Executive Summary
Summary | |
---|---|
Title | New XFree86 packages fix arbitrary code execution |
Informations | |||
---|---|---|---|
Name | DSA-816 | First vendor Publication | 2005-09-19 |
Vendor | Debian | Last vendor Modification | 2005-09-19 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Søren Sandmann discovered a bug in memory allocation for pixmap images, that can cause a crash of the X server or to execute arbitrary code. The update for the old stable distribution (woody) also contains a different correction for multiple vulnerabilities in libXpm (DSA 607, CAN-2004-0914, Bug#309143), since the old fix contained a regression. For the old stable distribution (woody) this problem has been fixed in version 4.1.0-16woody7. For the stable distribution (sarge) this problem has been fixed in version 4.3.0.dfsg.1-14sarge1. For the unstable distribution (sid) this problem has been fixed in version 6.8.2.dfsg.1-7 of X.Org. We recommend that you upgrade your xfree86 and xorg packages. |
Original Source
Url : http://www.debian.org/security/2005/dsa-816 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1044 | |||
Oval ID: | oval:org.mitre.oval:def:1044 | ||
Title: | Solaris Xsun Privilege Escalation via Pixmaps Vulnerability | ||
Description: | Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2495 | Version: | 1 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 Sun Solaris 10 | Product(s): | X |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:998 | |||
Oval ID: | oval:org.mitre.oval:def:998 | ||
Title: | Solaris Xorg Privilege Escalation via Pixmaps Vulnerability | ||
Description: | Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2495 | Version: | 1 |
Platform(s): | Sun Solaris 9 Sun Solaris 10 | Product(s): | X |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for XFree86-Xvnc File : nvt/sles9p5009392.nasl |
2009-10-10 | Name : SLES9: Security update for XFree86-server File : nvt/sles9p5013484.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-28 (X.Org, XFree86) File : nvt/glsa_200411_28.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200502-06 (lesstif) File : nvt/glsa_200502_06.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200502-07 (openmotif) File : nvt/glsa_200502_07.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200509-07 (X.Org) File : nvt/glsa_200509_07.nasl |
2008-09-04 | Name : FreeBSD Ports: XFree86-Server File : nvt/freebsd_XFree86-Server0.nasl |
2008-09-04 | Name : FreeBSD Ports: linux_base File : nvt/freebsd_linux_base.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 607-1 (xfree86) File : nvt/deb_607_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2005-269-02 X.Org pixmap overflow File : nvt/esoft_slk_ssa_2005_269_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
19352 | X11/XFree86 Pixmap Allocation Local Overflow |
11991 | X11 libXpm Multiple Unspecified Loops / Leaks DoS |
11990 | X11 libXpm Unspecified Path Traversal |
11989 | X11 libXpm Unspecified Out-of-bounds Memory DoS |
11988 | X11 libXpm Unspecified Multiple Overflows |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-04-02 | Name : The remote host is missing Sun security patch number 119060-45. File : solaris10_x86_119060_45.nasl - Type : ACT_GATHER_INFO |
2015-04-02 | Name : The remote host is missing Sun security patch number 119059-46. File : solaris10_119059_46.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 118908-06 File : solaris9_x86_118908.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119060-72 File : solaris10_x86_119060.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119059-73 File : solaris10_119059.nasl - Type : ACT_GATHER_INFO |
2006-08-08 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_32966.nasl - Type : ACT_GATHER_INFO |
2006-08-08 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_32965.nasl - Type : ACT_GATHER_INFO |
2006-08-08 | Name : The remote HP-UX host is missing a security-related patch. File : hpux_PHSS_32960.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-396.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-501.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a863aa7424be11da8882000e0c33c2dc.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-83-2.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-83-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-182-1.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2005-269-02.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-164.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-816.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-894.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-893.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-815.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-501.nasl - Type : ACT_GATHER_INFO |
2005-09-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-396.nasl - Type : ACT_GATHER_INFO |
2005-09-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200509-07.nasl - Type : ACT_GATHER_INFO |
2005-09-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-329.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_bf2e7483d3fa440d8c6e8f1f2f018818.nasl - Type : ACT_GATHER_INFO |
2005-02-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200502-07.nasl - Type : ACT_GATHER_INFO |
2005-02-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200502-06.nasl - Type : ACT_GATHER_INFO |
2005-01-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-004.nasl - Type : ACT_GATHER_INFO |
2004-12-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-612.nasl - Type : ACT_GATHER_INFO |
2004-12-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-610.nasl - Type : ACT_GATHER_INFO |
2004-12-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-537.nasl - Type : ACT_GATHER_INFO |
2004-12-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-607.nasl - Type : ACT_GATHER_INFO |
2004-11-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-138.nasl - Type : ACT_GATHER_INFO |
2004-11-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-137.nasl - Type : ACT_GATHER_INFO |
2004-11-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200411-28.nasl - Type : ACT_GATHER_INFO |
2004-11-18 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-434.nasl - Type : ACT_GATHER_INFO |
2004-11-18 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-433.nasl - Type : ACT_GATHER_INFO |
2004-11-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_041.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:34:22 |
|
2013-05-11 12:19:09 |
|