Mandrake Linux Security Advisory : XFree86 (MDKSA-2003:089)

2004-07-3100:00:00

www.tenable.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.059 Low

EPSS

Percentile

93.5%

JSON

Several vulnerabilities were discovered by blexim(at)hush.com in the font libraries of XFree86 version 4.3.0 and earlier. These bugs could potentially lead to execution of arbitrary code or a DoS by a remote user in any way that calls these functions, which are related to the transfer and enumeration of fonts from font servers to clients.

As well, some bugs were fixed in XFree86 as released with Mandrake Linux 9.2, specifically a problem where X would freeze with a black screen at logout or shutdown with DRI enabled on certain ATI Radeon cards.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2003:089. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14071);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2003-0730");
  script_xref(name:"MDKSA", value:"2003:089");

  script_name(english:"Mandrake Linux Security Advisory : XFree86 (MDKSA-2003:089)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities were discovered by blexim(at)hush.com in the
font libraries of XFree86 version 4.3.0 and earlier. These bugs could
potentially lead to execution of arbitrary code or a DoS by a remote
user in any way that calls these functions, which are related to the
transfer and enumeration of fonts from font servers to clients.

As well, some bugs were fixed in XFree86 as released with Mandrake
Linux 9.2, specifically a problem where X would freeze with a black
screen at logout or shutdown with DRI enabled on certain ATI Radeon
cards."
  );
  # http://marc.theaimsgroup.com/?l=bugtraq&m=106229335312429&w=2
  script_set_attribute(
    attribute:"see_also",
    value:"https://marc.info/?l=bugtraq&m=106229335312429&w=2"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:X11R6-contrib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-100dpi-fonts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-75dpi-fonts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-Xnest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-Xvfb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-cyrillic-fonts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-glide-module");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-static-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-xfs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/09/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"X11R6-contrib-4.2.1-3.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"XFree86-4.2.1-3.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"XFree86-100dpi-fonts-4.2.1-3.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"XFree86-75dpi-fonts-4.2.1-3.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"XFree86-Xnest-4.2.1-3.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"XFree86-Xvfb-4.2.1-3.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"XFree86-cyrillic-fonts-4.2.1-3.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"XFree86-devel-4.2.1-3.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"XFree86-doc-4.2.1-3.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"XFree86-glide-module-4.2.1-3.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"XFree86-libs-4.2.1-3.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"XFree86-server-4.2.1-3.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"XFree86-static-libs-4.2.1-3.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"XFree86-xfs-4.2.1-3.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"X11R6-contrib-4.3-8.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"XFree86-4.3-8.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"XFree86-100dpi-fonts-4.3-8.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"XFree86-75dpi-fonts-4.3-8.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"XFree86-Xnest-4.3-8.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"XFree86-Xvfb-4.3-8.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"XFree86-cyrillic-fonts-4.3-8.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"XFree86-devel-4.3-8.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"XFree86-doc-4.3-8.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"XFree86-glide-module-4.3-8.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"XFree86-libs-4.3-8.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"XFree86-server-4.3-8.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"XFree86-static-libs-4.3-8.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"XFree86-xfs-4.3-8.2mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
mandrivalinuxx11r6-contribp-cpe:/a:mandriva:linux:x11r6-contrib
mandrivalinuxxfree86p-cpe:/a:mandriva:linux:xfree86
mandrivalinuxxfree86-100dpi-fontsp-cpe:/a:mandriva:linux:xfree86-100dpi-fonts
mandrivalinuxxfree86-75dpi-fontsp-cpe:/a:mandriva:linux:xfree86-75dpi-fonts
mandrivalinuxxfree86-xnestp-cpe:/a:mandriva:linux:xfree86-xnest
mandrivalinuxxfree86-xvfbp-cpe:/a:mandriva:linux:xfree86-xvfb
mandrivalinuxxfree86-cyrillic-fontsp-cpe:/a:mandriva:linux:xfree86-cyrillic-fonts
mandrivalinuxxfree86-develp-cpe:/a:mandriva:linux:xfree86-devel
mandrivalinuxxfree86-docp-cpe:/a:mandriva:linux:xfree86-doc
mandrivalinuxxfree86-glide-modulep-cpe:/a:mandriva:linux:xfree86-glide-module

Vendor	Product	Version	CPE
mandriva	linux	x11r6-contrib	p-cpe:/a:mandriva:linux:x11r6-contrib
mandriva	linux	xfree86	p-cpe:/a:mandriva:linux:xfree86
mandriva	linux	xfree86-100dpi-fonts	p-cpe:/a:mandriva:linux:xfree86-100dpi-fonts
mandriva	linux	xfree86-75dpi-fonts	p-cpe:/a:mandriva:linux:xfree86-75dpi-fonts
mandriva	linux	xfree86-xnest	p-cpe:/a:mandriva:linux:xfree86-xnest
mandriva	linux	xfree86-xvfb	p-cpe:/a:mandriva:linux:xfree86-xvfb
mandriva	linux	xfree86-cyrillic-fonts	p-cpe:/a:mandriva:linux:xfree86-cyrillic-fonts
mandriva	linux	xfree86-devel	p-cpe:/a:mandriva:linux:xfree86-devel
mandriva	linux	xfree86-doc	p-cpe:/a:mandriva:linux:xfree86-doc
mandriva	linux	xfree86-glide-module	p-cpe:/a:mandriva:linux:xfree86-glide-module