont-devel-1.4.5-3.el6_5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libXfont / libXfont-debuginfo / libXfont-devel");
      }
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_28C575FA784E11E38249001CC0380077.NASL
    descriptionfreedesktop.org reports : A BDF font file containing a longer than expected string can cause a buffer overflow on the stack. Testing in X servers built with Stack Protector restulted in an immediate crash when reading a user-proveded specially crafted font. As libXfont is used to read user-specified font files in all X servers distributed by X.Org, including the Xorg server which is often run with root privileges or as setuid-root in order to access hardware, this bug may lead to an unprivileged user acquiring root privileges in some systems.
    last seen2020-06-01
    modified2020-06-02
    plugin id71874
    published2014-01-09
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71874
    titleFreeBSD : libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont (28c575fa-784e-11e3-8249-001cc0380077)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71874);
      script_version("1.6");
      script_cvs_date("Date: 2018/11/21 10:46:31");
    
      script_cve_id("CVE-2013-6462");
    
      script_name(english:"FreeBSD : libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont (28c575fa-784e-11e3-8249-001cc0380077)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "freedesktop.org reports :
    
    A BDF font file containing a longer than expected string can cause a
    buffer overflow on the stack. Testing in X servers built with Stack
    Protector restulted in an immediate crash when reading a user-proveded
    specially crafted font.
    
    As libXfont is used to read user-specified font files in all X servers
    distributed by X.Org, including the Xorg server which is often run
    with root privileges or as setuid-root in order to access hardware,
    this bug may lead to an unprivileged user acquiring root privileges in
    some systems."
      );
      # http://lists.x.org/archives/xorg-announce/2014-January/002389.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.x.org/archives/xorg-announce/2014-January/002389.html"
      );
      # https://vuxml.freebsd.org/freebsd/28c575fa-784e-11e3-8249-001cc0380077.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?dc04901a"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:libXfont");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"libXfont<1.4.7,1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0041.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes multiple security issues is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade Red Hat Enterprise Virtualization Hypervisor 6.4 to version 6.5 through the 3.3 Manager administration portal, configuration of the previous system appears to be lost when reported in the TUI. However, this is an issue in the TUI itself, not in the upgrade process; the configuration of the system is not affected. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. (CVE-2013-6449) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606) Red Hat would like to thank the Mozilla project for reporting CVE-2013-5606. Upstream acknowledges Camilo Viecco as the original reporter of CVE-2013-5606. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2013-6462 (libXfont issue) CVE-2013-6629, and CVE-2013-6630 (libjpeg-turbo issues) CVE-2013-1739, CVE-2013-1741, and CVE-2013-5607 (nss, nspr issues) CVE-2013-6450 (openssl issue) CVE-2013-6425 (pixman issue) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id78994
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78994
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2014:0041)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:0041. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78994);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/24 15:35:37");
    
      script_cve_id("CVE-2013-4353", "CVE-2013-5605", "CVE-2013-5606", "CVE-2013-6449");
      script_bugtraq_id(63737, 63738, 64530, 64691);
      script_xref(name:"RHSA", value:"2014:0041");
    
      script_name(english:"RHEL 6 : rhev-hypervisor6 (RHSA-2014:0041)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated rhev-hypervisor6 package that fixes multiple security
    issues is now available.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The rhev-hypervisor6 package provides a Red Hat Enterprise
    Virtualization Hypervisor ISO disk image. The Red Hat Enterprise
    Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine
    (KVM) hypervisor. It includes everything necessary to run and manage
    virtual machines: a subset of the Red Hat Enterprise Linux operating
    environment and the Red Hat Enterprise Virtualization Agent.
    
    Note: Red Hat Enterprise Virtualization Hypervisor is only available
    for the Intel 64 and AMD64 architectures with virtualization
    extensions.
    
    Upgrade Note: If you upgrade Red Hat Enterprise Virtualization
    Hypervisor 6.4 to version 6.5 through the 3.3 Manager administration
    portal, configuration of the previous system appears to be lost when
    reported in the TUI. However, this is an issue in the TUI itself, not
    in the upgrade process; the configuration of the system is not
    affected.
    
    A flaw was found in the way NSS handled invalid handshake packets. A
    remote attacker could use this flaw to cause a TLS/SSL client using
    NSS to crash or, possibly, execute arbitrary code with the privileges
    of the user running the application. (CVE-2013-5605)
    
    A flaw was found in the way OpenSSL determined which hashing algorithm
    to use when TLS protocol version 1.2 was enabled. This could possibly
    cause OpenSSL to use an incorrect hashing algorithm, leading to a
    crash of an application using the library. (CVE-2013-6449)
    
    A NULL pointer dereference flaw was found in the way OpenSSL handled
    TLS/SSL protocol handshake packets. A specially crafted handshake
    packet could cause a TLS/SSL client using OpenSSL to crash.
    (CVE-2013-4353)
    
    It was discovered that NSS did not reject certificates with
    incompatible key usage constraints when validating them while the
    verifyLog feature was enabled. An application using the NSS
    certificate validation API could accept an invalid certificate.
    (CVE-2013-5606)
    
    Red Hat would like to thank the Mozilla project for reporting
    CVE-2013-5606. Upstream acknowledges Camilo Viecco as the original
    reporter of CVE-2013-5606.
    
    This updated package provides updated components that include fixes
    for various security issues. These issues have no security impact on
    Red Hat Enterprise Virtualization Hypervisor itself, however. The
    security fixes included in this update address the following CVE
    numbers :
    
    CVE-2013-6462 (libXfont issue)
    
    CVE-2013-6629, and CVE-2013-6630 (libjpeg-turbo issues)
    
    CVE-2013-1739, CVE-2013-1741, and CVE-2013-5607 (nss, nspr issues)
    
    CVE-2013-6450 (openssl issue)
    
    CVE-2013-6425 (pixman issue)
    
    Users of the Red Hat Enterprise Virtualization Hypervisor are advised
    to upgrade to this updated package, which corrects these issues."
      );
      # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c6b506c4"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:0041"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-5606"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-5605"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-6449"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4353"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected rhev-hypervisor6 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:0041";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", reference:"rhev-hypervisor6-6.5-20140112.0.el6ev")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor6");
      }
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2014-0080.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2014-0209: integer overflow of allocations in font metadata file parsing (bug 1163602, bug 1163601) - CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies (bug 1163602, bug 1163601) - CVE-2014-0211: integer overflows calculating memory needs for xfs replies (bug 1163602, bug 1163601) - CVE-2013-6462.patch: sscanf overflow (bug 1049684) - sscanf-hardening.patch: Some other sscanf hardening fixes (1049684)
    last seen2020-06-01
    modified2020-06-02
    plugin id79557
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79557
    titleOracleVM 3.3 : libXfont (OVMSA-2014-0080)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2014-0080.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79557);
      script_version("1.6");
      script_cvs_date("Date: 2019/09/27 13:00:34");
    
      script_cve_id("CVE-2013-6462", "CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211");
      script_bugtraq_id(64694, 67382);
    
      script_name(english:"OracleVM 3.3 : libXfont (OVMSA-2014-0080)");
      script_summary(english:"Checks the RPM output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - CVE-2014-0209: integer overflow of allocations in font
        metadata file parsing (bug 1163602, bug 1163601)
    
      - CVE-2014-0210: unvalidated length fields when parsing
        xfs protocol replies (bug 1163602, bug 1163601)
    
      - CVE-2014-0211: integer overflows calculating memory
        needs for xfs replies (bug 1163602, bug 1163601)
    
      - CVE-2013-6462.patch: sscanf overflow (bug 1049684)
    
      - sscanf-hardening.patch: Some other sscanf hardening
        fixes (1049684)"
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2014-November/000245.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cfbd88e1"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libXfont package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:libXfont");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.3", reference:"libXfont-1.4.5-4.el6_6")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libXfont");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_XORG-X11-DEVEL-140108.NASL
    descriptionThis update fixes a stack-based buffer overflow in xorg-x11 in the function bdfReadCharacters(). CVE-2013-6462 has been assigned to this issue.
    last seen2020-06-05
    modified2014-02-12
    plugin id72456
    published2014-02-12
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72456
    titleSuSE 11.2 / 11.3 Security Update : xorg-x11 (SAT Patch Numbers 8723 / 8724)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72456);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-6462");
    
      script_name(english:"SuSE 11.2 / 11.3 Security Update : xorg-x11 (SAT Patch Numbers 8723 / 8724)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes a stack-based buffer overflow in xorg-x11 in the
    function bdfReadCharacters(). CVE-2013-6462 has been assigned to this
    issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=854915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6462.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Apply SAT patch number 8723 / 8724 as appropriate."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xorg-x11-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xorg-x11-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xorg-x11-libs-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xorg-x11-devel-7.4-8.26.40.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xorg-x11-libs-7.4-8.26.40.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xorg-x11-devel-7.4-8.26.40.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xorg-x11-libs-7.4-8.26.40.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xorg-x11-libs-32bit-7.4-8.26.40.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xorg-x11-libs-7.4-8.26.40.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xorg-x11-libs-7.4-8.26.40.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xorg-x11-libs-32bit-7.4-8.26.40.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"xorg-x11-libs-7.4-8.26.40.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"xorg-x11-libs-32bit-7.4-8.26.40.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xorg-x11-libs-32bit-7.4-8.26.40.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"xorg-x11-libs-7.4-8.26.40.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"xorg-x11-libs-32bit-7.4-8.26.40.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xorg-x11-libs-32bit-7.4-8.26.40.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-0443.NASL
    descriptionlibXfont 1.4.7, fixes potential stack overflow (CVE-2013-6462), see http://lists.x.org/archives/xorg/2014-January/056265.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-01-13
    plugin id71918
    published2014-01-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71918
    titleFedora 20 : libXfont-1.4.7-1.fc20 (2014-0443)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2014-0443.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71918);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_bugtraq_id(64694);
      script_xref(name:"FEDORA", value:"2014-0443");
    
      script_name(english:"Fedora 20 : libXfont-1.4.7-1.fc20 (2014-0443)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "libXfont 1.4.7, fixes potential stack overflow (CVE-2013-6462), see
    http://lists.x.org/archives/xorg/2014-January/056265.html
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://lists.x.org/archives/xorg/2014-January/056265.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.x.org/archives/xorg/2014-January/056265.html"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/126280.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e80eac47"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libXfont package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libXfont");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC20", reference:"libXfont-1.4.7-1.fc20")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libXfont");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201402-23.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201402-23 (libXfont: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libXfont. Please review the CVE identifiers referenced below for details. Impact : A local attacker could use a specially crafted file to gain privileges or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id72637
    published2014-02-23
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72637
    titleGLSA-201402-23 : libXfont: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201402-23.
    #
    # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72637);
      script_version("1.7");
      script_cvs_date("Date: 2018/07/12 19:01:15");
    
      script_cve_id("CVE-2011-2895", "CVE-2013-6462");
      script_bugtraq_id(49124, 64694);
      script_xref(name:"GLSA", value:"201402-23");
    
      script_name(english:"GLSA-201402-23 : libXfont: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201402-23
    (libXfont: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in libXfont. Please review
          the CVE identifiers referenced below for details.
      
    Impact :
    
        A local attacker could use a specially crafted file to gain privileges
          or cause a Denial of Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201402-23"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All libXfont users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=x11-libs/libXfont-1.4.7 '"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libXfont");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"x11-libs/libXfont", unaffected:make_list("ge 1.4.7 "), vulnerable:make_list("lt 1.4.7 "))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libXfont");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-3948.NASL
    descriptionUpdate to 3.5.0.29 : - further reduction of code size by Mike Gabriel - ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101, CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo - other (build) bug fixes Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs
    last seen2020-06-05
    modified2015-03-27
    plugin id82278
    published2015-03-27
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82278
    titleFedora 21 : nx-libs-3.5.0.29-1.fc21 (2015-3948)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2015-3948.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82278);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_xref(name:"FEDORA", value:"2015-3948");
    
      script_name(english:"Fedora 21 : nx-libs-3.5.0.29-1.fc21 (2015-3948)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 3.5.0.29 :
    
      - further reduction of code size by Mike Gabriel
    
        - ~/.x2go/config/keystrokes.cfg,
          /etc/x2go/keystrokes.cfg and
          /etc/nxagent/keystrokes.cfg are now respected thanks
          to Horst Schirmeier
    
      - security fixes for CVE-2011-2895, CVE-2011-4028,
        CVE-2013-4396, CVE-2013-6462, CVE-2014-0209,
        CVE-2014-0210, CVE-2014-0211, CVE-2014-8092,
        CVE-2014-8097, CVE-2014-8095, CVE-2014-8096,
        CVE-2014-8099, CVE-2014-8100, CVE-2014-8102,
        CVE-2014-8101, CVE-2014-8093, CVE-2014-8098,
        CVE-2015-0255 by Michael DePaulo
    
      - other (build) bug fixes
    
    Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt
    applications when Xfixes extension is enabled in NX. Thanks to Ulrich
    Sibiller! o Adapt X11 launchd socket path for recent Mac OS X
    versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on
    systems that had dpkg-dev installed) and all RPM based distros. o
    Partly make nxcomp aware of nx-libs's four-digit version string.
    Thanks to Nito Martinez from TheQVD project!
    
      - Fix unowned directories
    
        - Minor cleanup
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/153106.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?39a7deb6"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected nx-libs package."
      );
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nx-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/03/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC21", reference:"nx-libs-3.5.0.29-1.fc21")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nx-libs");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-45.NASL
    description- U_CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.p atch - unlimited sscanf overflows stack buffer in bdfReadCharacters() (CVE-2013-6462, bnc#854915)
    last seen2020-06-05
    modified2014-06-13
    plugin id75391
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75391
    titleopenSUSE Security Update : libXfont (openSUSE-SU-2014:0073-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2014-45.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75391);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-6462");
      script_bugtraq_id(64694);
    
      script_name(english:"openSUSE Security Update : libXfont (openSUSE-SU-2014:0073-1)");
      script_summary(english:"Check for the openSUSE-2014-45 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "-
        U_CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.p
        atch 
    
      - unlimited sscanf overflows stack buffer in
        bdfReadCharacters() (CVE-2013-6462, bnc#854915)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=854915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2014-01/msg00050.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libXfont packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont1-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libXfont1-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.2|SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2 / 12.3 / 13.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.2", reference:"libXfont-debugsource-1.4.5-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libXfont-devel-1.4.5-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libXfont1-1.4.5-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"libXfont1-debuginfo-1.4.5-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libXfont-devel-32bit-1.4.5-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libXfont1-32bit-1.4.5-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"libXfont1-debuginfo-32bit-1.4.5-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libXfont-debugsource-1.4.5-4.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libXfont-devel-1.4.5-4.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libXfont1-1.4.5-4.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"libXfont1-debuginfo-1.4.5-4.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libXfont-devel-32bit-1.4.5-4.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libXfont1-32bit-1.4.5-4.4.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libXfont1-debuginfo-32bit-1.4.5-4.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libXfont-debugsource-1.4.6-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libXfont-devel-1.4.6-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libXfont1-1.4.6-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libXfont1-debuginfo-1.4.6-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libXfont-devel-32bit-1.4.6-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libXfont1-32bit-1.4.6-2.4.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libXfont1-debuginfo-32bit-1.4.6-2.4.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libXfont-debugsource / libXfont-devel / libXfont-devel-32bit / etc");
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2014-013-01.NASL
    descriptionNew libXfont packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id71929
    published2014-01-14
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71929
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : libXfont (SSA:2014-013-01)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2014-013-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71929);
      script_version("1.4");
      script_cvs_date("Date: 2019/01/02 16:37:56");
    
      script_cve_id("CVE-2013-6462");
      script_bugtraq_id(64694);
      script_xref(name:"SSA", value:"2014-013-01");
    
      script_name(english:"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : libXfont (SSA:2014-013-01)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New libXfont packages are available for Slackware 13.0, 13.1, 13.37,
    14.0, 14.1, and -current to fix a security issue."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.509140
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?880573d9"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libXfont package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:libXfont");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.37");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"13.0", pkgname:"libXfont", pkgver:"1.4.7", pkgarch:"i486", pkgnum:"1_slack13.0")) flag++;
    if (slackware_check(osver:"13.0", arch:"x86_64", pkgname:"libXfont", pkgver:"1.4.7", pkgarch:"x86_64", pkgnum:"1_slack13.0")) flag++;
    
    if (slackware_check(osver:"13.1", pkgname:"libXfont", pkgver:"1.4.7", pkgarch:"i486", pkgnum:"1_slack13.1")) flag++;
    if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"libXfont", pkgver:"1.4.7", pkgarch:"x86_64", pkgnum:"1_slack13.1")) flag++;
    
    if (slackware_check(osver:"13.37", pkgname:"libXfont", pkgver:"1.4.7", pkgarch:"i486", pkgnum:"1_slack13.37")) flag++;
    if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"libXfont", pkgver:"1.4.7", pkgarch:"x86_64", pkgnum:"1_slack13.37")) flag++;
    
    if (slackware_check(osver:"14.0", pkgname:"libXfont", pkgver:"1.4.7", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++;
    if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"libXfont", pkgver:"1.4.7", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++;
    
    if (slackware_check(osver:"14.1", pkgname:"libXfont", pkgver:"1.4.7", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"libXfont", pkgver:"1.4.7", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"libXfont", pkgver:"1.4.7", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"libXfont", pkgver:"1.4.7", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-3953.NASL
    descriptionUpdate to 3.5.0.29 : - further reduction of code size by Mike Gabriel - ~/.x2go/config/keystrokes.cfg, /etc/x2go/keystrokes.cfg and /etc/nxagent/keystrokes.cfg are now respected thanks to Horst Schirmeier - security fixes for CVE-2011-2895, CVE-2011-4028, CVE-2013-4396, CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211, CVE-2014-8092, CVE-2014-8097, CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8102, CVE-2014-8101, CVE-2014-8093, CVE-2014-8098, CVE-2015-0255 by Michael DePaulo - other (build) bug fixes Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs
    last seen2020-06-05
    modified2015-03-23
    plugin id81988
    published2015-03-23
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81988
    titleFedora 22 : nx-libs-3.5.0.29-1.fc22 (2015-3953)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-0467.NASL
    descriptionFix CVE-2013-6462, potential stack overflow, see http://lists.x.org/archives/xorg/2014-January/056265.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-01-29
    plugin id72189
    published2014-01-29
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72189
    titleFedora 19 : libXfont-1.4.5-5.fc19 (2014-0467)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2838.NASL
    descriptionIt was discovered that a buffer overflow in the processing of Glyph Bitmap Distribution fonts (BDF) could result in the execution of arbitrary code.
    last seen2020-03-17
    modified2014-01-08
    plugin id71850
    published2014-01-08
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71850
    titleDebian DSA-2838-1 : libxfont - buffer overflow
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2078-1.NASL
    descriptionIt was discovered that libXfont incorrectly handled certain malformed BDF fonts. An attacker could use a specially crafted font file to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2014-01-08
    plugin id71855
    published2014-01-08
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71855
    titleUbuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : libxfont vulnerability (USN-2078-1)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_XORG_20140326.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - Stack-based buffer overflow in the bdfReadCharacters function in bitmap/ bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file. (CVE-2013-6462)
    last seen2020-06-01
    modified2020-06-02
    plugin id80820
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80820
    titleOracle Solaris Third-Party Patch Update : xorg (cve_2013_6462_buffer_errors)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-013.NASL
    descriptionA vulnerability has been discovered and corrected in libxfont : Stack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file (CVE-2013-6462). The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id72081
    published2014-01-22
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72081
    titleMandriva Linux Security Advisory : libxfont (MDVSA-2014:013)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140110_LIBXFONT_ON_SL5_X.NASL
    descriptionA stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2013-6462) All running X.Org server instances must be restarted for the update to take effect.
    last seen2020-03-18
    modified2014-01-12
    plugin id71910
    published2014-01-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71910
    titleScientific Linux Security Update : libXfont on SL5.x, SL6.x i386/x86_64 (20140110)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0018.NASL
    descriptionUpdated libXfont packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2013-6462) Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id71901
    published2014-01-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71901
    titleCentOS 5 / 6 : libXfont (CESA-2014:0018)
  • NASL familyMisc.
    NASL idORACLE_SECURE_GLOBAL_DESKTOP_APR_2014_CPU.NASL
    descriptionThe remote host has a version of Oracle Secure Global Desktop that is version 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by the following vulnerabilities : - A buffer overflow flaw exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id73596
    published2014-04-17
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73596
    titleOracle Secure Global Desktop Multiple Vulnerabilities (April 2014 CPU)

Redhat

advisories
bugzilla
id1048044
titleCVE-2013-6462 libXfont: stack-based buffer overflow flaw when parsing Glyph Bitmap Distribution Format (BDF) fonts
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentlibXfont is earlier than 0:1.2.2-1.0.5.el5_10
          ovaloval:com.redhat.rhsa:tst:20140018001
        • commentlibXfont is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070132002
      • AND
        • commentlibXfont-devel is earlier than 0:1.2.2-1.0.5.el5_10
          ovaloval:com.redhat.rhsa:tst:20140018003
        • commentlibXfont-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070132004
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • commentlibXfont is earlier than 0:1.4.5-3.el6_5
          ovaloval:com.redhat.rhsa:tst:20140018006
        • commentlibXfont is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111154007
      • AND
        • commentlibXfont-devel is earlier than 0:1.4.5-3.el6_5
          ovaloval:com.redhat.rhsa:tst:20140018008
        • commentlibXfont-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20111154009
rhsa
idRHSA-2014:0018
released2014-01-10
severityImportant
titleRHSA-2014:0018: libXfont security update (Important)
rpms
  • libXfont-0:1.2.2-1.0.5.el5_10
  • libXfont-0:1.4.5-3.el6_5
  • libXfont-debuginfo-0:1.2.2-1.0.5.el5_10
  • libXfont-debuginfo-0:1.4.5-3.el6_5
  • libXfont-devel-0:1.2.2-1.0.5.el5_10
  • libXfont-devel-0:1.4.5-3.el6_5

The Hacker News

idTHN:7C8341277DF73F1C81CB710E806AEDF2
last seen2018-01-27
modified2014-01-09
published2014-01-09
reporterSudhir K Bansal
sourcehttps://thehackernews.com/2014/01/23-year-old-stack-overflow.html
title23-year-old Stack overflow vulnerability discovered in X11 Server