FreeBSD : FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1) (fee94342-4638-11e1-9f47-00e0815b8da8)
2012-01-31T00:00:00
ID FREEBSD_PKG_FEE94342463811E19F4700E0815B8DA8.NASL Type nessus Reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2019-11-02T00:00:00
Description
The code used to decompress a file created by compress(1) does not do
sufficient boundary checks on compressed code words, allowing
reference beyond the decompression table, which may result in a stack
overflow or an infinite loop when the decompressor encounters a
corrupted file.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2018 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
# copyright notice, this list of conditions and the following
# disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
# published online in any format, converted to PDF, PostScript,
# RTF and other formats) must reproduce the above copyright
# notice, this list of conditions and the following disclaimer
# in the documentation and/or other materials provided with the
# distribution.
#
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
include("compat.inc");
if (description)
{
script_id(57743);
script_version("1.8");
script_cvs_date("Date: 2018/11/10 11:49:43");
script_cve_id("CVE-2011-2895");
script_bugtraq_id(49124);
script_xref(name:"FreeBSD", value:"SA-11:04.compress");
script_name(english:"FreeBSD : FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1) (fee94342-4638-11e1-9f47-00e0815b8da8)");
script_summary(english:"Checks for updated packages in pkg_info output");
script_set_attribute(
attribute:"synopsis",
value:
"The remote FreeBSD host is missing one or more security-related
updates."
);
script_set_attribute(
attribute:"description",
value:
"The code used to decompress a file created by compress(1) does not do
sufficient boundary checks on compressed code words, allowing
reference beyond the decompression table, which may result in a stack
overflow or an infinite loop when the decompressor encounters a
corrupted file."
);
# https://vuxml.freebsd.org/freebsd/fee94342-4638-11e1-9f47-00e0815b8da8.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?a2ef30a6"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:FreeBSD");
script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/09/28");
script_set_attribute(attribute:"patch_publication_date", value:"2012/01/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/31");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"FreeBSD Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info", "Settings/ParanoidReport");
exit(0);
}
include("audit.inc");
include("freebsd_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
if (report_paranoia < 2) audit(AUDIT_PARANOID);
flag = 0;
if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=7.3<7.3_7")) flag++;
if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=7.4<7.4_3")) flag++;
if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=8.1<8.1_5")) flag++;
if (pkg_test(save_report:TRUE, pkg:"FreeBSD>=8.2<8.2_3")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "FREEBSD_PKG_FEE94342463811E19F4700E0815B8DA8.NASL", "bulletinFamily": "scanner", "title": "FreeBSD : FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1) (fee94342-4638-11e1-9f47-00e0815b8da8)", "description": "The code used to decompress a file created by compress(1) does not do\nsufficient boundary checks on compressed code words, allowing\nreference beyond the decompression table, which may result in a stack\noverflow or an infinite loop when the decompressor encounters a\ncorrupted file.", "published": "2012-01-31T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/57743", "reporter": "This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?a2ef30a6"], "cvelist": ["CVE-2011-2895"], "type": "nessus", "lastseen": "2019-11-01T02:40:10", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2011-2895"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The code used to decompress a file created by compress(1) does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted file.", "edition": 1, "enchantments": {}, "hash": "8e3bf2061f12ecbac404249add339b1af17afd9fb9cb9a94803772bb4e205b00", "hashmap": [{"hash": "8e164870fc6b632e016df4df1bfc7c68", "key": "cvelist"}, {"hash": "fe45aa727b58c1249bf04cfb7b4e6ae0", "key": "naslFamily"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "02de4c81864da6a5a0ff4d4ee6749dc6", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2d5b44735d470318a5fbc22d7068d5ca", "key": "modified"}, {"hash": "2bf376b8083f2b0de98d20806bccdf49", "key": "references"}, {"hash": "d2032140a075606c34de605a01ae103f", "key": "href"}, {"hash": "74ad87cc7aafa51f309b8aa1d833c2b0", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "9e1e6f50f8066d550581ecb849aa01c5", "key": "sourceData"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "22dd0611a1dc8a3647278634728756ec", "key": "description"}, {"hash": "1cf29fccb351002a3b6777783181e2d0", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57743", "id": "FREEBSD_PKG_FEE94342463811E19F4700E0815B8DA8.NASL", "lastseen": "2016-09-26T17:25:59", "modified": "2016-05-05T00:00:00", "naslFamily": "FreeBSD Local Security Checks", "objectVersion": "1.2", "pluginID": "57743", "published": "2012-01-31T00:00:00", "references": ["http://www.nessus.org/u?3ca1f64f"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2016 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57743);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2016/05/05 16:01:15 $\");\n\n script_cve_id(\"CVE-2011-2895\");\n script_bugtraq_id(49124);\n script_osvdb_id(74927);\n script_xref(name:\"FreeBSD\", value:\"SA-11:04.compress\");\n\n script_name(english:\"FreeBSD : FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1) (fee94342-4638-11e1-9f47-00e0815b8da8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The code used to decompress a file created by compress(1) does not do\nsufficient boundary checks on compressed code words, allowing\nreference beyond the decompression table, which may result in a stack\noverflow or an infinite loop when the decompressor encounters a\ncorrupted file.\"\n );\n # http://www.freebsd.org/ports/portaudit/fee94342-4638-11e1-9f47-00e0815b8da8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ca1f64f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:FreeBSD\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=7.3<7.3_7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=7.4<7.4_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=8.1<8.1_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=8.2<8.2_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "FreeBSD : FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1) (fee94342-4638-11e1-9f47-00e0815b8da8)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:59"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:FreeBSD"], "cvelist": ["CVE-2011-2895"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The code used to decompress a file created by compress(1) does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted file.", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-02-21T01:15:56", "references": [{"idList": ["GLSA-201402-23"], "type": "gentoo"}, {"idList": ["USN-1191-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-2293-1:771F2"], "type": "debian"}, {"idList": ["CVE-2011-2895"], "type": "cve"}, {"idList": ["304409C3-C3EF-11E0-8AA5-485D60CB5385", "FEE94342-4638-11E1-9F47-00E0815B8DA8"], "type": "freebsd"}, {"idList": ["CESA-2011:1155", "CESA-2011:1154", "CESA-2011:1161"], "type": "centos"}, {"idList": ["SUSE-SU-2011:1035-2", "SUSE-SU-2011:1306-1", "SUSE-SU-2012:0553-1", "OPENSUSE-SU-2011:1299-1", "SUSE-SU-2011:1035-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310122111", "OPENVAS:840721", "OPENVAS:880993", "OPENVAS:1361412562310870467", "OPENVAS:881438", "OPENVAS:1361412562310870465", "OPENVAS:1361412562310880993", "OPENVAS:880965", "OPENVAS:136141256231070229", "OPENVAS:870467"], "type": "openvas"}, {"idList": ["ELSA-2011-1154", "ELSA-2011-1155", "ELSA-2011-1161"], "type": "oraclelinux"}, {"idList": ["RHSA-2011:1154", "RHSA-2011:1834", "RHSA-2011:1155", "RHSA-2011:1161"], "type": "redhat"}, {"idList": ["SECURITYVULNS:VULN:12518", "SECURITYVULNS:DOC:26853", "SECURITYVULNS:DOC:27600", "SECURITYVULNS:VULN:11864", "SECURITYVULNS:VULN:12164"], "type": "securityvulns"}, {"idList": ["SL_20110811_LIBXFONT_ON_SL5_X.NASL", "DEBIAN_DSA-2293.NASL", "SL_20110811_XORG_X11_ON_SL4_X.NASL", "SUSE_XORG-X11-7759.NASL", "SUSE_11_3_LIBPCIACCESS0-110905.NASL", "FREEBSD_PKG_304409C3C3EF11E08AA5485D60CB5385.NASL", "REDHAT-RHSA-2011-1154.NASL", "SUSE_11_4_LIBPCIACCESS0-110905.NASL", "ORACLELINUX_ELSA-2011-1155.NASL", "REDHAT-RHSA-2011-1155.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-02-21T01:15:56", "value": 7.8, "vector": "NONE"}}, "hash": "63bdf16b1307be4d35c2a0f183e4f6dbb4f1b0464a1d17fa7085766599d5f646", "hashmap": [{"hash": "8e164870fc6b632e016df4df1bfc7c68", "key": "cvelist"}, {"hash": "fe45aa727b58c1249bf04cfb7b4e6ae0", "key": "naslFamily"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "60de4d13b192fc27ac22008a21dad98c", "key": "cpe"}, {"hash": "02de4c81864da6a5a0ff4d4ee6749dc6", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d2032140a075606c34de605a01ae103f", "key": "href"}, {"hash": "74ad87cc7aafa51f309b8aa1d833c2b0", "key": "pluginID"}, {"hash": "d62b85852dd11396e4e23ffed7557af2", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "22dd0611a1dc8a3647278634728756ec", "key": "description"}, {"hash": "1cf29fccb351002a3b6777783181e2d0", "key": "published"}, {"hash": "718905b50d822d05b3b72e4bc3e28696", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57743", "id": "FREEBSD_PKG_FEE94342463811E19F4700E0815B8DA8.NASL", "lastseen": "2019-02-21T01:15:56", "modified": "2018-11-10T00:00:00", "naslFamily": "FreeBSD Local Security Checks", "objectVersion": "1.3", "pluginID": "57743", "published": "2012-01-31T00:00:00", "references": ["http://www.nessus.org/u?a2ef30a6"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57743);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:43\");\n\n script_cve_id(\"CVE-2011-2895\");\n script_bugtraq_id(49124);\n script_xref(name:\"FreeBSD\", value:\"SA-11:04.compress\");\n\n script_name(english:\"FreeBSD : FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1) (fee94342-4638-11e1-9f47-00e0815b8da8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The code used to decompress a file created by compress(1) does not do\nsufficient boundary checks on compressed code words, allowing\nreference beyond the decompression table, which may result in a stack\noverflow or an infinite loop when the decompressor encounters a\ncorrupted file.\"\n );\n # https://vuxml.freebsd.org/freebsd/fee94342-4638-11e1-9f47-00e0815b8da8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a2ef30a6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:FreeBSD\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=7.3<7.3_7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=7.4<7.4_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=8.1<8.1_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=8.2<8.2_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "FreeBSD : FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1) (fee94342-4638-11e1-9f47-00e0815b8da8)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss", "description", "reporter", "modified", "href"], "edition": 8, "lastseen": "2019-02-21T01:15:56"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:FreeBSD"], "cvelist": ["CVE-2011-2895"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "The code used to decompress a file created by compress(1) does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted file.", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "97f5cc4f1f9cb4c07f25ce2689150fbec6e7eb34ade690547dba4f135d5648a0", "hashmap": [{"hash": "8e164870fc6b632e016df4df1bfc7c68", "key": "cvelist"}, {"hash": "fe45aa727b58c1249bf04cfb7b4e6ae0", "key": "naslFamily"}, {"hash": "60de4d13b192fc27ac22008a21dad98c", "key": "cpe"}, {"hash": "02de4c81864da6a5a0ff4d4ee6749dc6", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2bf376b8083f2b0de98d20806bccdf49", "key": "references"}, {"hash": "e3da22819dd9cc8296d561d46b4d725a", "key": "modified"}, {"hash": "d2032140a075606c34de605a01ae103f", "key": "href"}, {"hash": "74ad87cc7aafa51f309b8aa1d833c2b0", "key": "pluginID"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "22dd0611a1dc8a3647278634728756ec", "key": "description"}, {"hash": "1cf29fccb351002a3b6777783181e2d0", "key": "published"}, {"hash": "0e4ee05ffdb51021cc55be854e3d3f95", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57743", "id": "FREEBSD_PKG_FEE94342463811E19F4700E0815B8DA8.NASL", "lastseen": "2018-08-30T19:52:53", "modified": "2018-07-11T00:00:00", "naslFamily": "FreeBSD Local Security Checks", "objectVersion": "1.3", "pluginID": "57743", "published": "2012-01-31T00:00:00", "references": ["http://www.nessus.org/u?3ca1f64f"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2016 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57743);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/11 17:09:25\");\n\n script_cve_id(\"CVE-2011-2895\");\n script_bugtraq_id(49124);\n script_xref(name:\"FreeBSD\", value:\"SA-11:04.compress\");\n\n script_name(english:\"FreeBSD : FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1) (fee94342-4638-11e1-9f47-00e0815b8da8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The code used to decompress a file created by compress(1) does not do\nsufficient boundary checks on compressed code words, allowing\nreference beyond the decompression table, which may result in a stack\noverflow or an infinite loop when the decompressor encounters a\ncorrupted file.\"\n );\n # http://www.freebsd.org/ports/portaudit/fee94342-4638-11e1-9f47-00e0815b8da8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ca1f64f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:FreeBSD\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=7.3<7.3_7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=7.4<7.4_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=8.1<8.1_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=8.2<8.2_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "FreeBSD : FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1) (fee94342-4638-11e1-9f47-00e0815b8da8)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:52:53"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:FreeBSD"], "cvelist": ["CVE-2011-2895"], "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "description": "The code used to decompress a file created by compress(1) does not do\nsufficient boundary checks on compressed code words, allowing\nreference beyond the decompression table, which may result in a stack\noverflow or an infinite loop when the decompressor encounters a\ncorrupted file.", "edition": 9, "enchantments": {"dependencies": {"modified": "2019-10-28T20:23:46", "references": [{"idList": ["GLSA-201402-23"], "type": "gentoo"}, {"idList": ["USN-1191-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DSA-2293-1:771F2"], "type": "debian"}, {"idList": ["CVE-2011-2895"], "type": "cve"}, {"idList": ["304409C3-C3EF-11E0-8AA5-485D60CB5385", "FEE94342-4638-11E1-9F47-00E0815B8DA8"], "type": "freebsd"}, {"idList": ["CESA-2011:1155", "CESA-2011:1154", "CESA-2011:1161"], "type": "centos"}, {"idList": ["OPENVAS:70415", "OPENVAS:136141256231070415", "OPENVAS:1361412562310122111", "OPENVAS:840721", "OPENVAS:1361412562310870467", "OPENVAS:881438", "OPENVAS:1361412562310870465", "OPENVAS:1361412562310880993", "OPENVAS:136141256231070229", "OPENVAS:870467"], "type": "openvas"}, {"idList": ["SECURITYVULNS:VULN:12518", "SECURITYVULNS:DOC:26853", "SECURITYVULNS:DOC:27600", "SECURITYVULNS:VULN:11864"], "type": "securityvulns"}, {"idList": ["SUSE-SU-2011:1035-2", "SUSE-SU-2011:1306-1", "SUSE-SU-2012:0553-1", "OPENSUSE-SU-2011:1299-1", "SUSE-SU-2011:1035-1"], "type": "suse"}, {"idList": ["ELSA-2011-1154", "ELSA-2011-1155", "ELSA-2011-1161"], "type": "oraclelinux"}, {"idList": ["RHSA-2011:1154", "RHSA-2011:1834", "RHSA-2011:1155", "RHSA-2011:1161"], "type": "redhat"}, {"idList": ["SL_20110811_LIBXFONT_ON_SL5_X.NASL", "DEBIAN_DSA-2293.NASL", "SL_20110811_XORG_X11_ON_SL4_X.NASL", "SUSE_XORG-X11-7759.NASL", "SUSE_11_3_LIBPCIACCESS0-110905.NASL", "FREEBSD_PKG_304409C3C3EF11E08AA5485D60CB5385.NASL", "REDHAT-RHSA-2011-1154.NASL", "SUSE_11_4_LIBPCIACCESS0-110905.NASL", "ORACLELINUX_ELSA-2011-1155.NASL", "REDHAT-RHSA-2011-1155.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-10-28T20:23:46", "value": 7.8, "vector": "NONE"}}, "hash": "0bde3cdf049bf60df507e68103033ab0c595b64d0bac6dae9623ae821aad1103", "hashmap": [{"hash": "8e164870fc6b632e016df4df1bfc7c68", "key": "cvelist"}, {"hash": "fe45aa727b58c1249bf04cfb7b4e6ae0", "key": "naslFamily"}, {"hash": "60de4d13b192fc27ac22008a21dad98c", "key": "cpe"}, {"hash": "02de4c81864da6a5a0ff4d4ee6749dc6", "key": "title"}, {"hash": "c4237cc1f1c7408c19d0f686ab016e78", "key": "description"}, {"hash": "d726e774add6189e33cf2ea0c61a2ba5", "key": "cvss"}, {"hash": "0d886bee850968fe77ec402a0e4e5030", "key": "reporter"}, {"hash": "74ad87cc7aafa51f309b8aa1d833c2b0", "key": "pluginID"}, {"hash": "089258b6a42b1d4c38468ada7ec323a5", "key": "href"}, {"hash": "d62b85852dd11396e4e23ffed7557af2", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "1cf29fccb351002a3b6777783181e2d0", "key": "published"}, {"hash": "718905b50d822d05b3b72e4bc3e28696", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/57743", "id": "FREEBSD_PKG_FEE94342463811E19F4700E0815B8DA8.NASL", "lastseen": "2019-10-28T20:23:46", "modified": "2019-10-02T00:00:00", "naslFamily": "FreeBSD Local Security Checks", "objectVersion": "1.3", "pluginID": "57743", "published": "2012-01-31T00:00:00", "references": ["http://www.nessus.org/u?a2ef30a6"], "reporter": "This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57743);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:43\");\n\n script_cve_id(\"CVE-2011-2895\");\n script_bugtraq_id(49124);\n script_xref(name:\"FreeBSD\", value:\"SA-11:04.compress\");\n\n script_name(english:\"FreeBSD : FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1) (fee94342-4638-11e1-9f47-00e0815b8da8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The code used to decompress a file created by compress(1) does not do\nsufficient boundary checks on compressed code words, allowing\nreference beyond the decompression table, which may result in a stack\noverflow or an infinite loop when the decompressor encounters a\ncorrupted file.\"\n );\n # https://vuxml.freebsd.org/freebsd/fee94342-4638-11e1-9f47-00e0815b8da8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a2ef30a6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:FreeBSD\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=7.3<7.3_7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=7.4<7.4_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=8.1<8.1_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=8.2<8.2_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "FreeBSD : FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1) (fee94342-4638-11e1-9f47-00e0815b8da8)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 9, "lastseen": "2019-10-28T20:23:46"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:FreeBSD"], "cvelist": ["CVE-2011-2895"], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The code used to decompress a file created by compress(1) does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted file.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "3a89560b642ac2ee54e252c6118097559d3c0c364dfd728d1e66954701d7a2fc", "hashmap": [{"hash": "8e164870fc6b632e016df4df1bfc7c68", "key": "cvelist"}, {"hash": "fe45aa727b58c1249bf04cfb7b4e6ae0", "key": "naslFamily"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "60de4d13b192fc27ac22008a21dad98c", "key": "cpe"}, {"hash": "02de4c81864da6a5a0ff4d4ee6749dc6", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "2d5b44735d470318a5fbc22d7068d5ca", "key": "modified"}, {"hash": "2bf376b8083f2b0de98d20806bccdf49", "key": "references"}, {"hash": "d2032140a075606c34de605a01ae103f", "key": "href"}, {"hash": "74ad87cc7aafa51f309b8aa1d833c2b0", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "9e1e6f50f8066d550581ecb849aa01c5", "key": "sourceData"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "22dd0611a1dc8a3647278634728756ec", "key": "description"}, {"hash": "1cf29fccb351002a3b6777783181e2d0", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=57743", "id": "FREEBSD_PKG_FEE94342463811E19F4700E0815B8DA8.NASL", "lastseen": "2017-10-29T13:43:09", "modified": "2016-05-05T00:00:00", "naslFamily": "FreeBSD Local Security Checks", "objectVersion": "1.3", "pluginID": "57743", "published": "2012-01-31T00:00:00", "references": ["http://www.nessus.org/u?3ca1f64f"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2016 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57743);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2016/05/05 16:01:15 $\");\n\n script_cve_id(\"CVE-2011-2895\");\n script_bugtraq_id(49124);\n script_osvdb_id(74927);\n script_xref(name:\"FreeBSD\", value:\"SA-11:04.compress\");\n\n script_name(english:\"FreeBSD : FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1) (fee94342-4638-11e1-9f47-00e0815b8da8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The code used to decompress a file created by compress(1) does not do\nsufficient boundary checks on compressed code words, allowing\nreference beyond the decompression table, which may result in a stack\noverflow or an infinite loop when the decompressor encounters a\ncorrupted file.\"\n );\n # http://www.freebsd.org/ports/portaudit/fee94342-4638-11e1-9f47-00e0815b8da8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ca1f64f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:FreeBSD\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=7.3<7.3_7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=7.4<7.4_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=8.1<8.1_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=8.2<8.2_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "FreeBSD : FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1) (fee94342-4638-11e1-9f47-00e0815b8da8)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:43:09"}], "edition": 10, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "60de4d13b192fc27ac22008a21dad98c"}, {"key": "cvelist", "hash": "8e164870fc6b632e016df4df1bfc7c68"}, {"key": "cvss", "hash": "d726e774add6189e33cf2ea0c61a2ba5"}, {"key": "description", "hash": "c4237cc1f1c7408c19d0f686ab016e78"}, {"key": "href", "hash": "089258b6a42b1d4c38468ada7ec323a5"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "fe45aa727b58c1249bf04cfb7b4e6ae0"}, {"key": "pluginID", "hash": "74ad87cc7aafa51f309b8aa1d833c2b0"}, {"key": "published", "hash": "1cf29fccb351002a3b6777783181e2d0"}, {"key": "references", "hash": "d62b85852dd11396e4e23ffed7557af2"}, {"key": "reporter", "hash": "0d886bee850968fe77ec402a0e4e5030"}, {"key": "sourceData", "hash": "718905b50d822d05b3b72e4bc3e28696"}, {"key": "title", "hash": "02de4c81864da6a5a0ff4d4ee6749dc6"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "ef2768737150f026faf27fa1f76b53aa5e3e566e820da75d58b9369453579616", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-2895"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2011:1299-1", "SUSE-SU-2011:1035-2", "SUSE-SU-2011:1035-1", "SUSE-SU-2011:1306-1", "SUSE-SU-2012:0553-1"]}, {"type": "redhat", "idList": ["RHSA-2011:1155", "RHSA-2011:1154", "RHSA-2011:1161", "RHSA-2011:1834"]}, {"type": "freebsd", "idList": ["304409C3-C3EF-11E0-8AA5-485D60CB5385", "FEE94342-4638-11E1-9F47-00E0815B8DA8"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11864", "SECURITYVULNS:DOC:26853", "SECURITYVULNS:VULN:12518", "SECURITYVULNS:DOC:27600"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310122111", "OPENVAS:840721", "OPENVAS:1361412562310870467", "OPENVAS:870467", "OPENVAS:136141256231070229", "OPENVAS:1361412562310870465", "OPENVAS:1361412562310880993", "OPENVAS:881438", "OPENVAS:70415", "OPENVAS:880993"]}, {"type": "nessus", "idList": ["SUSE_11_4_LIBPCIACCESS0-110905.NASL", "SUSE_11_3_LIBPCIACCESS0-110905.NASL", "FREEBSD_PKG_304409C3C3EF11E08AA5485D60CB5385.NASL", "REDHAT-RHSA-2011-1155.NASL", "DEBIAN_DSA-2293.NASL", "SL_20110811_XORG_X11_ON_SL4_X.NASL", "SL_20110811_LIBXFONT_ON_SL5_X.NASL", "SUSE_XORG-X11-7759.NASL", "ORACLELINUX_ELSA-2011-1155.NASL", "REDHAT-RHSA-2011-1154.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2293-1:771F2"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1154", "ELSA-2011-1161", "ELSA-2011-1155"]}, {"type": "centos", "idList": ["CESA-2011:1161", "CESA-2011:1155", "CESA-2011:1154"]}, {"type": "ubuntu", "idList": ["USN-1191-1"]}, {"type": "gentoo", "idList": ["GLSA-201402-23"]}], "modified": "2019-11-01T02:40:10"}, "score": {"value": 7.8, "vector": "NONE", "modified": "2019-11-01T02:40:10"}, "vulnersScore": 7.8}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57743);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:43\");\n\n script_cve_id(\"CVE-2011-2895\");\n script_bugtraq_id(49124);\n script_xref(name:\"FreeBSD\", value:\"SA-11:04.compress\");\n\n script_name(english:\"FreeBSD : FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1) (fee94342-4638-11e1-9f47-00e0815b8da8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The code used to decompress a file created by compress(1) does not do\nsufficient boundary checks on compressed code words, allowing\nreference beyond the decompression table, which may result in a stack\noverflow or an infinite loop when the decompressor encounters a\ncorrupted file.\"\n );\n # https://vuxml.freebsd.org/freebsd/fee94342-4638-11e1-9f47-00e0815b8da8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a2ef30a6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:FreeBSD\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=7.3<7.3_7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=7.4<7.4_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=8.1<8.1_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=8.2<8.2_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "pluginID": "57743", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:FreeBSD"], "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:11:16", "bulletinFamily": "NVD", "description": "The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.", "modified": "2017-08-29T01:29:00", "id": "CVE-2011-2895", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2895", "published": "2011-08-19T17:55:00", "title": "CVE-2011-2895", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:41:55", "bulletinFamily": "unix", "description": "Specially crafted font files could cause a buffer overflow\n in applications that use libXfont to load such files\n (CVE-2011-2895).\n\n", "modified": "2011-12-05T18:08:19", "published": "2011-12-05T18:08:19", "id": "OPENSUSE-SU-2011:1299-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html", "title": "xorg-x11-libs (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:47", "bulletinFamily": "unix", "description": "The following bug has been fixed:\n\n * Specially crafted font files could have caused a\n buffer overflow in applications that use libXfont to load\n such files (CVE-2011-2895).\n", "modified": "2011-12-06T21:08:30", "published": "2011-12-06T21:08:30", "id": "SUSE-SU-2011:1035-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00006.html", "type": "suse", "title": "Security update for Xorg-X11 (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:42:58", "bulletinFamily": "unix", "description": "Specially crafted font files could cause a buffer overflow\n in applications that use libXfont to load such files\n (CVE-2011-2895).\n", "modified": "2011-09-13T17:08:18", "published": "2011-09-13T17:08:18", "id": "SUSE-SU-2011:1035-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html", "type": "suse", "title": "Security update for Xorg X11 (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:00", "bulletinFamily": "unix", "description": "This update of freetype2 fixes multiple security flaws that\n could allow attackers to cause a denial of service or to\n execute arbitrary code via specially crafted fonts\n (CVE-2011-3256, CVE-2011-3439, CVE-2011-2895).\n", "modified": "2011-12-08T05:08:24", "published": "2011-12-08T05:08:24", "id": "SUSE-SU-2011:1306-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00007.html", "type": "suse", "title": "Security update for freetype2 (important)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:43:04", "bulletinFamily": "unix", "description": "Specially crafted font files could have caused buffer\n overflows in freetype, which could have been exploited for\n remote code execution.\n", "modified": "2012-04-23T18:08:18", "published": "2012-04-23T18:08:18", "id": "SUSE-SU-2012:0553-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00020.html", "title": "Security update for freetype2 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:33", "bulletinFamily": "unix", "description": "X.Org is an open source implementation of the X Window System. It provides\nthe basic low-level functionality that full-fledged graphical user\ninterfaces are designed upon. These xorg-x11 packages also provide the\nX.Org libXfont runtime library.\n\nA buffer overflow flaw was found in the way the libXfont library, used by\nthe X.Org server, handled malformed font files compressed using UNIX\ncompress. A malicious, local user could exploit this issue to potentially\nexecute arbitrary code with the privileges of the X.Org server.\n(CVE-2011-2895)\n\nUsers of xorg-x11 should upgrade to these updated packages, which contain\na backported patch to resolve this issue. All running X.Org server\ninstances must be restarted for the update to take effect.\n", "modified": "2017-09-08T11:56:14", "published": "2011-08-11T04:00:00", "id": "RHSA-2011:1155", "href": "https://access.redhat.com/errata/RHSA-2011:1155", "type": "redhat", "title": "(RHSA-2011:1155) Important: xorg-x11 security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:35", "bulletinFamily": "unix", "description": "The libXfont packages provide the X.Org libXfont runtime library. X.Org is\nan open source implementation of the X Window System.\n\nA buffer overflow flaw was found in the way the libXfont library, used by\nthe X.Org server, handled malformed font files compressed using UNIX\ncompress. A malicious, local user could exploit this issue to potentially\nexecute arbitrary code with the privileges of the X.Org server.\n(CVE-2011-2895)\n\nUsers of libXfont should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. All running X.Org server instances\nmust be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:18", "published": "2011-08-11T04:00:00", "id": "RHSA-2011:1154", "href": "https://access.redhat.com/errata/RHSA-2011:1154", "type": "redhat", "title": "(RHSA-2011:1154) Important: libXfont security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:47", "bulletinFamily": "unix", "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide both the FreeType 1 and FreeType 2 font\nengines.\n\nA buffer overflow flaw was found in the way the FreeType library handled\nmalformed font files compressed using UNIX compress. If a user loaded a\nspecially-crafted compressed font file with an application linked against\nFreeType, it could cause the application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2011-2895)\n\nNote: This issue only affects the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct this issue. The X server must be restarted (log\nout, then log back in) for this update to take effect.\n", "modified": "2017-09-08T11:55:53", "published": "2011-08-15T04:00:00", "id": "RHSA-2011:1161", "href": "https://access.redhat.com/errata/RHSA-2011:1161", "type": "redhat", "title": "(RHSA-2011:1161) Moderate: freetype security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:24", "bulletinFamily": "unix", "description": "The libXfont packages provide the X.Org libXfont runtime library. X.Org is\nan open source implementation of the X Window System.\n\nA buffer overflow flaw was found in the way the libXfont library, used by\nthe X.Org server, handled malformed font files compressed using UNIX\ncompress. A malicious, local user could exploit this issue to potentially\nexecute arbitrary code with the privileges of the X.Org server.\n(CVE-2011-2895)\n\nUsers of libXfont should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. All running X.Org server instances\nmust be restarted for the update to take effect.\n", "modified": "2017-09-08T12:17:01", "published": "2011-12-19T05:00:00", "id": "RHSA-2011:1834", "href": "https://access.redhat.com/errata/RHSA-2011:1834", "type": "redhat", "title": "(RHSA-2011:1834) Important: libXfont security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:58", "bulletinFamily": "unix", "description": "\nTomas Hoger reports:\n\nThe compress/ LZW decompress implentation does not correctly\n\t handle compressed streams that contain code words that were not\n\t yet added to the decompression table. This may lead to\n\t arbitrary memory corruption. Successfull exploitation may\n\t possible lead to a local privilege escalation.\n\n", "modified": "2012-03-13T00:00:00", "published": "2011-07-26T00:00:00", "id": "304409C3-C3EF-11E0-8AA5-485D60CB5385", "href": "https://vuxml.freebsd.org/freebsd/304409c3-c3ef-11e0-8aa5-485d60cb5385.html", "title": "libXfont -- possible local privilege escalation", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:53", "bulletinFamily": "unix", "description": "\n\nProblem Description:\nThe code used to decompress a file created by compress(1) does not\n\t do sufficient boundary checks on compressed code words, allowing\n\t reference beyond the decompression table, which may result in a\n\t stack overflow or an infinite loop when the decompressor encounters\n\t a corrupted file.\n\n", "modified": "2011-09-28T00:00:00", "published": "2011-09-28T00:00:00", "id": "FEE94342-4638-11E1-9F47-00E0815B8DA8", "href": "https://vuxml.freebsd.org/freebsd/fee94342-4638-11e1-9f47-00e0815b8da8.html", "title": "FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1)", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "description": "Memory corruption on compressed font parsing.", "modified": "2013-08-17T00:00:00", "published": "2013-08-17T00:00:00", "id": "SECURITYVULNS:VULN:11864", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11864", "title": "libXfont memory corruption", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "==========================================================================\r\nUbuntu Security Notice USN-1191-1\r\nAugust 15, 2011\r\n\r\nlibxfont vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nlibXfont could be made to run programs as an administrator if it opened a\r\nspecially crafted file.\r\n\r\nSoftware Description:\r\n- libxfont: X11 font rasterisation library\r\n\r\nDetails:\r\n\r\nTomas Hoger discovered that libXfont incorrectly handled certain malformed\r\ncompressed fonts. An attacker could use a specially crafted font file to\r\ncause libXfont to crash, or possibly execute arbitrary code in order to\r\ngain privileges.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.04:\r\n libxfont1 1:1.4.3-2ubuntu0.1\r\n\r\nUbuntu 10.10:\r\n libxfont1 1:1.4.2-1ubuntu0.1\r\n\r\nUbuntu 10.04 LTS:\r\n libxfont1 1:1.4.1-1ubuntu0.1\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1191-1\r\n CVE-2011-2895\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/libxfont/1:1.4.3-2ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/libxfont/1:1.4.2-1ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/libxfont/1:1.4.1-1ubuntu0.1\r\n\r\n", "modified": "2011-08-17T00:00:00", "published": "2011-08-17T00:00:00", "id": "SECURITYVULNS:DOC:26853", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26853", "title": "[USN-1191-1] libXfont vulnerability", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:48", "bulletinFamily": "software", "description": "Multiple vulnerabilities in different subsystems.", "modified": "2012-08-20T00:00:00", "published": "2012-08-20T00:00:00", "id": "SECURITYVULNS:VULN:12518", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12518", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:43", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001\r\n\r\nOS X Lion v10.7.3 and Security Update 2012-001 is now available and\r\naddresses the following:\r\n\r\nAddress Book\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: An attacker in a privileged network position may intercept\r\nCardDAV data\r\nDescription: Address Book supports Secure Sockets Layer (SSL) for\r\naccessing CardDAV. A downgrade issue caused Address Book to attempt\r\nan unencrypted connection if an encrypted connection failed. An\r\nattacker in a privileged network position could abuse this behavior\r\nto intercept CardDAV data. This issue is addressed by not downgrading\r\nto an unencrypted connection without user approval.\r\nCVE-ID\r\nCVE-2011-3444 : Bernard Desruisseaux of Oracle Corporation\r\n\r\nApache\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Multiple vulnerabilities in Apache\r\nDescription: Apache is updated to version 2.2.21 to address several\r\nvulnerabilities, the most serious of which may lead to a denial of\r\nservice. Further information is available via the Apache web site at\r\nhttp://httpd.apache.org/\r\nCVE-ID\r\nCVE-2011-3348\r\n\r\nApache\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There are known attacks on the confidentiality of SSL\r\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode.\r\nApache disabled the 'empty fragment' countermeasure which prevented\r\nthese attacks. This issue is addressed by providing a configuration\r\nparameter to control the countermeasure and enabling it by default.\r\nCVE-ID\r\nCVE-2011-3389\r\n\r\nCFNetwork\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of malformed\r\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\r\nthe request to an incorrect origin server. This issue does not affect\r\nsystems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3246 : Erling Ellingsen of Facebook\r\n\r\nCFNetwork\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of malformed\r\nURLs. When accessing a maliciously crafted URL, CFNetwork could send\r\nunexpected request headers. This issue does not affect systems prior\r\nto OS X Lion.\r\nCVE-ID\r\nCVE-2011-3447 : Erling Ellingsen of Facebook\r\n\r\nColorSync\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted image with an embedded\r\nColorSync profile may lead to an unexpected application termination\r\nor arbitrary code execution\r\nDescription: An integer overflow existed in the handling of images\r\nwith an embedded ColorSync profile, which may lead to a heap buffer\r\noverflow. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-0200 : binaryproof working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreAudio\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Playing maliciously crafted audio content may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of AAC\r\nencoded audio streams. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3252 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nCoreMedia\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in CoreMedia's handling\r\nof H.264 encoded movie files.\r\nCVE-ID\r\nCVE-2011-3448 : Scott Stender of iSEC Partners\r\n\r\nCoreText\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing or downloading a document containing a maliciously\r\ncrafted embedded font may lead to an unexpected application\r\ntermination or arbitrary code execution\r\nDescription: A use after free issue existed in the handling of font\r\nfiles.\r\nCVE-ID\r\nCVE-2011-3449 : Will Dormann of the CERT/CC\r\n\r\nCoreUI\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Visiting a malicious website may lead to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: An unbounded stack allocation issue existed in the\r\nhandling of long URLs. This issue does not affect systems prior to OS\r\nX Lion.\r\nCVE-ID\r\nCVE-2011-3450 : Ben Syverson\r\n\r\ncurl\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: A remote server may be able to impersonate clients via\r\nGSSAPI requests\r\nDescription: When doing GSSAPI authentication, libcurl\r\nunconditionally performs credential delegation. This issue is\r\naddressed by disabling GSSAPI credential delegation.\r\nCVE-ID\r\nCVE-2011-2192\r\n\r\nData Security\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: An attacker with a privileged network position may intercept\r\nuser credentials or other sensitive information\r\nDescription: Two certificate authorities in the list of trusted root\r\ncertificates have independently issued intermediate certificates to\r\nDigiCert Malaysia. DigiCert Malaysia has issued certificates with\r\nweak keys that it is unable to revoke. An attacker with a privileged\r\nnetwork position could intercept user credentials or other sensitive\r\ninformation intended for a site with a certificate issued by DigiCert\r\nMalaysia. This issue is addressed by configuring default system trust\r\nsettings so that DigiCert Malaysia's certificates are not trusted. We\r\nwould like to acknowledge Bruce Morton of Entrust, Inc. for reporting\r\nthis issue.\r\n\r\ndovecot\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There are known attacks on the confidentiality of SSL\r\n3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode.\r\nDovecot disabled the 'empty fragment' countermeasure which prevented\r\nthese attacks. This issue is addressed by enabling the\r\ncountermeasure.\r\nCVE-ID\r\nCVE-2011-3389 : Apple\r\n\r\nfilecmds\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Decompressing a maliciously crafted compressed file may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the 'uncompress' command\r\nline tool.\r\nCVE-ID\r\nCVE-2011-2895\r\n\r\nImageIO\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted TIFF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in ImageIO's handling of\r\nCCITT Group 4 encoded TIFF files. This issue does not affect OS X\r\nLion systems.\r\nCVE-ID\r\nCVE-2011-0241 : Cyril CATTIAUX of Tessi Technologies\r\n\r\nImageIO\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted TIFF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in libtiff's handling of\r\nThunderScan encoded TIFF images. This issue is address by updating\r\nlibtiff to version 3.9.5.\r\nCVE-ID\r\nCVE-2011-1167\r\n\r\nImageIO\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Multiple vulnerabilities in libpng 1.5.4\r\nDescription: libpng is updated to version 1.5.5 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-3328\r\n\r\nInternet Sharing\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: A Wi-Fi network created by Internet Sharing may lose\r\nsecurity settings after a system update\r\nDescription: After updating to a version of OS X Lion prior to\r\n10.7.3, the Wi-Fi configuration used by Internet Sharing may revert\r\nto factory defaults, which disables the WEP password. This issue only\r\naffects systems with Internet Sharing enabled and sharing the\r\nconnection to Wi-Fi. This issue is addressed by preserving the Wi-Fi\r\nconfiguration during a system update.\r\nCVE-ID\r\nCVE-2011-3452 : an anonymous researcher\r\n\r\nLibinfo\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in Libinfo's handling of hostname\r\nlookup requests. Libinfo could return incorrect results for a\r\nmaliciously crafted hostname. This issue does not affect systems\r\nprior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3441 : Erling Ellingsen of Facebook\r\n\r\nlibresolv\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Applications that use OS X's libresolv library may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer overflow existed in the parsing of DNS\r\nresource records, which may lead to heap memory corruption.\r\nCVE-ID\r\nCVE-2011-3453 : Ilja van Sprundel of IOActive\r\n\r\nlibsecurity\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Some EV certificates may be trusted even if the\r\ncorresponding root has been marked as untrusted\r\nDescription: The certificate code trusted a root certificate to sign\r\nEV certificates if it was on the list of known EV issuers, even if\r\nthe user had marked it as 'Never Trust' in Keychain. The root would\r\nnot be trusted to sign non-EV certificates.\r\nCVE-ID\r\nCVE-2011-3422 : Alastair Houghton\r\n\r\nOpenGL\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Applications that use OS X's OpenGL implementation may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of GLSL compilation.\r\nCVE-ID\r\nCVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and\r\nMarc Schoenefeld of the Red Hat Security Response Team\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Multiple vulnerabilities in PHP 5.3.6\r\nDescription: PHP is updated to version 5.3.8 to address several\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the PHP web site at\r\nhttp://www.php.net\r\nCVE-ID\r\nCVE-2011-1148\r\nCVE-2011-1657\r\nCVE-2011-1938\r\nCVE-2011-2202\r\nCVE-2011-2483\r\nCVE-2011-3182\r\nCVE-2011-3189\r\nCVE-2011-3267\r\nCVE-2011-3268\r\n\r\nPHP\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in FreeType's\r\nhandling of Type 1 fonts. This issue is addressed by updating\r\nFreeType to version 2.4.7. Further information is available via the\r\nFreeType site at http://www.freetype.org/\r\nCVE-ID\r\nCVE-2011-3256 : Apple\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Multiple vulnerabilities in libpng 1.5.4\r\nDescription: libpng is updated to version 1.5.5 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-3328\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Opening a maliciously crafted MP4 encoded file may lead to\r\nan unexpected application termination or arbitrary code execution\r\nDescription: An uninitialized memory access issue existed in the\r\nhandling of MP4 encoded files.\r\nCVE-ID\r\nCVE-2011-3458 : Luigi Auriemma and pa_kt both working with\r\nTippingPoint's Zero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A signedness issue existed in the handling of font\r\ntables embedded in QuickTime movie files.\r\nCVE-ID\r\nCVE-2011-3248 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An off by one buffer overflow existed in the handling\r\nof rdrf atoms in QuickTime movie files.\r\nCVE-ID\r\nCVE-2011-3459 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted JPEG2000 image file may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of JPEG2000\r\nfiles.\r\nCVE-ID\r\nCVE-2011-3250 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Processing a maliciously crafted PNG image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of PNG files.\r\nCVE-ID\r\nCVE-2011-3460 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of FLC\r\nencoded movie files\r\nCVE-ID\r\nCVE-2011-3249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nSquirrelMail\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in SquirrelMail\r\nDescription: SquirrelMail is updated to version 1.4.22 to address\r\nseveral vulnerabilities, the most serious of which is a cross-site\r\nscripting issue. This issue does not affect OS X Lion systems.\r\nFurther information is available via the SquirrelMail web site at\r\nhttp://www.SquirrelMail.org/\r\nCVE-ID\r\nCVE-2010-1637\r\nCVE-2010-2813\r\nCVE-2010-4554\r\nCVE-2010-4555\r\nCVE-2011-2023\r\n\r\nSubversion\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Accessing a Subversion repository may lead to the disclosure\r\nof sensitive information\r\nDescription: Subversion is updated to version 1.6.17 to address\r\nmultiple vulnerabilities, the most serious of which may lead to the\r\ndisclosure of sensitive information. Further information is available\r\nvia the Subversion web site at http://subversion.tigris.org/\r\nCVE-ID\r\nCVE-2011-1752\r\nCVE-2011-1783\r\nCVE-2011-1921\r\n\r\nTime Machine\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: A remote attacker may access new backups created by the\r\nuser's system\r\nDescription: The user may designate a remote AFP volume or Time\r\nCapsule to be used for Time Machine backups. Time Machine did not\r\nverify that the same device was being used for subsequent backup\r\noperations. An attacker who is able to spoof the remote volume could\r\ngain access to new backups created by the user's system. This issue\r\nis addressed by verifying the unique identifier associated with a\r\ndisk for backup operations.\r\nCVE-ID\r\nCVE-2011-3462 : Michael Roitzsch of the Technische Universitat\r\nDresden\r\n\r\nTomcat\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in Tomcat 6.0.32\r\nDescription: Tomcat is updated to version 6.0.33 to address multiple\r\nvulnerabilities, the most serious of which may lead to the disclosure\r\nof sensitive information. Tomcat is only provided on Mac OS X Server\r\nsystems. This issue does not affect OS X Lion systems. Further\r\ninformation is available via the Tomcat site at\r\nhttp://tomcat.apache.org/\r\nCVE-ID\r\nCVE-2011-2204\r\n\r\nWebDAV Sharing\r\nAvailable for: OS X Lion Server v10.7 to v10.7.2\r\nImpact: Local users may obtain system privileges\r\nDescription: An issue existed in WebDAV Sharing's handling of user\r\nauthentication. A user with a valid account on the server or one of\r\nits bound directories could cause the execution of arbitrary code\r\nwith system privileges. This issue does not affect systems prior to\r\nOS X Lion.\r\nCVE-ID\r\nCVE-2011-3463 : Gordon Davisson of Crywolf\r\n\r\nWebmail\r\nAvailable for: OS X Lion v10.7 to v10.7.2,\r\nOS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted e-mail message may lead to the\r\ndisclosure of message content\r\nDescription: A cross-site scripting vulnerability existed in the\r\nhandling of mail messages. This issue is addressed by updating\r\nRoundcube Webmail to version 0.6. This issue does not affect systems\r\nprior to OS X Lion. Further information is available via the\r\nRoundcube site at http://trac.roundcube.net/\r\nCVE-ID\r\nCVE-2011-2937\r\n\r\nX11\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 to v10.7.2, OS X Lion Server v10.7 to v10.7.2\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in FreeType's\r\nhandling of Type 1 fonts. This issue is addressed by updating\r\nFreeType to version 2.4.7. Further information is available via the\r\nFreeType site at http://www.freetype.org/\r\nCVE-ID\r\nCVE-2011-3256 : Apple\r\n\r\nOS X Lion v10.7.3 and Security Update 2012-001 may be obtained from\r\nthe Software Update pane in System Preferences, or Apple's Software\r\nDownloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nThe Software Update utility will present the update that applies\r\nto your system configuration. Only one is needed, either\r\nSecurity Update 2021-001 or OS X v10.7.3.\r\n\r\nFor OS X Lion v10.7.2\r\nThe download file is named: MacOSXUpd10.7.3.dmg\r\nIts SHA-1 digest is: 7102fe8f9f47286c45dfa35f6e84e7f730493a7c\r\n\r\nFor OS X Lion v10.7 and v10.7.1\r\nThe download file is named: MacOSXUpdCombo10.7.3.dmg\r\nIts SHA-1 digest is: 07dfce300f6801eb63d9ac13e0bec84e1862a16c\r\n\r\nFor OS X Lion Server v10.7.2\r\nThe download file is named: MacOSXServerUpd10.7.3.dmg\r\nIts SHA-1 digest is: 55a9571635d4ec088c142d68132d0d69fcb8867d\r\n\r\nFor OS X Lion Server v10.7 and v10.7.1\r\nThe download file is named: MacOSXServerUpdCombo10.7.3.dmg\r\nIts SHA-1 digest is: 2c87824f09734499ea166ea0617a3ac21ecf832b\r\n\r\nFor Mac OS X v10.6.8\r\nThe download file is named: SecUpd2012-001Snow.dmg\r\nIts SHA-1 digest is: 40875ee8cb609bbaefc8f421a9c34cc353db42b8\r\n\r\nFor Mac OS X Server v10.6.8\r\nThe download file is named: SecUpdSrvr2012-001.dmg\r\nIts SHA-1 digest is: 53b3ca5548001a9920aeabed4a034c6e4657fe20\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJPKYxNAAoJEGnF2JsdZQeeLiIIAMLhH2ipDFrhCsw/n4VDeF1V\r\nP6jSkGXC9tBBVMvw1Xq4c2ok4SI34bDfMlURAVR+dde/h6nIZR24aLQVoDLjJuIp\r\nRrO2dm1nQeozLJSx2NbxhVh54BucJdKp4xS1GkDNxkqcdh04RE9hRURXdKagnfGy\r\n9P8QQPOQmKAiWos/LYhCPDInMfrpVNvEVwP8MCDP15g6hylN4De/Oyt7ZshPshSf\r\nMnAFObfBTGX5KioVqTyfdlBkKUfdXHJux61QEFHn8eadX6+/6IuKbUvK9B0icc8E\r\npvbjOxQatFRps0KNWeIsKQc5i6iQoJhocAiIy6Y6LCuZQuSXCImY2RWXkVYzbWo=\r\n=c1eU\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2012-02-03T00:00:00", "published": "2012-02-03T00:00:00", "id": "SECURITYVULNS:DOC:27600", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27600", "title": "APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-27T10:55:17", "bulletinFamily": "scanner", "description": "Check for the Version of freetype", "modified": "2017-07-12T00:00:00", "published": "2011-08-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870467", "id": "OPENVAS:870467", "title": "RedHat Update for freetype RHSA-2011:1161-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2011:1161-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. These packages provide both the FreeType 1 and FreeType 2 font\n engines.\n\n A buffer overflow flaw was found in the way the FreeType library handled\n malformed font files compressed using UNIX compress. If a user loaded a\n specially-crafted compressed font file with an application linked against\n FreeType, it could cause the application to crash or, possibly, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2011-2895)\n \n Note: This issue only affects the FreeType 2 font engine.\n \n Users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. The X server must be restarted (log\n out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00011.html\");\n script_id(870467);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-18 14:57:45 +0200 (Thu, 18 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:1161-01\");\n script_cve_id(\"CVE-2011-2895\");\n script_name(\"RedHat Update for freetype RHSA-2011:1161-01\");\n\n script_summary(\"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~19.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~19.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~19.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~19.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~19.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:52", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2011-08-12T00:00:00", "id": "OPENVAS:1361412562310870465", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870465", "title": "RedHat Update for libXfont RHSA-2011:1154-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libXfont RHSA-2011:1154-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00007.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870465\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:1154-01\");\n script_cve_id(\"CVE-2011-2895\");\n script_name(\"RedHat Update for libXfont RHSA-2011:1154-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libXfont'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"libXfont on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The libXfont packages provide the X.Org libXfont runtime library. X.Org is\n an open source implementation of the X Window System.\n\n A buffer overflow flaw was found in the way the libXfont library, used by\n the X.Org server, handled malformed font files compressed using UNIX\n compress. A malicious, local user could exploit this issue to potentially\n execute arbitrary code with the privileges of the X.Org server.\n (CVE-2011-2895)\n\n Users of libXfont should upgrade to these updated packages, which contain a\n backported patch to resolve this issue. All running X.Org server instances\n must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libXfont\", rpm:\"libXfont~1.2.2~1.0.4.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libXfont-debuginfo\", rpm:\"libXfont-debuginfo~1.2.2~1.0.4.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libXfont-devel\", rpm:\"libXfont-devel~1.2.2~1.0.4.el5_7\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:50", "bulletinFamily": "scanner", "description": "The remote host is missing an update to libxfont\nannounced via advisory DSA 2293-1.", "modified": "2019-03-18T00:00:00", "published": "2011-09-21T00:00:00", "id": "OPENVAS:136141256231070229", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070229", "title": "Debian Security Advisory DSA 2293-1 (libxfont)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2293_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2293-1 (libxfont)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70229\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-21 05:47:11 +0200 (Wed, 21 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-2895\");\n script_name(\"Debian Security Advisory DSA 2293-1 (libxfont)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202293-1\");\n script_tag(name:\"insight\", value:\"Tomas Hoger found a buffer overflow in the X.Org libXfont library,\nwhich may allow for a local privilege escalation through crafted\nfont files.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.3-2.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.1-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.4-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your libxfont packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to libxfont\nannounced via advisory DSA 2293-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxfont-dev\", ver:\"1:1.3.3-2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxfont1\", ver:\"1:1.3.3-2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxfont1-dbg\", ver:\"1:1.3.3-2\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxfont-dev\", ver:\"1:1.4.1-3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxfont1\", ver:\"1:1.4.1-3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxfont1-dbg\", ver:\"1:1.4.1-3\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxfont1-udeb\", ver:\"1:1.4.1-2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:46", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-09-23T00:00:00", "id": "OPENVAS:1361412562310880993", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880993", "title": "CentOS Update for libXfont CESA-2011:1154 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libXfont CESA-2011:1154 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-September/017882.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880993\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:1154\");\n script_cve_id(\"CVE-2011-2895\");\n script_name(\"CentOS Update for libXfont CESA-2011:1154 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libXfont'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"libXfont on CentOS 5\");\n script_tag(name:\"insight\", value:\"The libXfont packages provide the X.Org libXfont runtime library. X.Org is\n an open source implementation of the X Window System.\n\n A buffer overflow flaw was found in the way the libXfont library, used by\n the X.Org server, handled malformed font files compressed using UNIX\n compress. A malicious, local user could exploit this issue to potentially\n execute arbitrary code with the privileges of the X.Org server.\n (CVE-2011-2895)\n\n Users of libXfont should upgrade to these updated packages, which contain a\n backported patch to resolve this issue. All running X.Org server instances\n must be restarted for the update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libXfont\", rpm:\"libXfont~1.2.2~1.0.4.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libXfont-devel\", rpm:\"libXfont-devel~1.2.2~1.0.4.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:34", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1191-1", "modified": "2017-12-01T00:00:00", "published": "2011-08-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840721", "id": "OPENVAS:840721", "title": "Ubuntu Update for libxfont USN-1191-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1191_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for libxfont USN-1191-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Tomas Hoger discovered that libXfont incorrectly handled certain malformed\n compressed fonts. An attacker could use a specially crafted font file to\n cause libXfont to crash, or possibly execute arbitrary code in order to\n gain privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1191-1\";\ntag_affected = \"libxfont on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1191-1/\");\n script_id(840721);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-18 14:57:45 +0200 (Thu, 18 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1191-1\");\n script_cve_id(\"CVE-2011-2895\");\n script_name(\"Ubuntu Update for libxfont USN-1191-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxfont1\", ver:\"1:1.4.2-1ubuntu0.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxfont1\", ver:\"1:1.4.1-1ubuntu0.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxfont1\", ver:\"1:1.4.3-2ubuntu0.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:41", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2011-08-18T00:00:00", "id": "OPENVAS:1361412562310870467", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870467", "title": "RedHat Update for freetype RHSA-2011:1161-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2011:1161-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-August/msg00011.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870467\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-18 14:57:45 +0200 (Thu, 18 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:1161-01\");\n script_cve_id(\"CVE-2011-2895\");\n script_name(\"RedHat Update for freetype RHSA-2011:1161-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_4\");\n script_tag(name:\"affected\", value:\"freetype on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. These packages provide both the FreeType 1 and FreeType 2 font\n engines.\n\n A buffer overflow flaw was found in the way the FreeType library handled\n malformed font files compressed using UNIX compress. If a user loaded a\n specially-crafted compressed font file with an application linked against\n FreeType, it could cause the application to crash or, possibly, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2011-2895)\n\n Note: This issue only affects the FreeType 2 font engine.\n\n Users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. The X server must be restarted (log\n out, then log back in) for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~19.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.1.9~19.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~19.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~19.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~19.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:21", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2011-1154", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122111", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122111", "title": "Oracle Linux Local Check: ELSA-2011-1154", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1154.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122111\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:18 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1154\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1154 - libXfont security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1154\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1154.html\");\n script_cve_id(\"CVE-2011-2895\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"libXfont\", rpm:\"libXfont~1.2.2~1.0.4.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libXfont-devel\", rpm:\"libXfont-devel~1.2.2~1.0.4.el5_7\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"libXfont\", rpm:\"libXfont~1.4.1~2.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libXfont-devel\", rpm:\"libXfont-devel~1.4.1~2.el6_1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:56:57", "bulletinFamily": "scanner", "description": "Check for the Version of freetype", "modified": "2018-01-01T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881438", "id": "OPENVAS:881438", "title": "CentOS Update for freetype CESA-2011:1161 centos4 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2011:1161 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"FreeType is a free, high-quality, portable font engine that can open and\n manage font files. It also loads, hints, and renders individual glyphs\n efficiently. These packages provide both the FreeType 1 and FreeType 2 font\n engines.\n\n A buffer overflow flaw was found in the way the FreeType library handled\n malformed font files compressed using UNIX compress. If a user loaded a\n specially-crafted compressed font file with an application linked against\n FreeType, it could cause the application to crash or, possibly, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2011-2895)\n \n Note: This issue only affects the FreeType 2 font engine.\n \n Users are advised to upgrade to these updated packages, which contain a\n backported patch to correct this issue. The X server must be restarted (log\n out, then log back in) for this update to take effect.\";\n\ntag_affected = \"freetype on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-August/017691.html\");\n script_id(881438);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:52:11 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-2895\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:1161\");\n script_name(\"CentOS Update for freetype CESA-2011:1161 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.1.9~19.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.1.9~19.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.1.9~19.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-utils\", rpm:\"freetype-utils~2.1.9~19.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:44", "bulletinFamily": "scanner", "description": "Check for the Version of libXfont", "modified": "2017-07-10T00:00:00", "published": "2011-09-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880993", "id": "OPENVAS:880993", "title": "CentOS Update for libXfont CESA-2011:1154 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libXfont CESA-2011:1154 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The libXfont packages provide the X.Org libXfont runtime library. X.Org is\n an open source implementation of the X Window System.\n\n A buffer overflow flaw was found in the way the libXfont library, used by\n the X.Org server, handled malformed font files compressed using UNIX\n compress. A malicious, local user could exploit this issue to potentially\n execute arbitrary code with the privileges of the X.Org server.\n (CVE-2011-2895)\n \n Users of libXfont should upgrade to these updated packages, which contain a\n backported patch to resolve this issue. All running X.Org server instances\n must be restarted for the update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libXfont on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-September/017882.html\");\n script_id(880993);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-23 16:39:49 +0200 (Fri, 23 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:1154\");\n script_cve_id(\"CVE-2011-2895\");\n script_name(\"CentOS Update for libXfont CESA-2011:1154 centos5 i386\");\n\n script_summary(\"Check for the Version of libXfont\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libXfont\", rpm:\"libXfont~1.2.2~1.0.4.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libXfont-devel\", rpm:\"libXfont-devel~1.2.2~1.0.4.el5_7\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:13:29", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-11:04.compress.asc", "modified": "2017-02-25T00:00:00", "published": "2011-10-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=70415", "id": "OPENVAS:70415", "title": "FreeBSD Security Advisory (FreeBSD-SA-11:04.compress.asc)", "type": "openvas", "sourceData": "#\n#ADV FreeBSD-SA-11:04.compress.asc\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from ADV FreeBSD-SA-11:04.compress.asc\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_insight = \"The compress utility reduces the size of files using adaptive Lempel-Ziv\ncoding, or LZW coding, a lossless data compression algorithm.\n\nBoth compress(1) and gzip(1) uses code derived from 4.3BSD compress(1).\n\nThe code used to decompress a file created by compress(1) does not do\nsufficient boundary checks on compressed code words, allowing reference\nbeyond the decompression table, which may result in a stack overflow or\nan infinite loop when the decompressor encounters a corrupted file.\";\ntag_solution = \"Upgrade your system to the appropriate stable release\nor security branch dated after the correction date\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-11:04.compress.asc\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-11:04.compress.asc\";\n\n\nif(description)\n{\n script_id(70415);\n script_version(\"$Revision: 5424 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-16 23:01:53 +0200 (Sun, 16 Oct 2011)\");\n script_cve_id(\"CVE-2011-2895\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Security Advisory (FreeBSD-SA-11:04.compress.asc)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdpatchlevel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\nif(patchlevelcmp(rel:\"7.4\", patchlevel:\"3\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"7.3\", patchlevel:\"7\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"8.2\", patchlevel:\"3\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"8.1\", patchlevel:\"5\")<0) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-08-22T02:26:28", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2293-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nAugust 12, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxfont\nVulnerability : buffer overflow\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2011-2895 \n\nTomas Hoger found a buffer overflow in the X.Org libXfont library,\nwhich may allow for a local privilege escalation through crafted\nfont files.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.3-2.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.1-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.4-1.\n\nWe recommend that you upgrade your libxfont packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2011-08-12T14:15:46", "published": "2011-08-12T14:15:46", "id": "DEBIAN:DSA-2293-1:771F2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00167.html", "title": "[SECURITY] [DSA 2293-1] libxfont security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:54", "bulletinFamily": "unix", "description": "[1.4.1-2]\n- cve-2011-2895.patch: LZW decompression heap corruption", "modified": "2011-08-11T00:00:00", "published": "2011-08-11T00:00:00", "id": "ELSA-2011-1154", "href": "http://linux.oracle.com/errata/ELSA-2011-1154.html", "title": "libXfont security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:38", "bulletinFamily": "unix", "description": "[2.1.9-19.el4]\n- Add freetype-2.1.9-CVE-2011-2895.patch\n (Prevent stackp to overflow.)\n- Resolves: #729317", "modified": "2011-08-15T00:00:00", "published": "2011-08-15T00:00:00", "id": "ELSA-2011-1161", "href": "http://linux.oracle.com/errata/ELSA-2011-1161.html", "title": "freetype security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:28", "bulletinFamily": "unix", "description": "[6.8.2-1.0.1.EL.69]\n- Add Enterprise Linux detection\n- Add XFree86-4.3.0-oracle-bug-report-address-update.patch\n[6.8.2-1.EL.69]\n- cve-2011-2895.patch: Prevent heap corruption/infinite loop (#725760)", "modified": "2011-08-12T00:00:00", "published": "2011-08-12T00:00:00", "id": "ELSA-2011-1155", "href": "http://linux.oracle.com/errata/ELSA-2011-1155.html", "title": "xorg-x11 security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-11-03T12:17:43", "bulletinFamily": "scanner", "description": "Specially crafted font files could cause a buffer overflow in\napplications that use libXfont to load such files (CVE-2011-2895).", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_4_LIBPCIACCESS0-110905.NASL", "href": "https://www.tenable.com/plugins/nessus/75910", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libpciaccess0 (openSUSE-SU-2011:1299-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libpciaccess0-5102.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75910);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:42\");\n\n script_cve_id(\"CVE-2011-2895\");\n\n script_name(english:\"openSUSE Security Update : libpciaccess0 (openSUSE-SU-2011:1299-1)\");\n script_summary(english:\"Check for the libpciaccess0-5102 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted font files could cause a buffer overflow in\napplications that use libXfont to load such files (CVE-2011-2895).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=709851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-12/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpciaccess0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpciaccess0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpciaccess0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpciaccess0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpciaccess0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpciaccess0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-libs-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpciaccess0-7.6-17.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpciaccess0-debuginfo-7.6-17.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libpciaccess0-devel-7.6-17.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xorg-x11-devel-7.6-17.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xorg-x11-libs-7.6-17.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xorg-x11-libs-debuginfo-7.6-17.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"xorg-x11-libs-debugsource-7.6-17.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libpciaccess0-32bit-7.6-17.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libpciaccess0-debuginfo-32bit-7.6-17.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"xorg-x11-devel-32bit-7.6-17.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"xorg-x11-libs-32bit-7.6-17.18.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"xorg-x11-libs-debuginfo-32bit-7.6-17.18.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpciaccess0 / libpciaccess0-32bit / libpciaccess0-devel / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:17:39", "bulletinFamily": "scanner", "description": "Specially crafted font files could cause a buffer overflow in\napplications that use libXfont to load such files (CVE-2011-2895).", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_3_LIBPCIACCESS0-110905.NASL", "href": "https://www.tenable.com/plugins/nessus/75600", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libpciaccess0 (openSUSE-SU-2011:1299-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libpciaccess0-5102.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75600);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:41\");\n\n script_cve_id(\"CVE-2011-2895\");\n\n script_name(english:\"openSUSE Security Update : libpciaccess0 (openSUSE-SU-2011:1299-1)\");\n script_summary(english:\"Check for the libpciaccess0-5102 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted font files could cause a buffer overflow in\napplications that use libXfont to load such files (CVE-2011-2895).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=709851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-12/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpciaccess0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpciaccess0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpciaccess0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpciaccess0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libpciaccess0-7.5-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libpciaccess0-devel-7.5-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"xorg-x11-devel-7.5-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"xorg-x11-libs-7.5-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libpciaccess0-32bit-7.5-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"xorg-x11-devel-32bit-7.5-4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"xorg-x11-libs-32bit-7.5-4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpciaccess0 / libpciaccess0-32bit / libpciaccess0-devel / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:30:13", "bulletinFamily": "scanner", "description": "The following bug has been fixed :\n\n - Specially crafted font files could have caused a buffer\n overflow in applications that use libXfont to load such\n files. (CVE-2011-2895)", "modified": "2019-11-02T00:00:00", "id": "SUSE_XORG-X11-7759.NASL", "href": "https://www.tenable.com/plugins/nessus/57269", "published": "2011-12-13T00:00:00", "title": "SuSE 10 Security Update : Xorg-X11 (ZYPP Patch Number 7759)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57269);\n script_version (\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:44\");\n\n script_cve_id(\"CVE-2011-2895\");\n\n script_name(english:\"SuSE 10 Security Update : Xorg-X11 (ZYPP Patch Number 7759)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following bug has been fixed :\n\n - Specially crafted font files could have caused a buffer\n overflow in applications that use libXfont to load such\n files. (CVE-2011-2895)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2895.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7759.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xorg-x11-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xorg-x11-Xnest-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xorg-x11-Xvfb-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xorg-x11-Xvnc-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xorg-x11-devel-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xorg-x11-fonts-100dpi-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xorg-x11-fonts-75dpi-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xorg-x11-fonts-cyrillic-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xorg-x11-fonts-scalable-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xorg-x11-fonts-syriac-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xorg-x11-libs-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xorg-x11-man-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xorg-x11-server-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"xorg-x11-server-glx-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"xorg-x11-devel-32bit-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"xorg-x11-libs-32bit-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xorg-x11-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xorg-x11-Xnest-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xorg-x11-Xvfb-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xorg-x11-Xvnc-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xorg-x11-devel-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xorg-x11-doc-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xorg-x11-fonts-100dpi-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xorg-x11-fonts-75dpi-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xorg-x11-fonts-cyrillic-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xorg-x11-fonts-scalable-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xorg-x11-fonts-syriac-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xorg-x11-libs-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xorg-x11-man-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xorg-x11-sdk-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xorg-x11-server-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"xorg-x11-server-glx-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"xorg-x11-devel-32bit-6.9.0-50.76.4\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"xorg-x11-libs-32bit-6.9.0-50.76.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:12:54", "bulletinFamily": "scanner", "description": "The libXfont packages provide the X.Org libXfont runtime library.\nX.Org is an open source implementation of the X Window System.\n\nA buffer overflow flaw was found in the way the libXfont library, used\nby the X.Org server, handled malformed font files compressed using\nUNIX compress. A malicious, local user could exploit this issue to\npotentially execute arbitrary code with the privileges of the X.Org\nserver. (CVE-2011-2895)\n\nUsers of libXfont should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running X.Org\nserver instances must be restarted for the update to take effect.", "modified": "2019-11-02T00:00:00", "id": "SL_20110811_LIBXFONT_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61108", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : libXfont on SL5.x, SL6.x i386/x86_64", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61108);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:20\");\n\n script_cve_id(\"CVE-2011-2895\");\n\n script_name(english:\"Scientific Linux Security Update : libXfont on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The libXfont packages provide the X.Org libXfont runtime library.\nX.Org is an open source implementation of the X Window System.\n\nA buffer overflow flaw was found in the way the libXfont library, used\nby the X.Org server, handled malformed font files compressed using\nUNIX compress. A malicious, local user could exploit this issue to\npotentially execute arbitrary code with the privileges of the X.Org\nserver. (CVE-2011-2895)\n\nUsers of libXfont should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running X.Org\nserver instances must be restarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=1404\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?110fac37\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libXfont and / or libXfont-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"libXfont-1.2.2-1.0.4.el5_7\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libXfont-devel-1.2.2-1.0.4.el5_7\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"libXfont-1.4.1-2.el6_1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libXfont-devel-1.4.1-2.el6_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:14:19", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2011:1155 :\n\nUpdated xorg-x11 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon. These xorg-x11 packages also\nprovide the X.Org libXfont runtime library.\n\nA buffer overflow flaw was found in the way the libXfont library, used\nby the X.Org server, handled malformed font files compressed using\nUNIX compress. A malicious, local user could exploit this issue to\npotentially execute arbitrary code with the privileges of the X.Org\nserver. (CVE-2011-2895)\n\nUsers of xorg-x11 should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running X.Org\nserver instances must be restarted for the update to take effect.", "modified": "2019-11-02T00:00:00", "id": "ORACLELINUX_ELSA-2011-1155.NASL", "href": "https://www.tenable.com/plugins/nessus/68323", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : xorg-x11 (ELSA-2011-1155)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1155 and \n# Oracle Linux Security Advisory ELSA-2011-1155 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68323);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:09\");\n\n script_cve_id(\"CVE-2011-2895\");\n script_bugtraq_id(49124);\n script_xref(name:\"RHSA\", value:\"2011:1155\");\n\n script_name(english:\"Oracle Linux 4 : xorg-x11 (ELSA-2011-1155)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1155 :\n\nUpdated xorg-x11 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon. These xorg-x11 packages also\nprovide the X.Org libXfont runtime library.\n\nA buffer overflow flaw was found in the way the libXfont library, used\nby the X.Org server, handled malformed font files compressed using\nUNIX compress. A malicious, local user could exploit this issue to\npotentially execute arbitrary code with the privileges of the X.Org\nserver. (CVE-2011-2895)\n\nUsers of xorg-x11 should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running X.Org\nserver instances must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-August/002277.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xorg-x11 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-Mesa-libGL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-Mesa-libGLU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-deprecated-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-deprecated-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-font-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-twm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-xauth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-xdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-xfs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"xorg-x11-6.8.2-1.0.1.EL.69\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"xorg-x11-Mesa-libGL-6.8.2-1.0.1.EL.69\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"xorg-x11-Mesa-libGLU-6.8.2-1.0.1.EL.69\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"xorg-x11-Xdmx-6.8.2-1.0.1.EL.69\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"xorg-x11-Xnest-6.8.2-1.0.1.EL.69\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"xorg-x11-Xvfb-6.8.2-1.0.1.EL.69\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"xorg-x11-deprecated-libs-6.8.2-1.0.1.EL.69\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"xorg-x11-deprecated-libs-devel-6.8.2-1.0.1.EL.69\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"xorg-x11-devel-6.8.2-1.0.1.EL.69\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"xorg-x11-doc-6.8.2-1.0.1.EL.69\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"xorg-x11-font-utils-6.8.2-1.0.1.EL.69\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"xorg-x11-libs-6.8.2-1.0.1.EL.69\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"xorg-x11-sdk-6.8.2-1.0.1.EL.69\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"xorg-x11-tools-6.8.2-1.0.1.EL.69\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"xorg-x11-twm-6.8.2-1.0.1.EL.69\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"xorg-x11-xauth-6.8.2-1.0.1.EL.69\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"xorg-x11-xdm-6.8.2-1.0.1.EL.69\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"xorg-x11-xfs-6.8.2-1.0.1.EL.69\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11 / xorg-x11-Mesa-libGL / xorg-x11-Mesa-libGLU / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:12:54", "bulletinFamily": "scanner", "description": "X.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon. These xorg-x11 packages also\nprovide the X.Org libXfont runtime library.\n\nA buffer overflow flaw was found in the way the libXfont library, used\nby the X.Org server, handled malformed font files compressed using\nUNIX compress. A malicious, local user could exploit this issue to\npotentially execute arbitrary code with the privileges of the X.Org\nserver. (CVE-2011-2895)\n\nUsers of xorg-x11 should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running X.Org\nserver instances must be restarted for the update to take effect.", "modified": "2019-11-02T00:00:00", "id": "SL_20110811_XORG_X11_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61109", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61109);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:20\");\n\n script_cve_id(\"CVE-2011-2895\");\n\n script_name(english:\"Scientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"X.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon. These xorg-x11 packages also\nprovide the X.Org libXfont runtime library.\n\nA buffer overflow flaw was found in the way the libXfont library, used\nby the X.Org server, handled malformed font files compressed using\nUNIX compress. A malicious, local user could exploit this issue to\npotentially execute arbitrary code with the privileges of the X.Org\nserver. (CVE-2011-2895)\n\nUsers of xorg-x11 should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running X.Org\nserver instances must be restarted for the update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1108&L=scientific-linux-errata&T=0&P=1537\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22cfcd5c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"xorg-x11-6.8.2-1.EL.69\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"xorg-x11-Mesa-libGL-6.8.2-1.EL.69\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"xorg-x11-Mesa-libGLU-6.8.2-1.EL.69\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"xorg-x11-Xdmx-6.8.2-1.EL.69\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"xorg-x11-Xnest-6.8.2-1.EL.69\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"xorg-x11-Xvfb-6.8.2-1.EL.69\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"xorg-x11-deprecated-libs-6.8.2-1.EL.69\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"xorg-x11-devel-6.8.2-1.EL.69\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"xorg-x11-doc-6.8.2-1.EL.69\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"xorg-x11-font-utils-6.8.2-1.EL.69\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"xorg-x11-libs-6.8.2-1.EL.69\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"xorg-x11-sdk-6.8.2-1.EL.69\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"xorg-x11-tools-6.8.2-1.EL.69\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"xorg-x11-twm-6.8.2-1.EL.69\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"xorg-x11-xauth-6.8.2-1.EL.69\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"xorg-x11-xdm-6.8.2-1.EL.69\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"xorg-x11-xfs-6.8.2-1.EL.69\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:21:09", "bulletinFamily": "scanner", "description": "Tomas Hoger found a buffer overflow in the X.Org libXfont library,\nwhich may allow for a local privilege escalation through crafted font\nfiles.", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-2293.NASL", "href": "https://www.tenable.com/plugins/nessus/55841", "published": "2011-08-15T00:00:00", "title": "Debian DSA-2293-1 : libxfont - buffer overflow", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2293. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55841);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2011-2895\");\n script_bugtraq_id(49124);\n script_xref(name:\"DSA\", value:\"2293\");\n\n script_name(english:\"Debian DSA-2293-1 : libxfont - buffer overflow\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tomas Hoger found a buffer overflow in the X.Org libXfont library,\nwhich may allow for a local privilege escalation through crafted font\nfiles.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/libxfont\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2293\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libxfont packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.3-2.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.1-3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxfont\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libxfont\", reference:\"1.3.3-2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxfont-dev\", reference:\"1.4.1-3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxfont1\", reference:\"1.4.1-3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxfont1-dbg\", reference:\"1.4.1-3\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxfont1-udeb\", reference:\"1.4.1-3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T02:37:23", "bulletinFamily": "scanner", "description": "Tomas Hoger reports :\n\nThe compress/ LZW decompress implentation does not correctly handle\ncompressed streams that contain code words that were not yet added to\nthe decompression table. This may lead to arbitrary memory corruption.\nSuccessfull exploitation may possible lead to a local privilege\nescalation.", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_304409C3C3EF11E08AA5485D60CB5385.NASL", "href": "https://www.tenable.com/plugins/nessus/55821", "published": "2011-08-12T00:00:00", "title": "FreeBSD : libXfont -- possible local privilege escalation (304409c3-c3ef-11e0-8aa5-485d60cb5385)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55821);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/08/02 13:32:40\");\n\n script_cve_id(\"CVE-2011-2895\");\n\n script_name(english:\"FreeBSD : libXfont -- possible local privilege escalation (304409c3-c3ef-11e0-8aa5-485d60cb5385)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tomas Hoger reports :\n\nThe compress/ LZW decompress implentation does not correctly handle\ncompressed streams that contain code words that were not yet added to\nthe decompression table. This may lead to arbitrary memory corruption.\nSuccessfull exploitation may possible lead to a local privilege\nescalation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=725760\"\n );\n # https://vuxml.freebsd.org/freebsd/304409c3-c3ef-11e0-8aa5-485d60cb5385.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c65b61d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libXfont\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libXfont<1.4.4_1,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:20:32", "bulletinFamily": "scanner", "description": "Updated libXfont packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe libXfont packages provide the X.Org libXfont runtime library.\nX.Org is an open source implementation of the X Window System.\n\nA buffer overflow flaw was found in the way the libXfont library, used\nby the X.Org server, handled malformed font files compressed using\nUNIX compress. A malicious, local user could exploit this issue to\npotentially execute arbitrary code with the privileges of the X.Org\nserver. (CVE-2011-2895)\n\nUsers of libXfont should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running X.Org\nserver instances must be restarted for the update to take effect.", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2011-1154.NASL", "href": "https://www.tenable.com/plugins/nessus/55824", "published": "2011-08-12T00:00:00", "title": "RHEL 5 / 6 : libXfont (RHSA-2011:1154)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1154. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55824);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2019/10/25 13:36:16\");\n\n script_cve_id(\"CVE-2011-2895\");\n script_bugtraq_id(49124);\n script_xref(name:\"RHSA\", value:\"2011:1154\");\n\n script_name(english:\"RHEL 5 / 6 : libXfont (RHSA-2011:1154)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libXfont packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe libXfont packages provide the X.Org libXfont runtime library.\nX.Org is an open source implementation of the X Window System.\n\nA buffer overflow flaw was found in the way the libXfont library, used\nby the X.Org server, handled malformed font files compressed using\nUNIX compress. A malicious, local user could exploit this issue to\npotentially execute arbitrary code with the privileges of the X.Org\nserver. (CVE-2011-2895)\n\nUsers of libXfont should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running X.Org\nserver instances must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1154\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libXfont, libXfont-debuginfo and / or\nlibXfont-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libXfont\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libXfont-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libXfont-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1154\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"libXfont-1.2.2-1.0.4.el5_7\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"libXfont-devel-1.2.2-1.0.4.el5_7\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"libXfont-1.4.1-2.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libXfont-debuginfo-1.4.1-2.el6_1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libXfont-devel-1.4.1-2.el6_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libXfont / libXfont-debuginfo / libXfont-devel\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:20:32", "bulletinFamily": "scanner", "description": "Updated xorg-x11 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon. These xorg-x11 packages also\nprovide the X.Org libXfont runtime library.\n\nA buffer overflow flaw was found in the way the libXfont library, used\nby the X.Org server, handled malformed font files compressed using\nUNIX compress. A malicious, local user could exploit this issue to\npotentially execute arbitrary code with the privileges of the X.Org\nserver. (CVE-2011-2895)\n\nUsers of xorg-x11 should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running X.Org\nserver instances must be restarted for the update to take effect.", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2011-1155.NASL", "href": "https://www.tenable.com/plugins/nessus/55825", "published": "2011-08-12T00:00:00", "title": "RHEL 4 : xorg-x11 (RHSA-2011:1155)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1155. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55825);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2019/10/25 13:36:16\");\n\n script_cve_id(\"CVE-2011-2895\");\n script_bugtraq_id(49124);\n script_xref(name:\"RHSA\", value:\"2011:1155\");\n\n script_name(english:\"RHEL 4 : xorg-x11 (RHSA-2011:1155)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xorg-x11 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon. These xorg-x11 packages also\nprovide the X.Org libXfont runtime library.\n\nA buffer overflow flaw was found in the way the libXfont library, used\nby the X.Org server, handled malformed font files compressed using\nUNIX compress. A malicious, local user could exploit this issue to\npotentially execute arbitrary code with the privileges of the X.Org\nserver. (CVE-2011-2895)\n\nUsers of xorg-x11 should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running X.Org\nserver instances must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1155\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Mesa-libGL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Mesa-libGLU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-deprecated-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-deprecated-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-font-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-twm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-xauth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-xdm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-xfs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1155\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"xorg-x11-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xorg-x11-Mesa-libGL-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xorg-x11-Mesa-libGLU-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xorg-x11-Xdmx-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xorg-x11-Xnest-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xorg-x11-Xvfb-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xorg-x11-deprecated-libs-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xorg-x11-deprecated-libs-devel-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xorg-x11-devel-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"xorg-x11-doc-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"xorg-x11-doc-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xorg-x11-font-utils-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xorg-x11-libs-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"xorg-x11-sdk-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"xorg-x11-sdk-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xorg-x11-tools-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xorg-x11-twm-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xorg-x11-xauth-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xorg-x11-xdm-6.8.2-1.EL.69\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"xorg-x11-xfs-6.8.2-1.EL.69\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11 / xorg-x11-Mesa-libGL / xorg-x11-Mesa-libGLU / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:34:46", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2011:1155\n\n\nX.Org is an open source implementation of the X Window System. It provides\nthe basic low-level functionality that full-fledged graphical user\ninterfaces are designed upon. These xorg-x11 packages also provide the\nX.Org libXfont runtime library.\n\nA buffer overflow flaw was found in the way the libXfont library, used by\nthe X.Org server, handled malformed font files compressed using UNIX\ncompress. A malicious, local user could exploit this issue to potentially\nexecute arbitrary code with the privileges of the X.Org server.\n(CVE-2011-2895)\n\nUsers of xorg-x11 should upgrade to these updated packages, which contain\na backported patch to resolve this issue. All running X.Org server\ninstances must be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-August/017661.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-August/017662.html\n\n**Affected packages:**\nxorg-x11\nxorg-x11-Mesa-libGL\nxorg-x11-Mesa-libGLU\nxorg-x11-Xdmx\nxorg-x11-Xnest\nxorg-x11-Xvfb\nxorg-x11-deprecated-libs\nxorg-x11-deprecated-libs-devel\nxorg-x11-devel\nxorg-x11-doc\nxorg-x11-font-utils\nxorg-x11-libs\nxorg-x11-sdk\nxorg-x11-tools\nxorg-x11-twm\nxorg-x11-xauth\nxorg-x11-xdm\nxorg-x11-xfs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1155.html", "modified": "2011-08-14T16:11:36", "published": "2011-08-14T16:09:20", "href": "http://lists.centos.org/pipermail/centos-announce/2011-August/017661.html", "id": "CESA-2011:1155", "title": "xorg security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:12", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2011:1161\n\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide both the FreeType 1 and FreeType 2 font\nengines.\n\nA buffer overflow flaw was found in the way the FreeType library handled\nmalformed font files compressed using UNIX compress. If a user loaded a\nspecially-crafted compressed font file with an application linked against\nFreeType, it could cause the application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2011-2895)\n\nNote: This issue only affects the FreeType 2 font engine.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct this issue. The X server must be restarted (log\nout, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-August/017690.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-August/017691.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\nfreetype-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1161.html", "modified": "2011-08-16T09:03:17", "published": "2011-08-16T09:02:42", "href": "http://lists.centos.org/pipermail/centos-announce/2011-August/017690.html", "id": "CESA-2011:1161", "title": "freetype security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:21", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2011:1154\n\n\nThe libXfont packages provide the X.Org libXfont runtime library. X.Org is\nan open source implementation of the X Window System.\n\nA buffer overflow flaw was found in the way the libXfont library, used by\nthe X.Org server, handled malformed font files compressed using UNIX\ncompress. A malicious, local user could exploit this issue to potentially\nexecute arbitrary code with the privileges of the X.Org server.\n(CVE-2011-2895)\n\nUsers of libXfont should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. All running X.Org server instances\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/017882.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-September/017883.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/000224.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2011-September/000225.html\n\n**Affected packages:**\nlibXfont\nlibXfont-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1154.html", "modified": "2011-09-22T06:00:54", "published": "2011-09-02T12:41:15", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2011-September/000224.html", "id": "CESA-2011:1154", "title": "libXfont security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T17:23:01", "bulletinFamily": "unix", "description": "Tomas Hoger discovered that libXfont incorrectly handled certain malformed compressed fonts. An attacker could use a specially crafted font file to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges.", "modified": "2011-08-15T00:00:00", "published": "2011-08-15T00:00:00", "id": "USN-1191-1", "href": "https://usn.ubuntu.com/1191-1/", "title": "libXfont vulnerability", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:03", "bulletinFamily": "unix", "description": "### Background\n\nlibXfont is an X11 font rasterisation library.\n\n### Description\n\nMultiple vulnerabilities have been discovered in libXfont. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local attacker could use a specially crafted file to gain privileges or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libXfont users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/libXfont-1.4.7 \"", "modified": "2014-02-21T00:00:00", "published": "2014-02-21T00:00:00", "id": "GLSA-201402-23", "href": "https://security.gentoo.org/glsa/201402-23", "type": "gentoo", "title": "libXfont: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
