Executive Summary
Summary | |
---|---|
Title | New XFree86 packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-1193 | First vendor Publication | 2006-10-09 |
Vendor | Debian | Last vendor Modification | 2006-10-09 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities have been discovered in the X Window System, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-3467 Chris Evan discovered an integer overflow in the code to handle PCF fonts, which might lead to denial of service if a malformed font is opened. CVE-2006-3739 It was discovered that an integer overflow in the code to handle Adobe Font Metrics might lead to the execution of arbitrary code. CVE-2006-3740 It was discovered that an integer overflow in the code to handle CMap and CIDFont font data might lead to the execution of arbitrary code. CVE-2006-4447 The XFree86 initialization code performs insufficient checking of the return value of setuid() when dropping privileges, which might lead to local privilege escalation. For the stable distribution (sarge) these problems have been fixed in version 4.3.0.dfsg.1-14sarge2. This release lacks builds for the Motorola 680x0 architecture, which failed due to diskspace constraints on the build host. They will be released once this problem has been resolved. For the unstable distribution (sid) these problems have been fixed in version 1:1.2.2-1 of libxfont and version 1:1.0.2-9 of xorg-server. We recommend that you upgrade your XFree86 packages. |
Original Source
Url : http://www.debian.org/security/2006/dsa-1193 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-30 | Hijacking a Privileged Thread of Execution |
CAPEC-232 | Exploitation of Privilege/Trust |
CAPEC-234 | Hijacking a privileged process |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X Security Update 2009-001 File : nvt/macosx_secupd_2009-001.nasl |
2009-10-10 | Name : SLES9: Security update for XFree86-server File : nvt/sles9p5011497.nasl |
2009-10-10 | Name : SLES9: Security update for freetype2 File : nvt/sles9p5016401.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200608-25 (xorg-x11,xorg-server,xtrans,xload,xi... File : nvt/glsa_200608_25.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200609-04 (LibXfont) File : nvt/glsa_200609_04.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200609-07 (libxfont) File : nvt/glsa_200609_07.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200704-22 (BEAST) File : nvt/glsa_200704_22.nasl |
2008-09-04 | Name : FreeBSD Ports: freetype2 File : nvt/freebsd_freetype2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1178-1 (freetype) File : nvt/deb_1178_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1193-1 (xfree86) File : nvt/deb_1193_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2006-259-01 x11 File : nvt/esoft_slk_ssa_2006_259_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
34170 | FreeType Font File Parsers Heap Overflow |
34169 | FreeType src/pshinter/pshglob.c:psh_blues_set_zones_0() Function Integer Over... |
28739 | X.Org X11 libXfont CID-keyed Fonts CIDAFM() Function Overflow |
28738 | X.Org X11 libXfont CID-keyed Fonts scan_cidfont() Function Overflow |
28239 | X.Org X11 setuid() Failure Local Privilege Escalation |
27255 | FreeType read_lwfn() Function Integer Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-04-02 | Name : The remote host is missing Sun security patch number 119060-45. File : solaris10_x86_119060_45.nasl - Type : ACT_GATHER_INFO |
2015-04-02 | Name : The remote host is missing Sun security patch number 119059-46. File : solaris10_119059_46.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2006-0665.nasl - Type : ACT_GATHER_INFO |
2009-02-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-001.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_freetype2-1918.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xorg-x11-server-2062.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-344-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-324-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-341-1.nasl - Type : ACT_GATHER_INFO |
2007-10-18 | Name : The remote openSUSE host is missing a security update. File : suse_NX-4555.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_xorg-x11-server-2056.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_freetype2-1910.nasl - Type : ACT_GATHER_INFO |
2007-04-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200704-22.nasl - Type : ACT_GATHER_INFO |
2007-03-18 | Name : The remote host is missing Sun Security Patch number 124833-02 File : solaris9_x86_124833.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-912.nasl - Type : ACT_GATHER_INFO |
2006-12-16 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-160.nasl - Type : ACT_GATHER_INFO |
2006-12-16 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-164.nasl - Type : ACT_GATHER_INFO |
2006-12-16 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-148.nasl - Type : ACT_GATHER_INFO |
2006-12-16 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-129.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119059-73 File : solaris10_119059.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119060-72 File : solaris10_x86_119060.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1193.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1178.nasl - Type : ACT_GATHER_INFO |
2006-10-05 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_b975763f521011db8f1a000a48049292.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2006-259-01.nasl - Type : ACT_GATHER_INFO |
2006-09-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200609-07.nasl - Type : ACT_GATHER_INFO |
2006-09-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0665.nasl - Type : ACT_GATHER_INFO |
2006-09-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0666.nasl - Type : ACT_GATHER_INFO |
2006-09-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0666.nasl - Type : ACT_GATHER_INFO |
2006-09-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0665.nasl - Type : ACT_GATHER_INFO |
2006-09-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200609-04.nasl - Type : ACT_GATHER_INFO |
2006-08-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0634.nasl - Type : ACT_GATHER_INFO |
2006-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200608-25.nasl - Type : ACT_GATHER_INFO |
2006-08-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0635.nasl - Type : ACT_GATHER_INFO |
2006-08-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0634.nasl - Type : ACT_GATHER_INFO |
2006-08-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0635.nasl - Type : ACT_GATHER_INFO |
2006-07-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0500.nasl - Type : ACT_GATHER_INFO |
2006-07-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0500.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:26:15 |
|