Lucene search
This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.CENTOS_RHSA-2007-0003.NASLHistoryJan 17, 2007 - 12:00 a.m.
CentOS 4 : xorg-x11 (CESA-2007:0003)
2007-01-1700:00:00
This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.5%
Updated X.org packages that fix a security issue are now available for Red Hat Enterprise Linux 4.
This update has been rated as having important security impact by the Red Hat Security Response Team.
X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.
iDefense reported three integer overflow flaws in the X.org Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103)
Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2007:0003 and
# CentOS Errata and Security Advisory 2007:0003 respectively.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(24023);
script_version("1.16");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2006-6101", "CVE-2006-6102", "CVE-2006-6103");
script_bugtraq_id(21968);
script_xref(name:"RHSA", value:"2007:0003");
script_name(english:"CentOS 4 : xorg-x11 (CESA-2007:0003)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote CentOS host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated X.org packages that fix a security issue are now available for
Red Hat Enterprise Linux 4.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
X.org is an open source implementation of the X Window System. It
provides the basic low-level functionality that full-fledged graphical
user interfaces are designed upon.
iDefense reported three integer overflow flaws in the X.org Render and
DBE extensions. A malicious authorized client could exploit this issue
to cause a denial of service (crash) or potentially execute arbitrary
code with root privileges on the X.org server. (CVE-2006-6101,
CVE-2006-6102, CVE-2006-6103)
Users of X.org should upgrade to these updated packages, which contain
a backported patch and is not vulnerable to this issue."
);
# https://lists.centos.org/pipermail/centos-announce/2007-January/013469.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?44e7684a"
);
# https://lists.centos.org/pipermail/centos-announce/2007-January/013476.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?fa16e88c"
);
# https://lists.centos.org/pipermail/centos-announce/2007-January/013477.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?69fd1b36"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected xorg-x11 packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libgsf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:libgsf-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Mesa-libGL");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Mesa-libGLU");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Xdmx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Xnest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-Xvfb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-deprecated-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-deprecated-libs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-font-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-sdk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-twm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-xauth");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-xdm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:xorg-x11-xfs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/31");
script_set_attribute(attribute:"patch_publication_date", value:"2007/01/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"CentOS Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);
if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
flag = 0;
if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"libgsf-1.10.1-2")) flag++;
if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"libgsf-devel-1.10.1-2")) flag++;
if (rpm_check(release:"CentOS-4", reference:"xorg-x11-6.8.2-1.EL.13.37.5")) flag++;
if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Mesa-libGL-6.8.2-1.EL.13.37.5")) flag++;
if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Mesa-libGLU-6.8.2-1.EL.13.37.5")) flag++;
if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Xdmx-6.8.2-1.EL.13.37.5")) flag++;
if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Xnest-6.8.2-1.EL.13.37.5")) flag++;
if (rpm_check(release:"CentOS-4", reference:"xorg-x11-Xvfb-6.8.2-1.EL.13.37.5")) flag++;
if (rpm_check(release:"CentOS-4", reference:"xorg-x11-deprecated-libs-6.8.2-1.EL.13.37.5")) flag++;
if (rpm_check(release:"CentOS-4", reference:"xorg-x11-deprecated-libs-devel-6.8.2-1.EL.13.37.5")) flag++;
if (rpm_check(release:"CentOS-4", reference:"xorg-x11-devel-6.8.2-1.EL.13.37.5")) flag++;
if (rpm_check(release:"CentOS-4", reference:"xorg-x11-doc-6.8.2-1.EL.13.37.5")) flag++;
if (rpm_check(release:"CentOS-4", reference:"xorg-x11-font-utils-6.8.2-1.EL.13.37.5")) flag++;
if (rpm_check(release:"CentOS-4", reference:"xorg-x11-libs-6.8.2-1.EL.13.37.5")) flag++;
if (rpm_check(release:"CentOS-4", reference:"xorg-x11-sdk-6.8.2-1.EL.13.37.5")) flag++;
if (rpm_check(release:"CentOS-4", reference:"xorg-x11-tools-6.8.2-1.EL.13.37.5")) flag++;
if (rpm_check(release:"CentOS-4", reference:"xorg-x11-twm-6.8.2-1.EL.13.37.5")) flag++;
if (rpm_check(release:"CentOS-4", reference:"xorg-x11-xauth-6.8.2-1.EL.13.37.5")) flag++;
if (rpm_check(release:"CentOS-4", reference:"xorg-x11-xdm-6.8.2-1.EL.13.37.5")) flag++;
if (rpm_check(release:"CentOS-4", reference:"xorg-x11-xfs-6.8.2-1.EL.13.37.5")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgsf / libgsf-devel / xorg-x11 / xorg-x11-Mesa-libGL / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| centos | centos | libgsf | p-cpe:/a:centos:centos:libgsf |
| centos | centos | libgsf-devel | p-cpe:/a:centos:centos:libgsf-devel |
| centos | centos | xorg-x11 | p-cpe:/a:centos:centos:xorg-x11 |
| centos | centos | xorg-x11-mesa-libgl | p-cpe:/a:centos:centos:xorg-x11-mesa-libgl |
| centos | centos | xorg-x11-mesa-libglu | p-cpe:/a:centos:centos:xorg-x11-mesa-libglu |
| centos | centos | xorg-x11-xdmx | p-cpe:/a:centos:centos:xorg-x11-xdmx |
| centos | centos | xorg-x11-xnest | p-cpe:/a:centos:centos:xorg-x11-xnest |
| centos | centos | xorg-x11-xvfb | p-cpe:/a:centos:centos:xorg-x11-xvfb |
| centos | centos | xorg-x11-deprecated-libs | p-cpe:/a:centos:centos:xorg-x11-deprecated-libs |
| centos | centos | xorg-x11-deprecated-libs-devel | p-cpe:/a:centos:centos:xorg-x11-deprecated-libs-devel |
Related
nessus
nessus
Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2007:005)
2007-02-18 00:00:00
SuSE 10 Security Update : xorg-x11-server (ZYPP Patch Number 2449)
2007-12-13 00:00:00
Debian DSA-1249-1 : xfree86 - several vulnerabilities
2007-01-17 00:00:00
gentoo
gentoo
X.Org X server: Multiple vulnerabilities
2007-01-27 00:00:00
openvas
openvas
HP-UX Update for Xserver HPSBUX02225
2009-05-05 00:00:00
Gentoo Security Advisory GLSA 200701-25 (X.Org)
2008-09-24 00:00:00
Slackware Advisory SSA:2007-066-02 x11
2012-09-11 00:00:00
centos
centos
XFree86 security update
2007-01-14 23:13:01
libgsf, xorg security update
2007-01-11 19:01:11
XFree86 security update
2007-01-10 19:02:34
altlinux
altlinux
ubuntu
ubuntu
X.org vulnerabilities
2007-01-09 00:00:00
debian
debian
[SECURITY] [DSA 1249-1] New xfree86 packages fix privilege escalation
2007-01-15 23:09:41
securityvulns
securityvulns
X.org / XFree68 multiple integer overflows
2007-01-10 00:00:00
[USN-403-1] X.org vulnerabilities
2007-01-09 00:00:00
oraclelinux
oraclelinux
Important: xorg-x11 security update
2007-01-12 00:00:00
Important: XFree86 security update
2007-03-22 00:00:00
Important: xorg-x11 security update
2007-04-04 00:00:00
redhat
redhat
(RHSA-2007:0002) Important: XFree86 security update
2007-01-10 00:00:00
(RHSA-2007:0003) Important: xorg-x11 security update
2007-01-10 00:00:00
osv
osv
xfree86
2007-01-15 00:00:00
slackware
slackware
[slackware-security] x11
2007-03-08 02:36:15
suse
suse
local privilege escalation in XFree86-server,xorg-x11-server,xloader
2007-01-12 17:40:25
debiancve
debiancve
ubuntucve
ubuntucve
nvd
nvd
cve
cve
cvelist
cvelist
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.5%
Related for CENTOS_RHSA-2007-0003.NASL