Executive Summary
Summary | |
---|---|
Title | XFree86 security update |
Informations | |||
---|---|---|---|
Name | RHSA-2008:0502 | First vendor Publication | 2008-06-11 |
Vendor | RedHat | Last vendor Modification | 2008-06-11 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated XFree86 packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. An input validation flaw was discovered in X.org's Security and Record extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or, potentially, execute arbitrary code with root privileges on the X.Org server. (CVE-2008-1377) Multiple integer overflow flaws were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or, potentially, execute arbitrary code with root privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361) An input validation flaw was discovered in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory. This could result in the sensitive data of other users of the X.org server being disclosed. (CVE-2008-1379) Users of XFree86 are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 445403 - CVE-2008-1377 X.org Record and Security extensions memory corruption 445414 - CVE-2008-1379 X.org MIT-SHM extension arbitrary memory read 448783 - CVE-2008-2360 X.org Render extension AllocateGlyph() heap buffer overflow 448784 - CVE-2008-2361 X.org Render extension ProcRenderCreateCursor() crash |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2008-0502.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17578 | |||
Oval ID: | oval:org.mitre.oval:def:17578 | ||
Title: | USN-616-1 -- xorg-server vulnerabilities | ||
Description: | Multiple flaws were found in the RENDER, RECORD, and Security extensions of X.org which did not correctly validate function arguments. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-616-1 CVE-2008-1377 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362 CVE-2008-1379 | Version: | 5 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | xorg-server |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19727 | |||
Oval ID: | oval:org.mitre.oval:def:19727 | ||
Title: | HP-UX Running Xserver, Remote Execution of Arbitrary Code | ||
Description: | The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients functions in the Record extension and the (3) SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with crafted length values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1377 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19771 | |||
Oval ID: | oval:org.mitre.oval:def:19771 | ||
Title: | HP-UX Running Xserver, Remote Execution of Arbitrary Code | ||
Description: | Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1379 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X Security Update 2009-001 File : nvt/macosx_secupd_2009-001.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : SLES10: Security update for X.org File : nvt/sles10_xorg-x11-Xnest.nasl |
2009-10-10 | Name : SLES9: Security update for XFree86 File : nvt/sles9p5027942.nasl |
2009-05-05 | Name : HP-UX Update for Xserver HPSBUX02381 File : nvt/gb_hp_ux_HPSBUX02381.nasl |
2009-04-09 | Name : Mandriva Update for metisse MDVSA-2008:179 (metisse) File : nvt/gb_mandriva_MDVSA_2008_179.nasl |
2009-04-09 | Name : Mandriva Update for x11-server MDVSA-2008:116 (x11-server) File : nvt/gb_mandriva_MDVSA_2008_116.nasl |
2009-03-23 | Name : Ubuntu Update for xorg-server vulnerabilities USN-616-1 File : nvt/gb_ubuntu_USN_616_1.nasl |
2009-03-06 | Name : RedHat Update for XFree86 RHSA-2008:0502-01 File : nvt/gb_RHSA-2008_0502-01_XFree86.nasl |
2009-03-06 | Name : RedHat Update for xorg-x11 RHSA-2008:0503-01 File : nvt/gb_RHSA-2008_0503-01_xorg-x11.nasl |
2009-03-06 | Name : RedHat Update for xorg-x11-server RHSA-2008:0504-01 File : nvt/gb_RHSA-2008_0504-01_xorg-x11-server.nasl |
2009-03-06 | Name : RedHat Update for XFree86 RHSA-2008:0512-01 File : nvt/gb_RHSA-2008_0512-01_XFree86.nasl |
2009-02-27 | Name : CentOS Update for XFree86 CESA-2008:0512-01 centos2 i386 File : nvt/gb_CESA-2008_0512-01_XFree86_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for xorg-x11 CESA-2008:0503 centos4 x86_64 File : nvt/gb_CESA-2008_0503_xorg-x11_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for xorg-x11 CESA-2008:0503 centos4 i386 File : nvt/gb_CESA-2008_0503_xorg-x11_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for XFree86-100dpi-fonts CESA-2008:0502 centos3 x86_64 File : nvt/gb_CESA-2008_0502_XFree86-100dpi-fonts_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for XFree86-100dpi-fonts CESA-2008:0502 centos3 i386 File : nvt/gb_CESA-2008_0502_XFree86-100dpi-fonts_centos3_i386.nasl |
2009-02-17 | Name : Fedora Update for xorg-x11-server FEDORA-2008-5279 File : nvt/gb_fedora_2008_5279_xorg-x11-server_fc8.nasl |
2009-02-17 | Name : Fedora Update for xorg-x11-server FEDORA-2008-5285 File : nvt/gb_fedora_2008_5285_xorg-x11-server_fc7.nasl |
2009-02-17 | Name : Fedora Update for xorg-x11-server FEDORA-2008-5254 File : nvt/gb_fedora_2008_5254_xorg-x11-server_fc9.nasl |
2009-01-23 | Name : SuSE Update for xorg-x11,XFree86 SUSE-SA:2008:027 File : nvt/gb_suse_2008_027.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200806-07 (xorg-server) File : nvt/glsa_200806_07.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200807-07 (nx, nxnode) File : nvt/glsa_200807_07.nasl |
2008-09-04 | Name : FreeBSD Ports: xorg-server File : nvt/freebsd_xorg-server1.nasl |
2008-06-28 | Name : Debian Security Advisory DSA 1595-1 (xorg-server) File : nvt/deb_1595_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-183-01 xorg-server File : nvt/esoft_slk_ssa_2008_183_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
46190 | X.Org X11 X Server Render Extension ProcRenderCreateCursor() Function Overflow |
46189 | X.Org X11 X Server Render Extension AllocateGlyph() Function Local Overflow |
46188 | X.Org X11 X Server MIT-SHM Extension fbShmPutImage() Function Arbitrary Memor... |
46187 | X.Org X11 X Server Record and Security Extensions Multiple Function Memory Co... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0504.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0503.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0502.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080611_XFree86_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080611_xorg_x11_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080611_xorg_x11_server_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0504.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12170.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_xorg-x11-Xvnc-080616.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_xgl-080815.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-179.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-116.nasl - Type : ACT_GATHER_INFO |
2009-02-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-001.nasl - Type : ACT_GATHER_INFO |
2008-11-11 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_37972.nasl - Type : ACT_GATHER_INFO |
2008-11-11 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_38840.nasl - Type : ACT_GATHER_INFO |
2008-11-11 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_34392.nasl - Type : ACT_GATHER_INFO |
2008-09-28 | Name : The remote openSUSE host is missing a security update. File : suse_xgl-5526.nasl - Type : ACT_GATHER_INFO |
2008-09-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xgl-5528.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-183-01.nasl - Type : ACT_GATHER_INFO |
2008-07-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0503.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200806-07.nasl - Type : ACT_GATHER_INFO |
2008-06-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-616-1.nasl - Type : ACT_GATHER_INFO |
2008-06-16 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_800e8bd53acb11dd8842001302a18722.nasl - Type : ACT_GATHER_INFO |
2008-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5285.nasl - Type : ACT_GATHER_INFO |
2008-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5279.nasl - Type : ACT_GATHER_INFO |
2008-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5254.nasl - Type : ACT_GATHER_INFO |
2008-06-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1595.nasl - Type : ACT_GATHER_INFO |
2008-06-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0502.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0512.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0504.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0503.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0502.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xorg-x11-Xnest-5321.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote openSUSE host is missing a security update. File : suse_xorg-x11-Xvnc-5317.nasl - Type : ACT_GATHER_INFO |
2008-06-12 | Name : The remote openSUSE host is missing a security update. File : suse_xorg-x11-server-5316.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:51:41 |
|