Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2020-1433.NASL
HistoryJun 04, 2020 - 12:00 a.m.

Amazon Linux 2 : xorg-x11-server (ALAS-2020-1433)

2020-06-0400:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14

7 High

AI Score

Confidence

High

JSON

It was discovered that libX11 does not properly validate input coming from the server, causing XListExtensions() and XGetFontPath() functions to produce an invalid list of elements that in turn make XFreeExtensionsList() and XFreeFontPath() access invalid memory. An attacker who can either configure a malicious X server or modify the data coming from one, could use this flaw to crash the application using libX11, resulting in a denial of service.(CVE-2018-14598)

An off-by-one error has been discovered in libX11 in functions XGetFontPath(), XListExtensions(), and XListFonts(). An attacker who can either configure a malicious X server or modify the data coming from one could use this flaw to make the program crash or have other unspecified effects, caused by the memory corruption.(CVE-2018-14599)

An out of bounds write, limited to NULL bytes, was discovered in libX11 in functions XListExtensions() and XGetFontPath(). The length field is considered as a signed value, which makes the library access memory before the intended buffer. An attacker who can either configure a malicious X server or modify the data coming from one could use this flaw to make the program crash or have other unspecified effects, caused by the memory corruption.(CVE-2018-14600)

An uncontrolled recursion flaw was found in libxkbcommon in the way it parses boolean expressions. A specially crafted file provided to xkbcomp could crash the application. (CVE-2018-15853)

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly. (CVE-2018-15854)

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled. (CVE-2018-15855)

An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files. (CVE-2018-15856)

An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file. (CVE-2018-15857)

Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled. (CVE-2018-15859)

Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure. (CVE-2018-15861)

Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers. (CVE-2018-15862)

Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.
(CVE-2018-15863)

Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created. (CVE-2018-15864)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1433.
#

include('compat.inc');

if (description)
{
  script_id(137090);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/08");

  script_cve_id(
    "CVE-2018-14598",
    "CVE-2018-14599",
    "CVE-2018-14600",
    "CVE-2018-15853",
    "CVE-2018-15854",
    "CVE-2018-15855",
    "CVE-2018-15856",
    "CVE-2018-15857",
    "CVE-2018-15859",
    "CVE-2018-15861",
    "CVE-2018-15862",
    "CVE-2018-15863",
    "CVE-2018-15864"
  );
  script_xref(name:"ALAS", value:"2020-1433");

  script_name(english:"Amazon Linux 2 : xorg-x11-server (ALAS-2020-1433)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"It was discovered that libX11 does not properly validate input coming
from the server, causing XListExtensions() and XGetFontPath()
functions to produce an invalid list of elements that in turn make
XFreeExtensionsList() and XFreeFontPath() access invalid memory. An
attacker who can either configure a malicious X server or modify the
data coming from one, could use this flaw to crash the application
using libX11, resulting in a denial of service.(CVE-2018-14598)

An off-by-one error has been discovered in libX11 in functions
XGetFontPath(), XListExtensions(), and XListFonts(). An attacker who
can either configure a malicious X server or modify the data coming
from one could use this flaw to make the program crash or have other
unspecified effects, caused by the memory corruption.(CVE-2018-14599)

An out of bounds write, limited to NULL bytes, was discovered in
libX11 in functions XListExtensions() and XGetFontPath(). The length
field is considered as a signed value, which makes the library access
memory before the intended buffer. An attacker who can either
configure a malicious X server or modify the data coming from one
could use this flaw to make the program crash or have other
unspecified effects, caused by the memory corruption.(CVE-2018-14600)

An uncontrolled recursion flaw was found in libxkbcommon in the way it
parses boolean expressions. A specially crafted file provided to
xkbcomp could crash the application. (CVE-2018-15853)

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used
by local attackers to crash (NULL pointer dereference) the xkbcommon
parser by supplying a crafted keymap file, because geometry tokens
were desupported incorrectly. (CVE-2018-15854)

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used
by local attackers to crash (NULL pointer dereference) the xkbcommon
parser by supplying a crafted keymap file, because the XkbFile for an
xkb_geometry section was mishandled. (CVE-2018-15855)

An infinite loop when reaching EOL unexpectedly in compose/parser.c
(aka the keymap parser) in xkbcommon before 0.8.1 could be used by
local attackers to cause a denial of service during parsing of crafted
keymap files. (CVE-2018-15856)

An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in
xkbcommon before 0.8.1 could be used by local attackers to crash
xkbcommon keymap parsers or possibly have unspecified other impact by
supplying a crafted keymap file. (CVE-2018-15857)

Unchecked NULL pointer usage when parsing invalid atoms in
ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be
used by local attackers to crash (NULL pointer dereference) the
xkbcommon parser by supplying a crafted keymap file, because lookup
failures are mishandled. (CVE-2018-15859)

Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in
xkbcommon before 0.8.2 could be used by local attackers to crash (NULL
pointer dereference) the xkbcommon parser by supplying a crafted
keymap file that triggers an xkb_intern_atom failure. (CVE-2018-15861)

Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in
xkbcommon before 0.8.2 could be used by local attackers to crash (NULL
pointer dereference) the xkbcommon parser by supplying a crafted
keymap file with invalid virtual modifiers. (CVE-2018-15862)

Unchecked NULL pointer usage in ResolveStateAndPredicate in
xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local
attackers to crash (NULL pointer dereference) the xkbcommon parser by
supplying a crafted keymap file with a no-op modmask expression.
(CVE-2018-15863)

Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in
xkbcommon before 0.8.2 could be used by local attackers to crash (NULL
pointer dereference) the xkbcommon parser by supplying a crafted
keymap file, because a map access attempt can occur for a map that was
never created. (CVE-2018-15864)");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2020-1433.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update xorg-x11-server' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-14600");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/06/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:xorg-x11-server-Xdmx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:xorg-x11-server-Xephyr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:xorg-x11-server-Xnest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:xorg-x11-server-Xorg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:xorg-x11-server-Xvfb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:xorg-x11-server-Xwayland");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:xorg-x11-server-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:xorg-x11-server-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:xorg-x11-server-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:xorg-x11-server-source");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"AL2", reference:"xorg-x11-server-Xdmx-1.20.4-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"xorg-x11-server-Xephyr-1.20.4-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"xorg-x11-server-Xnest-1.20.4-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"xorg-x11-server-Xorg-1.20.4-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"xorg-x11-server-Xvfb-1.20.4-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"xorg-x11-server-Xwayland-1.20.4-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"xorg-x11-server-common-1.20.4-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"xorg-x11-server-debuginfo-1.20.4-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"xorg-x11-server-devel-1.20.4-7.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"xorg-x11-server-source-1.20.4-7.amzn2.0.1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc");
}
VendorProductVersionCPE
amazonlinuxxorg-x11-server-xdmxp-cpe:/a:amazon:linux:xorg-x11-server-xdmx
amazonlinuxxorg-x11-server-xephyrp-cpe:/a:amazon:linux:xorg-x11-server-xephyr
amazonlinuxxorg-x11-server-xnestp-cpe:/a:amazon:linux:xorg-x11-server-xnest
amazonlinuxxorg-x11-server-xorgp-cpe:/a:amazon:linux:xorg-x11-server-xorg
amazonlinuxxorg-x11-server-xvfbp-cpe:/a:amazon:linux:xorg-x11-server-xvfb
amazonlinuxxorg-x11-server-xwaylandp-cpe:/a:amazon:linux:xorg-x11-server-xwayland
amazonlinuxxorg-x11-server-commonp-cpe:/a:amazon:linux:xorg-x11-server-common
amazonlinuxxorg-x11-server-debuginfop-cpe:/a:amazon:linux:xorg-x11-server-debuginfo
amazonlinuxxorg-x11-server-develp-cpe:/a:amazon:linux:xorg-x11-server-devel
amazonlinuxxorg-x11-server-sourcep-cpe:/a:amazon:linux:xorg-x11-server-source
Rows per page:
1-10 of 111

Related

nessus 45
centos 1
openvas 31
redhat 1
amazon 2
oraclelinux 1
mageia 2
cloudfoundry 2
suse 3
ubuntu 4
gentoo 2
osv 14
debian 1
ibm 3
slackware 1
freebsd 1
fedora 3
veracode 13
ubuntucve 13
prion 13
cve 13
redhatcve 13
debiancve 13
alpinelinux 3
github 1
nessus
nessus
NewStart CGSL CORE 5.05 / MAIN 5.05 : xorg-x11-drv-ati Multiple Vulnerabilities (NS-SA-2023-0026)
2023-04-11 00:00:00
Oracle Linux 7 : Xorg (ELSA-2019-2079)
2023-09-07 00:00:00
RHEL 7 : Xorg (RHSA-2019:2079)
2019-08-12 00:00:00
centos
centos
gdm, libX11, libxkbcommon, xorg security update
2019-08-30 02:52:02
openvas
openvas
CentOS: Security Advisory for xorg-x11-drv-ati (CESA-2019:2079)
2021-04-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3685-1)
2021-06-09 00:00:00
Ubuntu: Security Advisory (USN-3786-2)
2018-11-07 00:00:00
redhat
redhat
(RHSA-2019:2079) Moderate: Xorg security and bug fix update
2019-08-06 07:58:40
amazon
amazon
Medium: xorg-x11-server
2020-06-03 18:21:00
Medium: libX11
2019-06-11 23:17:00
oraclelinux
oraclelinux
Xorg security and bug fix update
2019-08-13 00:00:00
mageia
mageia
Updated libxkbcommon packages fix security vulnerabilities
2018-09-07 13:15:03
Updated libx11 packages fix security vulnerabilities
2018-09-21 02:17:55
cloudfoundry
cloudfoundry
USN-3786-1: libxkbcommon vulnerabilities | Cloud Foundry
2018-10-09 00:00:00
USN-3758-1: libx11 vulnerabilities | Cloud Foundry
2018-09-27 00:00:00
suse
suse
Security update for libxkbcommon (low)
2018-11-17 00:15:49
Security update for libX11 (moderate)
2018-10-05 12:07:58
Security update for libX11 (important)
2018-08-31 12:07:54
ubuntu
ubuntu
libxkbcommon vulnerabilities
2018-10-08 00:00:00
libxkbcommon vulnerabilities
2018-11-06 00:00:00
libx11 vulnerabilities
2018-08-30 00:00:00
gentoo
gentoo
xkbcommon: Multiple vulnerabilities
2018-10-30 00:00:00
X.Org X11 library: Multiple vulnerabilities
2018-11-09 00:00:00
osv
osv
libx11 - security update
2018-08-29 00:00:00
CVE-2018-15854
2018-08-25 21:29:01
CVE-2018-15855
2018-08-25 21:29:01
debian
debian
[SECURITY] [DLA 1482-1] libx11 security update
2018-08-29 22:17:50
ibm
ibm
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in xorg-x11-libX11 (CVE-2018-14598 CVE-2018-14599 CVE-2018-14600)
2023-12-07 22:45:02
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in X.Org libx11 (CVE-2018-14599 CVE-2018-14598)
2019-04-11 21:00:01
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in xorg-x11
2023-12-07 22:45:03
slackware
slackware
[slackware-security] libX11
2018-08-21 20:09:53
freebsd
freebsd
libX11 -- Multiple vulnerabilities
2018-08-21 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: libX11-1.6.7-1.fc28
2019-04-30 01:41:08
[SECURITY] Fedora 28 Update: libxkbcommon-0.8.2-1.fc28
2018-08-30 04:58:45
[SECURITY] Fedora 27 Update: libxkbcommon-0.8.2-1.fc27
2018-09-29 23:57:09
veracode
veracode
Denial Of Service (DoS)
2019-08-08 00:07:45
Denial Of Service (DoS)
2019-08-08 00:07:45
Denial Of Service (DoS)
2019-08-08 00:07:45
ubuntucve
ubuntucve
CVE-2018-15857
2018-08-25 00:00:00
CVE-2018-15855
2018-08-25 00:00:00
CVE-2018-15856
2018-08-25 00:00:00
prion
prion
Design/Logic Flaw
2018-08-25 21:29:00
Code injection
2018-08-25 21:29:00
Null pointer dereference
2018-08-25 21:29:00
cve
cve
CVE-2018-15853
2018-08-25 21:29:00
CVE-2018-15856
2018-08-25 21:29:00
CVE-2018-14598
2018-08-24 19:29:00
redhatcve
redhatcve
CVE-2018-15857
2018-08-28 12:20:23
CVE-2018-15864
2018-08-28 12:21:39
CVE-2018-15853
2018-08-28 12:20:38
debiancve
debiancve
CVE-2018-15857
2018-08-25 21:29:00
CVE-2018-15856
2018-08-25 21:29:00
CVE-2018-15854
2018-08-25 21:29:00
alpinelinux
alpinelinux
CVE-2018-14599
2018-08-24 19:29:00
CVE-2018-14598
2018-08-24 19:29:00
CVE-2018-14600
2018-08-24 19:29:00
github
github
ICYMI: improved C++ vulnerability coverage and CodeQL support for Lombok
2023-10-19 19:14:39

7 High

AI Score

Confidence

High

JSON
Related for AL2_ALAS-2020-1433.NASL
nessus45centos1openvas31redhat1amazon2oraclelinux1mageia2cloudfoundry2suse3ubuntu4gentoo2osv14debian1ibm3slackware1freebsd1fedora3veracode13ubuntucve13prion13cve13redhatcve13debiancve13alpinelinux3github1