Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200710-16
HistoryOct 14, 2007 - 12:00 a.m.

X.Org X server: Composite local privilege escalation

2007-10-1400:00:00
Gentoo Foundation
security.gentoo.org
15

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

16.0%

JSON

Background

The X Window System is a graphical windowing system based on a client/server model.

Description

Aaron Plattner discovered a buffer overflow in the compNewPixmap() function when copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.

Impact

A local attacker could execute arbitrary code with the privileges of the user running the X server, typically root.

Workaround

Disable the Composite extension by setting ’ Option “Composite” “disable” ’ in the Extensions section of xorg.conf.

Note: This could affect the functionality of some applications.

Resolution

All X.Org X server users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-base/xorg-server-1.3.0.0-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallx11-base/xorg-server< 1.3.0.0-r1UNKNOWN

Related

nessus 9
openvas 11
osv 1
debian 1
prion 1
centos 1
cve 1
ubuntucve 1
redhat 1
ubuntu 1
oraclelinux 1
debiancve 1
securityvulns 1
suse 1
nessus
nessus
Oracle Linux 4 : xorg-x11 (ELSA-2007-0898)
2013-07-12 00:00:00
Scientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64
2012-08-01 00:00:00
Debian DSA-1372-1 : xorg-server - buffer overflow
2007-09-14 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1372-1)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200710-16 (X.Org)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200710-16 (X.Org)
2008-09-24 00:00:00
osv
osv
xorg-server - privilege escalation
2007-09-09 00:00:00
debian
debian
[SECURITY] [DSA 1372-1] New xorg-server packages fix privilege escalation
2007-09-09 13:38:35
prion
prion
Buffer overflow
2007-09-11 19:17:00
centos
centos
xorg security update
2007-09-19 20:09:53
cve
cve
CVE-2007-4730
2007-09-11 19:17:00
ubuntucve
ubuntucve
CVE-2007-4730
2007-09-11 00:00:00
redhat
redhat
(RHSA-2007:0898) Moderate: xorg-x11 security update
2007-09-19 00:00:00
ubuntu
ubuntu
X.org vulnerability
2007-09-18 00:00:00
oraclelinux
oraclelinux
Moderate: xorg-x11 security update
2007-09-19 00:00:00
debiancve
debiancve
CVE-2007-4730
2007-09-11 19:17:00
securityvulns
securityvulns
X.Org X server composite extention buffer overflow
2007-09-13 00:00:00
suse
suse
local privilege escalation in XOrg
2007-10-12 16:41:18

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

16.0%

JSON
Related for GLSA-200710-16
nessus9openvas11osv1debian1prion1centos1cve1ubuntucve1redhat1ubuntu1oraclelinux1debiancve1securityvulns1suse1