Executive Summary

Summary
Title X.Org X server vulnerability
Informations
Name USN-1232-3 First vendor Publication 2011-10-20
Vendor Ubuntu Last vendor Modification 2011-10-20
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C)
Cvss Base Score 8.5 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.10 - Ubuntu 10.04 LTS

Summary:

The X server could be made to crash or run programs as an administrator.

Software Description: - xorg-server: X.Org X server

Details:

USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support, and USN-1232-2 was released to temporarily disable the problematic security fix. This update includes a revised fix for CVE-2010-4818.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the X server incorrectly handled certain malformed
input. An authorized attacker could exploit this to cause the X server to
crash, leading to a denial or service, or possibly execute arbitrary code
with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10.
(CVE-2010-4818)

It was discovered that the X server incorrectly handled certain malformed
input. An authorized attacker could exploit this to cause the X server to
crash, leading to a denial or service, or possibly read arbitrary data from
the X server process. This issue only affected Ubuntu 10.04 LTS.
(CVE-2010-4819)

Vladz discovered that the X server incorrectly handled lock files. A local
attacker could use this flaw to determine if a file existed or not.
(CVE-2011-4028)

Vladz discovered that the X server incorrectly handled setting lock file
permissions. A local attacker could use this flaw to gain read permissions
on arbitrary files and view sensitive information. (CVE-2011-4029)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.10:
xserver-xorg-core 2:1.9.0-0ubuntu7.6

Ubuntu 10.04 LTS:
xserver-xorg-core 2:1.7.6-2ubuntu7.10

After a standard system update you need to restart your session to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1232-3
http://www.ubuntu.com/usn/usn-1232-1
CVE-2010-4818

Package Information:
https://launchpad.net/ubuntu/+source/xorg-server/2:1.9.0-0ubuntu7.6
https://launchpad.net/ubuntu/+source/xorg-server/2:1.7.6-2ubuntu7.10

Original Source

Url : http://www.ubuntu.com/usn/USN-1232-3

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-20 Improper Input Validation
25 % CWE-362 Race Condition
25 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20337
 
Oval ID: oval:org.mitre.oval:def:20337
Title: USN-1232-2 -- xorg-server regression
Description: USN-1232-1 caused a regression with GLX support.
Family: unix Class: patch
Reference(s): USN-1232-2
CVE-2010-4818
CVE-2010-4819
CVE-2011-4028
CVE-2011-4029
 Version: 5
Platform(s): Ubuntu 10.04
 Product(s): xorg-server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20825
 
Oval ID: oval:org.mitre.oval:def:20825
Title: USN-1232-1 -- xorg-server vulnerabilities
Description: The X server could be made to crash, run programs as an administrator, or read arbitrary files.
Family: unix Class: patch
Reference(s): USN-1232-1
CVE-2010-4818
CVE-2010-4819
CVE-2011-4028
CVE-2011-4029
 Version: 5
Platform(s): Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.10
Ubuntu 10.04
 Product(s): xorg-server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20916
 
Oval ID: oval:org.mitre.oval:def:20916
Title: Memory leak vulnerability in AIX X-server
Description: The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw."
Family: unix Class: vulnerability
Reference(s): CVE-2010-4819
 Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21169
 
Oval ID: oval:org.mitre.oval:def:21169
Title: RHSA-2012:0939: xorg-x11-server security and bug fix update (Low)
Description: The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.
Family: unix Class: patch
Reference(s): RHSA-2012:0939-04
CESA-2012:0939
CVE-2011-4028
CVE-2011-4029
 Version: 29
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
 Product(s): xorg-x11-server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21211
 
Oval ID: oval:org.mitre.oval:def:21211
Title: USN-1232-3 -- xorg-server vulnerability
Description: The X server could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-1232-3
CVE-2010-4818
CVE-2010-4819
CVE-2011-4028
CVE-2011-4029
 Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 10.04
 Product(s): xorg-server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21941
 
Oval ID: oval:org.mitre.oval:def:21941
Title: RHSA-2011:1359: xorg-x11-server security update (Moderate)
Description: The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw."
Family: unix Class: patch
Reference(s): RHSA-2011:1359-01
CESA-2011:1359
CVE-2010-4818
CVE-2010-4819
 Version: 29
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
 Product(s): xorg-x11-server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23107
 
Oval ID: oval:org.mitre.oval:def:23107
Title: DEPRECATED: ELSA-2011:1359: xorg-x11-server security update (Moderate)
Description: The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw."
Family: unix Class: patch
Reference(s): ELSA-2011:1359-01
CVE-2010-4818
CVE-2010-4819
 Version: 14
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): xorg-x11-server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23763
 
Oval ID: oval:org.mitre.oval:def:23763
Title: ELSA-2011:1359: xorg-x11-server security update (Moderate)
Description: The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw."
Family: unix Class: patch
Reference(s): ELSA-2011:1359-01
CVE-2010-4818
CVE-2010-4819
 Version: 13
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): xorg-x11-server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23899
 
Oval ID: oval:org.mitre.oval:def:23899
Title: ELSA-2012:0939: xorg-x11-server security and bug fix update (Low)
Description: The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.
Family: unix Class: patch
Reference(s): ELSA-2012:0939-04
CVE-2011-4028
CVE-2011-4029
 Version: 13
Platform(s): Oracle Linux 6
 Product(s): xorg-x11-server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26909
 
Oval ID: oval:org.mitre.oval:def:26909
Title: DEPRECATED: ELSA-2012-0939 -- xorg-x11-server security and bug fix update (low)
Description: [1.10.6-1] - xserver 1.10.6 - Use git-style patch names - compsize.h, glxcmds.h: Copy from upstream git since they fell out of the upstream tarball [1.10.4-15] - Undo regression introduced in Patch8007 (#732467) [1.10.4-14] - xserver-1.10.4-sync-revert.patch: Revert an edge-case change in IDLETIME that appears to be more wrong than right. (#748704) [1.10.4-13] - xserver-1.10.4-randr-corner-case.patch: Fix a corner case in initial mode selection. (#657580) - xserver-1.10.4-vbe-no-cache-ddc-support.patch: Only interpret complete non-support for DDC extension as 'DDC unavailable'. (#657580) [1.10.4-11] - xserver-1.10.4-dix-when-rescaling-from-master-rescale-from-desktop-.patch: fix rescaling from master to slave if the pointer (#732467) [1.10.4-10] - Add patches to change the screen crossing behaviour for multiple ScreenRecs (#732467) - remove the xorg.conf.man page from our .gitignore - we need to patch it now and its part of the upstream distribution [1.10.4-9] - xserver-1.10.4-no-24bpp-xaa-composite.patch: Disable Composite at 24bpp in XAA (#651934) [1.10.4-8] - xserver-1.10.4-fb-picture-crash.patch: Fix crash on invalid pictures (#722680) [1.10.4-7] - fix xephyr rendering when using two screens (#757792)
Family: unix Class: patch
Reference(s): ELSA-2012-0939
CVE-2011-4028
CVE-2011-4029
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): xorg-x11-server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26975
 
Oval ID: oval:org.mitre.oval:def:26975
Title: RHSA-2012:0303 -- xorg-x11-server security and bug fix update (Low)
Description: X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028) Red Hat would like to thank the researcher with the nickname vladz for reporting this issue. This update also fixes the following bugs: * In rare cases, if the front and back buffer of the miDbePositionWindow() function were not both allocated in video memory, or were both allocated in system memory, the X Window System sometimes terminated unexpectedly. A patch has been provided to address this issue and X no longer crashes in the described scenario. (BZ#596899) * Previously, when the miSetShape() function called the miRegionDestroy() function with a NULL region, X terminated unexpectedly if the backing store was enabled. Now, X no longer crashes in the described scenario. (BZ#676270) * On certain workstations running in 32-bit mode, the X11 mouse cursor occasionally became stuck near the left edge of the X11 screen. A patch has been provided to address this issue and the mouse cursor no longer becomes stuck in the described scenario. (BZ#529717) * On certain workstations with a dual-head graphics adapter using the r500 driver in Zaphod mode, the mouse pointer was confined to one monitor screen and could not move to the other screen. A patch has been provided to address this issue and the mouse cursor works properly across both screens. (BZ#559964) * Due to a double free operation, Xvfb (X virtual framebuffer) terminated unexpectedly with a segmentation fault randomly when the last client disconnected, that is when the server reset. This bug has been fixed in the miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741) * Starting the Xephyr server on an AMD64 or Intel 64 architecture with an integrated graphics adapter caused the server to terminate unexpectedly. This bug has been fixed in the code and Xephyr no longer crashes in the described scenario. (BZ#454409) * Previously, when a client made a request bigger than 1/4th of the limit advertised in the BigRequestsEnable reply, the X server closed the connection unexpectedly. With this update, the maxBigRequestSize variable has been added to the code to check the size of client requests, thus fixing this bug. (BZ#555000) * When an X client running on a big-endian system called the XineramaQueryScreens() function, the X server terminated unexpectedly. This bug has been fixed in the xf86Xinerama module and the X server no longer crashes in the described scenario. (BZ#588346) * When installing Red Hat Enterprise Linux 5 on an IBM eServer System p blade server, the installer did not set the correct mode on the built-in KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a very long time to appear and then was displayed incorrectly. A patch has been provided to address this issue and the graphical installer now works as expected in the described scenario. Note that this fix requires the Red Hat Enterprise Linux 5.8 kernel update. (BZ#740497) * Lines longer than 46,340 pixels can be drawn with one of the coordinates being negative. However, for dashed lines, the miPolyBuildPoly() function overflowed the "int" type when setting up edges for a section of a dashed line. Consequently, dashed segments were not drawn at all. An upstream patch has been applied to address this issue and dashed lines are now drawn correctly. (BZ#649810) All users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2012:0303
CVE-2011-4028
 Version: 3
Platform(s): Red Hat Enterprise Linux 5
 Product(s): xorg-x11-server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27510
 
Oval ID: oval:org.mitre.oval:def:27510
Title: DEPRECATED: ELSA-2011-1359 -- xorg-x11-server security update (moderate)
Description: [1.7.7-29.2] - cve-2011-4818.patch: Multiple input sanitization flaws in GLX and Render
Family: unix Class: patch
Reference(s): ELSA-2011-1359
CVE-2010-4818
CVE-2010-4819
 Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): xorg-x11-server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27652
 
Oval ID: oval:org.mitre.oval:def:27652
Title: ELSA-2012-0303 -- xorg-x11-server security and bug fix update (low)
Description: [1.1.1-48.90.0.1.el5] - Added oracle-enterprise-detect.patch - Replaced 'Red Hat' in spec file [1.1.1-48.90] - cve-2011-4028.patch: File existence disclosure vulnerability.
Family: unix Class: patch
Reference(s): ELSA-2012-0303
CVE-2011-4028
 Version: 3
Platform(s): Oracle Linux 5
 Product(s): xorg-x11-server
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4
Application 3
Application 1

ExploitDB Exploits

id Description
2011-10-28 Xorg 1.4 to 1.11.2 File Permission Change PoC

OpenVAS Exploits

Date Description
2012-08-02 Name : SuSE Update for xorg-x11-server openSUSE-SU-2012:0227-1 (xorg-x11-server)
File : nvt/gb_suse_2012_0227_1.nasl
2012-07-30 Name : CentOS Update for xorg-x11-server-sdk CESA-2011:1359 centos5 x86_64
File : nvt/gb_CESA-2011_1359_xorg-x11-server-sdk_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for xorg-x11 CESA-2011:1360 centos4 x86_64
File : nvt/gb_CESA-2011_1360_xorg-x11_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for xorg-x11-server-common CESA-2012:0939 centos6
File : nvt/gb_CESA-2012_0939_xorg-x11-server-common_centos6.nasl
2012-06-22 Name : RedHat Update for xorg-x11-server RHSA-2012:0939-04
File : nvt/gb_RHSA-2012_0939-04_xorg-x11-server.nasl
2012-02-21 Name : RedHat Update for xorg-x11-server RHSA-2012:0303-03
File : nvt/gb_RHSA-2012_0303-03_xorg-x11-server.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-19 (xorg-server)
File : nvt/glsa_201110_19.nasl
2011-11-11 Name : CentOS Update for xorg-x11 CESA-2011:1360 centos4 i386
File : nvt/gb_CESA-2011_1360_xorg-x11_centos4_i386.nasl
2011-10-21 Name : Ubuntu Update for xorg-server USN-1232-1
File : nvt/gb_ubuntu_USN_1232_1.nasl
2011-10-21 Name : Ubuntu Update for xorg-server USN-1232-2
File : nvt/gb_ubuntu_USN_1232_2.nasl
2011-10-21 Name : Ubuntu Update for xorg-server USN-1232-3
File : nvt/gb_ubuntu_USN_1232_3.nasl
2011-10-10 Name : CentOS Update for xorg-x11-server-sdk CESA-2011:1359 centos5 i386
File : nvt/gb_CESA-2011_1359_xorg-x11-server-sdk_centos5_i386.nasl
2011-10-10 Name : RedHat Update for xorg-x11-server RHSA-2011:1359-01
File : nvt/gb_RHSA-2011_1359-01_xorg-x11-server.nasl
2011-10-10 Name : RedHat Update for xorg-x11 RHSA-2011:1360-01
File : nvt/gb_RHSA-2011_1360-01_xorg-x11.nasl
0000-00-00 Name : FreeBSD Ports: xorg-server
File : nvt/freebsd_xorg-server2.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
77300 X.Org X Server ProcRenderAddGlyphs() Local Memory Disclosure
77299 X.Org X Server GLX Call Parsing Remote Code Execution
76669 X.Org xserver os/utils.c LockServer() Function Race Condition Symlink Arbitra...
76668 X.Org xserver os/utils.c LockServer() Function File Locking Symlink File Enum...

Nessus® Vulnerability Scanner

Date Description
2015-03-27 Name : The remote Fedora host is missing a security update.
File : fedora_2015-3964.nasl - Type : ACT_GATHER_INFO
2015-03-27 Name : The remote Fedora host is missing a security update.
File : fedora_2015-3948.nasl - Type : ACT_GATHER_INFO
2015-03-23 Name : The remote Fedora host is missing a security update.
File : fedora_2015-3953.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_xorg_20120417.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_xorg-x11-Xvnc-120207.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_xorg-x11-Xvnc-111201.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-104.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-13.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1360.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0939.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1359.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0303.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_xorg-x11-server-dmx-120410.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_xorg-x11-server-rdp-120410.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111006_xorg_x11_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111006_xorg_x11_server_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120221_xorg_x11_server_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120620_xorg_x11_server_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-07-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0939.nasl - Type : ACT_GATHER_INFO
2012-06-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0939.nasl - Type : ACT_GATHER_INFO
2012-02-28 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_xorg-x11-7954.nasl - Type : ACT_GATHER_INFO
2012-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0303.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_xorg-x11-server-libs-111010.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_xorg-x11-Xvnc-111124.nasl - Type : ACT_GATHER_INFO
2011-11-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1360.nasl - Type : ACT_GATHER_INFO
2011-10-24 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-19.nasl - Type : ACT_GATHER_INFO
2011-10-21 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1232-3.nasl - Type : ACT_GATHER_INFO
2011-10-20 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1232-2.nasl - Type : ACT_GATHER_INFO
2011-10-19 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1232-1.nasl - Type : ACT_GATHER_INFO
2011-10-19 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_8441957cf9b411e0a78abcaec565249c.nasl - Type : ACT_GATHER_INFO
2011-10-07 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1360.nasl - Type : ACT_GATHER_INFO
2011-10-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1359.nasl - Type : ACT_GATHER_INFO
2011-10-07 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1359.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:59:07
  • Multiple Updates