Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2024-1307.NASL
HistoryMar 12, 2024 - 12:00 a.m.

EulerOS 2.0 SP8 : xorg-x11-server (EulerOS-SA-2024-1307)

2024-03-1200:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
x.org
use-after-free
privilege escalation
remote code execution
out-of-bounds write
integer overflow

8.4 High

AI Score

Confidence

High

JSON

According to the versions of the xorg-x11-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. (CVE-2023-0494)

  • A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation.
    If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
    (CVE-2023-1393)

  • A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service. (CVE-2023-5367)

  • A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed. (CVE-2023-5380)

  • A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. (CVE-2023-6377)

  • A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information. (CVE-2023-6478)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(191818);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/12");

  script_cve_id(
    "CVE-2023-0494",
    "CVE-2023-1393",
    "CVE-2023-5367",
    "CVE-2023-5380",
    "CVE-2023-6377",
    "CVE-2023-6478"
  );

  script_name(english:"EulerOS 2.0 SP8 : xorg-x11-server (EulerOS-SA-2024-1307)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the xorg-x11-server packages installed, the EulerOS installation on the remote host is
affected by the following vulnerabilities :

  - A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses
    that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed
    memory. This can lead to local privilege elevation on systems where the X server runs privileged and
    remote code execution for ssh X forwarding sessions. (CVE-2023-0494)

  - A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation.
    If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a
    dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
    (CVE-2023-1393)

  - A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect
    calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function
    in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible
    escalation of privileges or denial of service. (CVE-2023-5367)

  - A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and
    legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if
    the pointer is warped from within a window on one screen to the root window of the other screen and if the
    original window is destroyed followed by another window being destroyed. (CVE-2023-5380)

  - A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to
    a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or
    possible remote code execution in cases where X11 forwarding is involved. (CVE-2023-6377)

  - A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or
    RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive
    information. (CVE-2023-6478)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2024-1307
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?47658442");
  script_set_attribute(attribute:"solution", value:
"Update the affected xorg-x11-server packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-6478");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-6377");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/03/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:xorg-x11-server-Xephyr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:xorg-x11-server-Xorg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:xorg-x11-server-Xvfb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:xorg-x11-server-Xwayland");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:xorg-x11-server-common");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "xorg-x11-server-Xephyr-1.20.1-4.h17.eulerosv2r8",
  "xorg-x11-server-Xorg-1.20.1-4.h17.eulerosv2r8",
  "xorg-x11-server-Xvfb-1.20.1-4.h17.eulerosv2r8",
  "xorg-x11-server-Xwayland-1.20.1-4.h17.eulerosv2r8",
  "xorg-x11-server-common-1.20.1-4.h17.eulerosv2r8"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server");
}
VendorProductVersionCPE
huaweieulerosxorg-x11-server-xephyrp-cpe:/a:huawei:euleros:xorg-x11-server-xephyr
huaweieulerosxorg-x11-server-xorgp-cpe:/a:huawei:euleros:xorg-x11-server-xorg
huaweieulerosxorg-x11-server-xvfbp-cpe:/a:huawei:euleros:xorg-x11-server-xvfb
huaweieulerosxorg-x11-server-xwaylandp-cpe:/a:huawei:euleros:xorg-x11-server-xwayland
huaweieulerosxorg-x11-server-commonp-cpe:/a:huawei:euleros:xorg-x11-server-common
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Related

openvas 48
nessus 75
oraclelinux 7
osv 11
redhat 16
almalinux 3
fedora 12
redos 2
slackware 2
mageia 3
ubuntu 4
amazon 4
debian 4
rosalinux 2
freebsd 2
centos 2
gentoo 1
cbl_mariner 1
openvas
openvas
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1709)
2024-05-17 00:00:00
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2024-1307)
2024-03-12 00:00:00
Huawei EulerOS: Security Advisory for tigervnc (EulerOS-SA-2024-1304)
2024-03-12 00:00:00
nessus
nessus
EulerOS Virtualization 3.0.6.0 : xorg-x11-server (EulerOS-SA-2024-1709)
2024-05-17 00:00:00
EulerOS 2.0 SP8 : tigervnc (EulerOS-SA-2024-1304)
2024-03-12 00:00:00
RHEL 9 : tigervnc (RHSA-2024:0010)
2024-01-02 00:00:00
oraclelinux
oraclelinux
tigervnc security update
2024-01-03 00:00:00
tigervnc security update
2024-01-04 00:00:00
tigervnc security update
2023-11-22 00:00:00
osv
osv
Important: tigervnc security update
2024-01-02 00:00:00
xorg-server - security update
2023-12-13 00:00:00
xorg-server, xwayland vulnerabilities
2023-12-13 13:23:48
redhat
redhat
(RHSA-2024:0010) Important: tigervnc security update
2024-01-02 06:50:57
(RHSA-2024:0015) Important: tigervnc security update
2024-01-02 06:53:55
(RHSA-2024:0020) Important: tigervnc security update
2024-01-02 06:54:35
almalinux
almalinux
Important: tigervnc security update
2024-01-02 00:00:00
Important: tigervnc security update
2024-01-02 00:00:00
Moderate: xorg-x11-server security update
2024-04-30 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: xorg-x11-server-1.20.14-28.fc38
2024-01-11 02:16:48
[SECURITY] Fedora 38 Update: tigervnc-1.13.1-6.fc38
2023-11-13 01:29:19
[SECURITY] Fedora 37 Update: tigervnc-1.13.1-6.fc37
2023-11-18 01:33:23
redos
redos
ROS-20240408-08
2024-04-08 00:00:00
ROS-20231114-02
2023-11-14 00:00:00
slackware
slackware
[slackware-security] xorg-server
2023-10-26 20:01:09
[slackware-security] xorg-server
2023-12-13 22:08:24
mageia
mageia
Updated tigervnc packages fix security vulnerabilities
2023-11-20 13:04:11
Updated x11-server and tigervnc packages fix security vulnerabilities
2024-01-15 01:23:43
Updated x11-server packages fix security vulnerabilities
2023-11-07 02:08:32
ubuntu
ubuntu
X.Org X Server vulnerabilities
2023-10-31 00:00:00
X.Org X Server vulnerabilities
2023-10-25 00:00:00
X.Org X Server vulnerabilities
2023-12-13 00:00:00
amazon
amazon
Important: xorg-x11-server
2023-11-10 17:32:00
Important: xorg-x11-server
2023-11-09 19:19:00
Important: xorg-x11-server
2024-01-03 21:04:00
debian
debian
[SECURITY] [DSA 5534-1] xorg-server security update
2023-10-25 14:45:55
[SECURITY] [DLA 3686-1] xorg-server security update
2023-12-13 08:30:41
[SECURITY] [DSA 5576-1] xorg-server security update
2023-12-13 07:03:16
rosalinux
rosalinux
Advisory ROSA-SA-2024-2325
2024-01-23 12:18:22
Advisory ROSA-SA-2024-2324
2024-01-23 12:14:57
freebsd
freebsd
xorg-server -- Multiple vulnerabilities
2023-12-13 00:00:00
xorg-server -- Multiple vulnerabilities
2023-10-25 00:00:00
centos
centos
xorg security update
2024-01-12 19:00:25
tigervnc security update
2024-01-12 19:01:36
gentoo
gentoo
X.Org X Server, XWayland: Multiple Vulnerabilities
2024-01-31 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-5367 affecting package xorg-x11-server for versions less than 1.20.10-10
2024-04-09 20:48:36

8.4 High

AI Score

Confidence

High

JSON
Related for EULEROS_SA-2024-1307.NASL
openvas48nessus75oraclelinux7osv11redhat16almalinux3fedora12redos2slackware2mageia3ubuntu4amazon4debian4rosalinux2freebsd2centos2gentoo1cbl_mariner1