Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2005-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2005-164.NASL
HistoryOct 05, 2005 - 12:00 a.m.

Mandrake Linux Security Advisory : XFree86 (MDKSA-2005:164)

2005-10-0500:00:00
This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.
www.tenable.com
24

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.2%

JSON

A vulnerability was discovered in the pixmap allocation handling of the X server that can lead to local privilege escalation. By allocating a huge pixmap, a local user could trigger an integer overflow that resulted in a memory allocation that was too small for the requested pixmap, leading to a buffer overflow which could then be exploited to execute arbitrary code with full root privileges.

The updated packages have been patched to address these issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2005:164. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(19919);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2005-2495");
  script_xref(name:"MDKSA", value:"2005:164");

  script_name(english:"Mandrake Linux Security Advisory : XFree86 (MDKSA-2005:164)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability was discovered in the pixmap allocation handling of
the X server that can lead to local privilege escalation. By
allocating a huge pixmap, a local user could trigger an integer
overflow that resulted in a memory allocation that was too small for
the requested pixmap, leading to a buffer overflow which could then be
exploited to execute arbitrary code with full root privileges.

The updated packages have been patched to address these issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:X11R6-contrib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-100dpi-fonts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-75dpi-fonts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-Xnest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-Xvfb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-cyrillic-fonts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-glide-module");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:XFree86-xfs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xfree86");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xfree86-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xfree86-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xorg-x11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xorg-x11-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64xorg-x11-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxfree86");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxfree86-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxfree86-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxorg-x11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxorg-x11-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libxorg-x11-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-100dpi-fonts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-75dpi-fonts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-Xdmx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-Xnest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-Xprt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-Xvfb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-cyrillic-fonts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-glide-module");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-xauth");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xorg-x11-xfs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/09/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.0", reference:"X11R6-contrib-4.3-32.5.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"XFree86-4.3-32.5.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"XFree86-100dpi-fonts-4.3-32.5.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"XFree86-75dpi-fonts-4.3-32.5.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"XFree86-Xnest-4.3-32.5.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"XFree86-Xvfb-4.3-32.5.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"XFree86-cyrillic-fonts-4.3-32.5.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"XFree86-doc-4.3-32.5.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"XFree86-glide-module-4.3-32.5.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"XFree86-server-4.3-32.5.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", reference:"XFree86-xfs-4.3-32.5.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64xfree86-4.3-32.5.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64xfree86-devel-4.3-32.5.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64xfree86-static-devel-4.3-32.5.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libxfree86-4.3-32.5.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libxfree86-devel-4.3-32.5.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libxfree86-static-devel-4.3-32.5.100mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK10.1", reference:"X11R6-contrib-6.7.0-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64xorg-x11-6.7.0-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64xorg-x11-devel-6.7.0-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64xorg-x11-static-devel-6.7.0-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libxorg-x11-6.7.0-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libxorg-x11-devel-6.7.0-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libxorg-x11-static-devel-6.7.0-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"xorg-x11-6.7.0-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"xorg-x11-100dpi-fonts-6.7.0-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"xorg-x11-75dpi-fonts-6.7.0-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"xorg-x11-Xnest-6.7.0-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"xorg-x11-Xvfb-6.7.0-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"xorg-x11-cyrillic-fonts-6.7.0-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"xorg-x11-doc-6.7.0-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"xorg-x11-glide-module-6.7.0-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"xorg-x11-server-6.7.0-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"xorg-x11-xfs-6.7.0-4.4.101mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK10.2", reference:"X11R6-contrib-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64xorg-x11-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64xorg-x11-devel-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64xorg-x11-static-devel-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libxorg-x11-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libxorg-x11-devel-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libxorg-x11-static-devel-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xorg-x11-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xorg-x11-100dpi-fonts-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xorg-x11-75dpi-fonts-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xorg-x11-Xdmx-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xorg-x11-Xnest-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xorg-x11-Xprt-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xorg-x11-Xvfb-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xorg-x11-cyrillic-fonts-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xorg-x11-doc-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"xorg-x11-glide-module-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xorg-x11-server-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xorg-x11-xauth-6.8.2-7.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"xorg-x11-xfs-6.8.2-7.2.102mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxx11r6-contribp-cpe:/a:mandriva:linux:x11r6-contrib
mandrivalinuxxfree86p-cpe:/a:mandriva:linux:xfree86
mandrivalinuxxfree86-100dpi-fontsp-cpe:/a:mandriva:linux:xfree86-100dpi-fonts
mandrivalinuxxfree86-75dpi-fontsp-cpe:/a:mandriva:linux:xfree86-75dpi-fonts
mandrivalinuxxfree86-xnestp-cpe:/a:mandriva:linux:xfree86-xnest
mandrivalinuxxfree86-xvfbp-cpe:/a:mandriva:linux:xfree86-xvfb
mandrivalinuxxfree86-cyrillic-fontsp-cpe:/a:mandriva:linux:xfree86-cyrillic-fonts
mandrivalinuxxfree86-docp-cpe:/a:mandriva:linux:xfree86-doc
mandrivalinuxxfree86-glide-modulep-cpe:/a:mandriva:linux:xfree86-glide-module
mandrivalinuxxfree86-serverp-cpe:/a:mandriva:linux:xfree86-server
Rows per page:
1-10 of 391

Related

ubuntu 1
centos 3
nvd 1
redhat 3
nessus 36
freebsd 1
openvas 11
gentoo 1
cve 1
suse 1
securityvulns 1
cert 1
cvelist 1
ubuntucve 1
slackware 1
debian 2
osv 1
ubuntu
ubuntu
X server vulnerability
2005-09-12 00:00:00
centos
centos
XFree86 security update
2005-09-13 23:21:44
xorg security update
2005-09-13 18:53:55
XFree86 security update
2005-09-15 10:48:27
nvd
nvd
CVE-2005-2495
2005-09-15 20:03:00
redhat
redhat
(RHSA-2005:396) xorg-x11 security update
2005-09-13 00:00:00
(RHSA-2005:501) XFree86 security update
2005-09-15 00:00:00
(RHSA-2005:329) XFree86 security update
2005-09-12 00:00:00
nessus
nessus
RHEL 2.1 : XFree86 (RHSA-2005:329)
2005-09-13 00:00:00
Solaris 10 (x86) : 118966-25
2006-11-06 00:00:00
HP-UX PHSS_32966 : HP-UX Running Xserver Local Execution of Arbitrary Code, Privilege Elevation (HPSBUX02137 SSRT051024 rev.1)
2006-08-08 00:00:00
freebsd
freebsd
X11 server -- pixmap allocation vulnerability
2005-09-12 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200509-07 (X.Org)
2008-09-24 00:00:00
Slackware: Security Advisory (SSA:2005-269-02)
2012-09-10 00:00:00
FreeBSD Ports: XFree86-Server
2008-09-04 00:00:00
gentoo
gentoo
X.Org: Heap overflow in pixmap allocation
2005-09-12 00:00:00
cve
cve
CVE-2005-2495
2005-09-15 20:03:00
suse
suse
remote command execution in XFree86-server,xorg-x11-server
2005-09-26 13:04:19
securityvulns
securityvulns
[Full-disclosure] [USN-182-1] X server vulnerability
2005-09-12 00:00:00
cert
cert
Multiple X servers fail to properly allocate memory for large pixmaps
2005-09-13 00:00:00
cvelist
cvelist
CVE-2005-2495
2005-09-15 04:00:00
ubuntucve
ubuntucve
CVE-2005-2495
2005-09-15 00:00:00
slackware
slackware
X.Org pixmap overflow
2005-09-26 10:43:04
debian
debian
[SECURITY] [DSA 816-1] New XFree86 packages fix arbitrary code execution
2005-09-22 08:57:47
[SECURITY] [DSA 816-1] New XFree86 packages fix arbitrary code execution
2005-09-22 08:57:47
osv
osv
xfree86 - integer overflow
2005-09-19 00:00:00

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

90.2%

JSON
Related for MANDRAKE_MDKSA-2005-164.NASL
ubuntu1centos3nvd1redhat3nessus36freebsd1openvas11gentoo1cve1suse1securityvulns1cert1cvelist1ubuntucve1slackware1debian2osv1