This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Rpath | First view | 2007-01-26 |
| Product | Rpath Linux | Last view | 2008-02-28 |
| Version | Type | Os | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:o:rpath:rpath_linux:1:*:*:*:*:*:*:* | 3 |
| cpe:2.3:o:rpath:rpath_linux:*:*:*:*:*:*:*:* | 1 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.2 | 2008-02-28 | CVE-2008-1078 | expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1. |
| 4.9 | 2007-10-28 | CVE-2007-5686 | initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers. |
| 8.5 | 2007-04-05 | CVE-2007-1351 | Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. |
| 7.2 | 2007-01-26 | CVE-2007-0536 | The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 33% (1) | CWE-189 | Numeric Errors |
| 33% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:8204 | DSA-1454 freetype -- integer overflow |
| oval:org.mitre.oval:def:20063 | DSA-1454-1 freetype - arbitrary code execution |
| oval:org.mitre.oval:def:1810 | Multiple vulnerabilities in libfreetype, Xsun(1) and Xorg(1) |
| oval:org.mitre.oval:def:11266 | Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org ... |
| oval:org.mitre.oval:def:21782 | ELSA-2007:0150: freetype security update (Moderate) |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 43039 | Multiple Linux am-utils / net-fs expn expn[PID] Symlink Arbitrary File Overwrite |
| 40746 | rPath initscripts /var/log/btmp Local Information Disclosure |
| 34918 | X.Org X11 libXfont bdfReadCharacters Function BDF Font Handling Overflow |
| 34917 | FreeType bdfReadCharacters Function BDF Font Handling Overflow |
| 32972 | rMake chroot Helper Package Installation Permission Weakness |
OpenVAS Exploits
| id | Description |
|---|---|
| 2010-05-12 | Name : Mac OS X Security Update 2009-001 File : nvt/macosx_secupd_2009-001.nasl |
| 2009-10-10 | Name : SLES9: Security update for some XFree86 modules File : nvt/sles9p5021116.nasl |
| 2009-10-10 | Name : SLES9: Security update for freetype2 File : nvt/sles9p5013340.nasl |
| 2009-04-09 | Name : Mandriva Update for xorg-x11 MDKSA-2007:079 (xorg-x11) File : nvt/gb_mandriva_MDKSA_2007_079.nasl |
| 2009-04-09 | Name : Mandriva Update for xorg-x11 MDKSA-2007:079-1 (xorg-x11) File : nvt/gb_mandriva_MDKSA_2007_079_1.nasl |
| 2009-04-09 | Name : Mandriva Update for tightvnc MDKSA-2007:080 (tightvnc) File : nvt/gb_mandriva_MDKSA_2007_080.nasl |
| 2009-04-09 | Name : Mandriva Update for tightvnc MDKSA-2007:080-1 (tightvnc) File : nvt/gb_mandriva_MDKSA_2007_080_1.nasl |
| 2009-04-09 | Name : Mandriva Update for freetype2 MDKSA-2007:081 (freetype2) File : nvt/gb_mandriva_MDKSA_2007_081.nasl |
| 2009-04-09 | Name : Mandriva Update for freetype2 MDKSA-2007:081-1 (freetype2) File : nvt/gb_mandriva_MDKSA_2007_081_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for freetype, libxfont, xorg, xorg-server vulnerabilities USN-... File : nvt/gb_ubuntu_USN_448_1.nasl |
| 2009-01-28 | Name : SuSE Update for XFree86, Xorg SUSE-SA:2007:027 File : nvt/gb_suse_2007_027.nasl |
| 2009-01-07 | Name : Fedora Core 9 FEDORA-2008-10755 (am-utils) File : nvt/fcore_2008_10755.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200705-02 (freetype) File : nvt/glsa_200705_02.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200705-10 (tightvnc, libxfont) File : nvt/glsa_200705_10.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-09 (am-utils) File : nvt/glsa_200804_09.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200805-07 (ltsp) File : nvt/glsa_200805_07.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1454-1 (freetype) File : nvt/deb_1454_1.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2007-109-01 freetype File : nvt/esoft_slk_ssa_2007_109_01.nasl |
Nessus® Vulnerability Scanner
This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-0150.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-0132.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-0126.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-0125.nasl - Type: ACT_GATHER_INFO |
| 2009-02-13 | Name: The remote host is missing a Mac OS X update that fixes various security issues. File: macosx_SecUpd2009-001.nasl - Type: ACT_GATHER_INFO |
| 2009-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2008-10755.nasl - Type: ACT_GATHER_INFO |
| 2008-04-17 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200804-09.nasl - Type: ACT_GATHER_INFO |
| 2008-01-08 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1454.nasl - Type: ACT_GATHER_INFO |
| 2007-12-13 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_freetype2-3067.nasl - Type: ACT_GATHER_INFO |
| 2007-12-13 | Name: The remote SuSE 10 host is missing a security-related patch. File: suse_xorg-x11-server-3083.nasl - Type: ACT_GATHER_INFO |
| 2007-11-10 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-448-1.nasl - Type: ACT_GATHER_INFO |
| 2007-10-17 | Name: The remote openSUSE host is missing a security update. File: suse_xorg-x11-server-3082.nasl - Type: ACT_GATHER_INFO |
| 2007-10-17 | Name: The remote openSUSE host is missing a security update. File: suse_freetype2-3066.nasl - Type: ACT_GATHER_INFO |
| 2007-05-25 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2007-0132.nasl - Type: ACT_GATHER_INFO |
| 2007-05-20 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1294.nasl - Type: ACT_GATHER_INFO |
| 2007-05-10 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200705-10.nasl - Type: ACT_GATHER_INFO |
| 2007-05-02 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-200705-02.nasl - Type: ACT_GATHER_INFO |
| 2007-04-30 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2007-109-01.nasl - Type: ACT_GATHER_INFO |
| 2007-04-19 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2007-0150.nasl - Type: ACT_GATHER_INFO |
| 2007-04-19 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2007-0150.nasl - Type: ACT_GATHER_INFO |
| 2007-04-10 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2007-0126.nasl - Type: ACT_GATHER_INFO |
| 2007-04-05 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2007-081.nasl - Type: ACT_GATHER_INFO |
| 2007-04-05 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2007-0126.nasl - Type: ACT_GATHER_INFO |
| 2007-04-05 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2007-0125.nasl - Type: ACT_GATHER_INFO |
| 2007-04-05 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2007-080.nasl - Type: ACT_GATHER_INFO |
