Executive Summary
Summary | |
---|---|
Title | X.org server vulnerability |
Informations | |||
---|---|---|---|
Name | USN-280-1 | First vendor Publication | 2006-05-04 |
Vendor | Ubuntu | Last vendor Modification | 2006-05-04 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: xserver-xorg xserver-xorg-core The problem can be corrected by upgrading the affected package to version 6.8.2-10.2 (for Ubuntu 5.04) or 6.8.2-77.1 (for Ubuntu 5.10). After a standard system upgrade you need to restart X.org by restarting your session to effect the necessary changes. Details follow: The Render extension of the X.org server incorrectly calculated the size of a memory buffer, which led to a buffer overflow. A local attacker could exploit this to crash the X server or even execute arbitrary code with root privileges. |
Original Source
Url : http://www.ubuntu.com/usn/USN-280-1 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9929 | |||
Oval ID: | oval:org.mitre.oval:def:9929 | ||
Title: | Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue. | ||
Description: | Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-1526 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
OpenVAS Exploits
Date | Description |
---|---|
2009-02-27 | Name : Fedora Update for xorg-x11-server FEDORA-2007-036 File : nvt/gb_fedora_2007_036_xorg-x11-server_fc5.nasl |
2009-02-27 | Name : Fedora Update for xorg-x11-server FEDORA-2007-424 File : nvt/gb_fedora_2007_424_xorg-x11-server_fc5.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200605-02 (X.Org) File : nvt/glsa_200605_02.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2006-123-01 xorg server overflow File : nvt/esoft_slk_ssa_2006_123_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
25191 | X.Org / X11 Render Extension Authenticated Remote Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-04-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-424.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-483.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-484.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-036.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0451.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2006-123-01.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-081.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0451.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-280-1.nasl - Type : ACT_GATHER_INFO |
2006-05-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200605-02.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:03:26 |
|