Executive Summary
Summary | |
---|---|
Title | NX: User-assisted execution of arbitrary code |
Informations | |||
---|---|---|---|
Name | GLSA-200807-07 | First vendor Publication | 2008-07-09 |
Vendor | Gentoo | Last vendor Modification | 2008-07-09 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis NX uses code from the X.org X11 server which is prone to multiple vulnerabilities. Background Description Impact Workaround Resolution All NX users should upgrade to the latest version: References Availability http://security.gentoo.org/glsa/glsa-200807-07.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-200807-07.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11246 | |||
Oval ID: | oval:org.mitre.oval:def:11246 | ||
Title: | Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption. | ||
Description: | Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2362 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17578 | |||
Oval ID: | oval:org.mitre.oval:def:17578 | ||
Title: | USN-616-1 -- xorg-server vulnerabilities | ||
Description: | Multiple flaws were found in the RENDER, RECORD, and Security extensions of X.org which did not correctly validate function arguments. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-616-1 CVE-2008-1377 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362 CVE-2008-1379 | Version: | 5 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | xorg-server |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19727 | |||
Oval ID: | oval:org.mitre.oval:def:19727 | ||
Title: | HP-UX Running Xserver, Remote Execution of Arbitrary Code | ||
Description: | The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1377 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19771 | |||
Oval ID: | oval:org.mitre.oval:def:19771 | ||
Title: | HP-UX Running Xserver, Remote Execution of Arbitrary Code | ||
Description: | Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1379 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20128 | |||
Oval ID: | oval:org.mitre.oval:def:20128 | ||
Title: | DSA-1595-1 xorg-server - several vulnerabilities | ||
Description: | Several local vulnerabilities have been discovered in the X Window system. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1595-1 CVE-2008-1377 CVE-2008-1379 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xorg-server |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21810 | |||
Oval ID: | oval:org.mitre.oval:def:21810 | ||
Title: | ELSA-2008:0504: xorg-x11-server security update (Important) | ||
Description: | Multiple integer overflows in the Render extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via a (1) SProcRenderCreateLinearGradient, (2) SProcRenderCreateRadialGradient, or (3) SProcRenderCreateConicalGradient request with an invalid field specifying the number of bytes to swap in the request data, which triggers heap memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0504-01 CVE-2008-1377 CVE-2008-1379 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362 | Version: | 25 |
Platform(s): | Oracle Linux 5 | Product(s): | xorg-x11-server |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8313 | |||
Oval ID: | oval:org.mitre.oval:def:8313 | ||
Title: | DSA-1595 xorg-server -- several vulnerabilities | ||
Description: | Several local vulnerabilities have been discovered in the X Window system. The Common Vulnerabilities and Exposures project identifies the following problems: Lack of validation of the parameters of the SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions makes it possible for a specially crafted request to trigger the swapping of bytes outside the parameter of these requests, causing memory corruption. An integer overflow in the validation of the parameters of the ShmPutImage() request makes it possible to trigger the copy of arbitrary server memory to a pixmap that can subsequently be read by the client, to read arbitrary parts of the X server memory space. An integer overflow may occur in the computation of the size of the glyph to be allocated by the AllocateGlyph() function which will cause less memory to be allocated than expected, leading to later heap overflow. An integer overflow may occur in the computation of the size of the glyph to be allocated by the ProcRenderCreateCursor() function which will cause less memory to be allocated than expected, leading later to dereferencing un-mapped memory, causing a crash of the X server. Integer overflows can also occur in the code validating the parameters for the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient and SProcRenderCreateConicalGradient functions, leading to memory corruption by swapping bytes outside of the intended request parameters. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1595 CVE-2008-1377 CVE-2008-1379 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xorg-server |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X Security Update 2009-001 File : nvt/macosx_secupd_2009-001.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : SLES10: Security update for X.org File : nvt/sles10_xorg-x11-Xnest.nasl |
2009-10-10 | Name : SLES9: Security update for XFree86 File : nvt/sles9p5027942.nasl |
2009-05-05 | Name : HP-UX Update for Xserver HPSBUX02381 File : nvt/gb_hp_ux_HPSBUX02381.nasl |
2009-04-09 | Name : Mandriva Update for metisse MDVSA-2008:179 (metisse) File : nvt/gb_mandriva_MDVSA_2008_179.nasl |
2009-04-09 | Name : Mandriva Update for x11-server MDVSA-2008:116 (x11-server) File : nvt/gb_mandriva_MDVSA_2008_116.nasl |
2009-03-23 | Name : Ubuntu Update for xorg-server vulnerabilities USN-616-1 File : nvt/gb_ubuntu_USN_616_1.nasl |
2009-03-06 | Name : RedHat Update for XFree86 RHSA-2008:0502-01 File : nvt/gb_RHSA-2008_0502-01_XFree86.nasl |
2009-03-06 | Name : RedHat Update for xorg-x11 RHSA-2008:0503-01 File : nvt/gb_RHSA-2008_0503-01_xorg-x11.nasl |
2009-03-06 | Name : RedHat Update for xorg-x11-server RHSA-2008:0504-01 File : nvt/gb_RHSA-2008_0504-01_xorg-x11-server.nasl |
2009-03-06 | Name : RedHat Update for XFree86 RHSA-2008:0512-01 File : nvt/gb_RHSA-2008_0512-01_XFree86.nasl |
2009-02-27 | Name : CentOS Update for XFree86 CESA-2008:0512-01 centos2 i386 File : nvt/gb_CESA-2008_0512-01_XFree86_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for xorg-x11 CESA-2008:0503 centos4 x86_64 File : nvt/gb_CESA-2008_0503_xorg-x11_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for xorg-x11 CESA-2008:0503 centos4 i386 File : nvt/gb_CESA-2008_0503_xorg-x11_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for XFree86-100dpi-fonts CESA-2008:0502 centos3 x86_64 File : nvt/gb_CESA-2008_0502_XFree86-100dpi-fonts_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for XFree86-100dpi-fonts CESA-2008:0502 centos3 i386 File : nvt/gb_CESA-2008_0502_XFree86-100dpi-fonts_centos3_i386.nasl |
2009-02-17 | Name : Fedora Update for xorg-x11-server FEDORA-2008-5279 File : nvt/gb_fedora_2008_5279_xorg-x11-server_fc8.nasl |
2009-02-17 | Name : Fedora Update for xorg-x11-server FEDORA-2008-5285 File : nvt/gb_fedora_2008_5285_xorg-x11-server_fc7.nasl |
2009-02-17 | Name : Fedora Update for xorg-x11-server FEDORA-2008-5254 File : nvt/gb_fedora_2008_5254_xorg-x11-server_fc9.nasl |
2009-01-23 | Name : SuSE Update for xorg-x11,XFree86 SUSE-SA:2008:027 File : nvt/gb_suse_2008_027.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200806-07 (xorg-server) File : nvt/glsa_200806_07.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200807-07 (nx, nxnode) File : nvt/glsa_200807_07.nasl |
2008-09-04 | Name : FreeBSD Ports: xorg-server File : nvt/freebsd_xorg-server1.nasl |
2008-06-28 | Name : Debian Security Advisory DSA 1595-1 (xorg-server) File : nvt/deb_1595_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-183-01 xorg-server File : nvt/esoft_slk_ssa_2008_183_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
46191 | X.Org X11 X Server Render Extension Gradient Creation Multiple Function Overf... |
46190 | X.Org X11 X Server Render Extension ProcRenderCreateCursor() Function Overflow |
46189 | X.Org X11 X Server Render Extension AllocateGlyph() Function Local Overflow |
46188 | X.Org X11 X Server MIT-SHM Extension fbShmPutImage() Function Arbitrary Memor... |
46187 | X.Org X11 X Server Record and Security Extensions Multiple Function Memory Co... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0504.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0503.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0502.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080611_XFree86_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080611_xorg_x11_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080611_xorg_x11_server_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0504.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12170.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_xorg-x11-Xvnc-080616.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_xgl-080815.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-179.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-116.nasl - Type : ACT_GATHER_INFO |
2009-02-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-001.nasl - Type : ACT_GATHER_INFO |
2008-11-11 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34392.nasl - Type : ACT_GATHER_INFO |
2008-11-11 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_38840.nasl - Type : ACT_GATHER_INFO |
2008-11-11 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_37972.nasl - Type : ACT_GATHER_INFO |
2008-09-28 | Name : The remote openSUSE host is missing a security update. File : suse_xgl-5526.nasl - Type : ACT_GATHER_INFO |
2008-09-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xgl-5528.nasl - Type : ACT_GATHER_INFO |
2008-07-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200807-07.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-183-01.nasl - Type : ACT_GATHER_INFO |
2008-07-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0503.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200806-07.nasl - Type : ACT_GATHER_INFO |
2008-06-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-616-1.nasl - Type : ACT_GATHER_INFO |
2008-06-16 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_800e8bd53acb11dd8842001302a18722.nasl - Type : ACT_GATHER_INFO |
2008-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5285.nasl - Type : ACT_GATHER_INFO |
2008-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5279.nasl - Type : ACT_GATHER_INFO |
2008-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5254.nasl - Type : ACT_GATHER_INFO |
2008-06-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1595.nasl - Type : ACT_GATHER_INFO |
2008-06-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0502.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0512.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0504.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0503.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0502.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xorg-x11-Xnest-5321.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote openSUSE host is missing a security update. File : suse_xorg-x11-Xvnc-5317.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote openSUSE host is missing a security update. File : suse_xorg-x11-server-5316.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:35:57 |
|
2013-05-11 00:44:50 |
|