ID ORACLELINUX_ELSA-2007-0127.NASL Type nessus Reporter Tenable Modified 2018-07-18T00:00:00
Description
From Red Hat Security Advisory 2007:0127 :
Updated X.org X11 server packages that fix a security issue are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.
iDefense reported an integer overflow flaw in the X.org X11 server XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server.
(CVE-2007-1003)
Users of the X.org X11 server should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2007:0127 and
# Oracle Linux Security Advisory ELSA-2007-0127 respectively.
#
include("compat.inc");
if (description)
{
script_id(67466);
script_version("1.5");
script_cvs_date("Date: 2018/07/18 17:43:55");
script_cve_id("CVE-2007-1003");
script_bugtraq_id(23284, 23300);
script_xref(name:"RHSA", value:"2007:0127");
script_name(english:"Oracle Linux 5 : xorg-x11-server (ELSA-2007-0127)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Oracle Linux host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"From Red Hat Security Advisory 2007:0127 :
Updated X.org X11 server packages that fix a security issue are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
X.org is an open source implementation of the X Window System. It
provides the basic low-level functionality that full-fledged graphical
user interfaces are designed upon.
iDefense reported an integer overflow flaw in the X.org X11 server
XC-MISC extension. A malicious authorized client could exploit this
issue to cause a denial of service (crash) or potentially execute
arbitrary code with root privileges on the X.org server.
(CVE-2007-1003)
Users of the X.org X11 server should upgrade to these updated
packages, which contain a backported patch and is not vulnerable to
this issue."
);
script_set_attribute(
attribute:"see_also",
value:"https://oss.oracle.com/pipermail/el-errata/2007-June/000234.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected xorg-x11-server packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xorg-x11-server-Xdmx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xorg-x11-server-Xephyr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xorg-x11-server-Xnest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xorg-x11-server-Xorg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xorg-x11-server-Xvfb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xorg-x11-server-sdk");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
script_set_attribute(attribute:"patch_publication_date", value:"2007/06/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/03");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
script_family(english:"Oracle Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !eregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = eregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
flag = 0;
if (rpm_check(release:"EL5", reference:"xorg-x11-server-Xdmx-1.1.1-48.13.0.1.el5.0.1")) flag++;
if (rpm_check(release:"EL5", reference:"xorg-x11-server-Xephyr-1.1.1-48.13.0.1.el5.0.1")) flag++;
if (rpm_check(release:"EL5", reference:"xorg-x11-server-Xnest-1.1.1-48.13.0.1.el5.0.1")) flag++;
if (rpm_check(release:"EL5", reference:"xorg-x11-server-Xorg-1.1.1-48.13.0.1.el5.0.1")) flag++;
if (rpm_check(release:"EL5", reference:"xorg-x11-server-Xvfb-1.1.1-48.13.0.1.el5.0.1")) flag++;
if (rpm_check(release:"EL5", reference:"xorg-x11-server-sdk-1.1.1-48.13.0.1.el5.0.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc");
}
{"id": "ORACLELINUX_ELSA-2007-0127.NASL", "bulletinFamily": "scanner", "title": "Oracle Linux 5 : xorg-x11-server (ELSA-2007-0127)", "description": "From Red Hat Security Advisory 2007:0127 :\n\nUpdated X.org X11 server packages that fix a security issue are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nX.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\niDefense reported an integer overflow flaw in the X.org X11 server XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server.\n(CVE-2007-1003)\n\nUsers of the X.org X11 server should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.", "published": "2013-07-12T00:00:00", "modified": "2018-07-18T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67466", "reporter": "Tenable", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-June/000234.html"], "cvelist": ["CVE-2007-1003"], "type": "nessus", "lastseen": "2018-07-21T08:00:02", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:linux:xorg-x11-server-sdk", "p-cpe:/a:oracle:linux:xorg-x11-server-Xdmx", "p-cpe:/a:oracle:linux:xorg-x11-server-Xnest", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:xorg-x11-server-Xorg", "p-cpe:/a:oracle:linux:xorg-x11-server-Xvfb", "p-cpe:/a:oracle:linux:xorg-x11-server-Xephyr"], "cvelist": ["CVE-2007-1003"], "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2007:0127 :\n\nUpdated X.org X11 server packages that fix a security issue are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nX.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\niDefense reported an integer overflow flaw in the X.org X11 server XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server.\n(CVE-2007-1003)\n\nUsers of the X.org X11 server should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "4779fc8311d65c443eaced75a3bc7c3a2d2665cd76c5416d634e4d9a4528e4fd", "hashmap": [{"hash": "1b4252d2369ac56456dd9ab6b2ebcdc3", "key": "description"}, {"hash": "5485a8a64b65ebea9731d4fa075795da", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d593eac7d4cb584b005311320916ef97", "key": "cvelist"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1786aec3a614d40f1e566fde557a1799", "key": "pluginID"}, {"hash": "b9e02cd144bef35e82b71d691e070803", "key": "title"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "6eb5eeea01326be8f8884fa72c21b7f0", "key": "href"}, {"hash": "4ea840ff73b6affb0ff1787d26923e0e", "key": "cvss"}, {"hash": "be3ffe9319ca8bf2f8c339435e78948f", "key": "modified"}, {"hash": "af26883546775b323ae04142695ffe70", "key": "references"}, {"hash": "d95b7e1cb2ad77f882cdee81a83de408", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=67466", "id": "ORACLELINUX_ELSA-2007-0127.NASL", "lastseen": "2017-10-29T13:37:07", "modified": "2015-12-01T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "67466", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-June/000234.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0127 and \n# Oracle Linux Security Advisory ELSA-2007-0127 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67466);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/12/01 16:16:27 $\");\n\n script_cve_id(\"CVE-2007-1003\");\n script_bugtraq_id(23284, 23300);\n script_osvdb_id(34110);\n script_xref(name:\"RHSA\", value:\"2007:0127\");\n\n script_name(english:\"Oracle Linux 5 : xorg-x11-server (ELSA-2007-0127)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0127 :\n\nUpdated X.org X11 server packages that fix a security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nX.org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\niDefense reported an integer overflow flaw in the X.org X11 server\nXC-MISC extension. A malicious authorized client could exploit this\nissue to cause a denial of service (crash) or potentially execute\narbitrary code with root privileges on the X.org server.\n(CVE-2007-1003)\n\nUsers of the X.org X11 server should upgrade to these updated\npackages, which contain a backported patch and is not vulnerable to\nthis issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-June/000234.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xorg-x11-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.13.0.1.el5.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.13.0.1.el5.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xnest-1.1.1-48.13.0.1.el5.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xorg-1.1.1-48.13.0.1.el5.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.13.0.1.el5.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-sdk-1.1.1-48.13.0.1.el5.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n}\n", "title": "Oracle Linux 5 : xorg-x11-server (ELSA-2007-0127)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:37:07"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2007-1003"], "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2007:0127 :\n\nUpdated X.org X11 server packages that fix a security issue are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nX.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\niDefense reported an integer overflow flaw in the X.org X11 server XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server.\n(CVE-2007-1003)\n\nUsers of the X.org X11 server should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.", "edition": 1, "enchantments": {}, "hash": "a2d260a958de322af3603c95730e9c5f704724b1bf6de04428467dce71575d3f", "hashmap": [{"hash": "1b4252d2369ac56456dd9ab6b2ebcdc3", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d593eac7d4cb584b005311320916ef97", "key": "cvelist"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1786aec3a614d40f1e566fde557a1799", "key": "pluginID"}, {"hash": "b9e02cd144bef35e82b71d691e070803", "key": "title"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "6eb5eeea01326be8f8884fa72c21b7f0", "key": "href"}, {"hash": "4ea840ff73b6affb0ff1787d26923e0e", "key": "cvss"}, {"hash": "be3ffe9319ca8bf2f8c339435e78948f", "key": "modified"}, {"hash": "af26883546775b323ae04142695ffe70", "key": "references"}, {"hash": "d95b7e1cb2ad77f882cdee81a83de408", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=67466", "id": "ORACLELINUX_ELSA-2007-0127.NASL", "lastseen": "2016-09-26T17:24:18", "modified": "2015-12-01T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.2", "pluginID": "67466", "published": "2013-07-12T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-June/000234.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0127 and \n# Oracle Linux Security Advisory ELSA-2007-0127 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67466);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/12/01 16:16:27 $\");\n\n script_cve_id(\"CVE-2007-1003\");\n script_bugtraq_id(23284, 23300);\n script_osvdb_id(34110);\n script_xref(name:\"RHSA\", value:\"2007:0127\");\n\n script_name(english:\"Oracle Linux 5 : xorg-x11-server (ELSA-2007-0127)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0127 :\n\nUpdated X.org X11 server packages that fix a security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nX.org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\niDefense reported an integer overflow flaw in the X.org X11 server\nXC-MISC extension. A malicious authorized client could exploit this\nissue to cause a denial of service (crash) or potentially execute\narbitrary code with root privileges on the X.org server.\n(CVE-2007-1003)\n\nUsers of the X.org X11 server should upgrade to these updated\npackages, which contain a backported patch and is not vulnerable to\nthis issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-June/000234.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xorg-x11-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.13.0.1.el5.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.13.0.1.el5.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xnest-1.1.1-48.13.0.1.el5.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xorg-1.1.1-48.13.0.1.el5.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.13.0.1.el5.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-sdk-1.1.1-48.13.0.1.el5.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n}\n", "title": "Oracle Linux 5 : xorg-x11-server (ELSA-2007-0127)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:18"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "5485a8a64b65ebea9731d4fa075795da"}, {"key": "cvelist", "hash": "d593eac7d4cb584b005311320916ef97"}, {"key": "cvss", "hash": "4ea840ff73b6affb0ff1787d26923e0e"}, {"key": "description", "hash": "1b4252d2369ac56456dd9ab6b2ebcdc3"}, {"key": "href", "hash": "6eb5eeea01326be8f8884fa72c21b7f0"}, {"key": "modified", "hash": "2e3c438f66403fd816adabf5a1b82b29"}, {"key": "naslFamily", "hash": "e31ed89ab0cbb68ce2c40f17ec1e5483"}, {"key": "pluginID", "hash": "1786aec3a614d40f1e566fde557a1799"}, {"key": "published", "hash": "0db193a0effe2d65dffecdb5e4d9c241"}, {"key": "references", "hash": "af26883546775b323ae04142695ffe70"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "b1d96d13a30d146e1487f43d34105b23"}, {"key": "title", "hash": "b9e02cd144bef35e82b71d691e070803"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "b388e5a4320e454313dea9e26a34d1a9805fee0e5f575340eb6ee80d20e33746", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0127 and \n# Oracle Linux Security Advisory ELSA-2007-0127 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67466);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:55\");\n\n script_cve_id(\"CVE-2007-1003\");\n script_bugtraq_id(23284, 23300);\n script_xref(name:\"RHSA\", value:\"2007:0127\");\n\n script_name(english:\"Oracle Linux 5 : xorg-x11-server (ELSA-2007-0127)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0127 :\n\nUpdated X.org X11 server packages that fix a security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nX.org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\niDefense reported an integer overflow flaw in the X.org X11 server\nXC-MISC extension. A malicious authorized client could exploit this\nissue to cause a denial of service (crash) or potentially execute\narbitrary code with root privileges on the X.org server.\n(CVE-2007-1003)\n\nUsers of the X.org X11 server should upgrade to these updated\npackages, which contain a backported patch and is not vulnerable to\nthis issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-June/000234.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xorg-x11-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.13.0.1.el5.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.13.0.1.el5.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xnest-1.1.1-48.13.0.1.el5.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xorg-1.1.1-48.13.0.1.el5.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.13.0.1.el5.0.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-sdk-1.1.1-48.13.0.1.el5.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "pluginID": "67466", "cpe": ["p-cpe:/a:oracle:linux:xorg-x11-server-sdk", "p-cpe:/a:oracle:linux:xorg-x11-server-Xdmx", "p-cpe:/a:oracle:linux:xorg-x11-server-Xnest", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:xorg-x11-server-Xorg", "p-cpe:/a:oracle:linux:xorg-x11-server-Xvfb", "p-cpe:/a:oracle:linux:xorg-x11-server-Xephyr"]}
{"result": {"cve": [{"id": "CVE-2007-1003", "type": "cve", "title": "CVE-2007-1003", "description": "Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.", "published": "2007-04-05T21:19:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1003", "cvelist": ["CVE-2007-1003"], "lastseen": "2017-10-11T11:07:01"}], "nessus": [{"id": "REDHAT-RHSA-2007-0127.NASL", "type": "nessus", "title": "RHEL 5 : xorg-x11-server (RHSA-2007:0127)", "description": "Updated X.org X11 server packages that fix a security issue are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nX.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\niDefense reported an integer overflow flaw in the X.org X11 server XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server.\n(CVE-2007-1003)\n\nUsers of the X.org X11 server should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue.", "published": "2007-05-25T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25322", "cvelist": ["CVE-2007-1003"], "lastseen": "2017-10-29T13:41:07"}, {"id": "GENTOO_GLSA-200705-10.NASL", "type": "nessus", "title": "GLSA-200705-10 : LibXfont, TightVNC: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-200705-10 (LibXfont, TightVNC: Multiple vulnerabilities)\n\n The libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable().\n TightVNC contains a local copy of this code and is also affected.\n Impact :\n\n A local attacker could use a specially crafted BDF Font to gain root privileges on the vulnerable host.\n Workaround :\n\n There is no known workaround at this time.", "published": "2007-05-10T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25187", "cvelist": ["CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2017-10-29T13:44:52"}, {"id": "UBUNTU_USN-448-1.NASL", "type": "nessus", "title": "Ubuntu 5.10 / 6.06 LTS / 6.10 : freetype, libxfont, xorg, xorg-server vulnerabilities (USN-448-1)", "description": "Sean Larsson of iDefense Labs discovered that the MISC-XC extension of Xorg did not correctly verify the size of allocated memory. An authenticated user could send a specially crafted X11 request and execute arbitrary code with root privileges. (CVE-2007-1003)\n\nGreg MacManus of iDefense Labs discovered that the BDF font handling code in Xorg and FreeType did not correctly verify the size of allocated memory. If a user were tricked into using a specially crafted font, a remote attacker could execute arbitrary code with root privileges. (CVE-2007-1351, CVE-2007-1352).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2007-11-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=28045", "cvelist": ["CVE-2007-1667", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2017-10-29T13:43:16"}, {"id": "REDHAT-RHSA-2007-0126.NASL", "type": "nessus", "title": "RHEL 4 : xorg-x11 (RHSA-2007:0126)", "description": "Updated X.org packages that fix several security issues are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nX.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\niDefense reported an integer overflow flaw in the X.org XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1003)\n\niDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352)\n\nAn integer overflow flaw was found in the X.org XGetPixel() function.\nImproper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667)\n\nUsers of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues.", "published": "2007-04-05T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=24950", "cvelist": ["CVE-2007-1667", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2017-10-29T13:38:26"}, {"id": "SUSE_XORG-X11-SERVER-3083.NASL", "type": "nessus", "title": "SuSE 10 Security Update : Xorg X11 (ZYPP Patch Number 3083)", "description": "Integer overflows in the XC-MISC extension of the X-server could potentially be exploited to execute code with root privileges.\n(CVE-2007-1003)\n\nInteger overflows in libx11 could cause crashes. (CVE-2007-1667)\n\nInteger overflows in the font handling of the X-server could potentially be exploited to execute code with root privileges.\n(CVE-2007-1352 / CVE-2007-1351)", "published": "2007-12-13T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29607", "cvelist": ["CVE-2007-1667", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2017-10-29T13:35:46"}, {"id": "ORACLELINUX_ELSA-2007-0126.NASL", "type": "nessus", "title": "Oracle Linux 4 : xorg-x11 (ELSA-2007-0126)", "description": "From Red Hat Security Advisory 2007:0126 :\n\nUpdated X.org packages that fix several security issues are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nX.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\niDefense reported an integer overflow flaw in the X.org XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1003)\n\niDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352)\n\nAn integer overflow flaw was found in the X.org XGetPixel() function.\nImproper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667)\n\nUsers of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues.", "published": "2013-07-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67465", "cvelist": ["CVE-2007-1667", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2018-07-21T08:28:11"}, {"id": "MANDRAKE_MDKSA-2007-080.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : tightvnc (MDKSA-2007:080-1)", "description": "Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root.\n\nThe vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. (CVE-2007-1003)\n\niDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352)\n\nTightVNC uses some of the same code base as Xorg, and has the same vulnerable code.\n\nUpdated packages are patched to address these issues.\n\nUpdate :\n\nPackages for Mandriva Linux 2007.1 are now available.", "published": "2007-04-05T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=24946", "cvelist": ["CVE-2007-1667", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2017-10-29T13:39:35"}, {"id": "DEBIAN_DSA-1294.NASL", "type": "nessus", "title": "Debian DSA-1294-1 : xfree86 - several vulnerabilities", "description": "Several vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2007-1003 Sean Larsson discovered an integer overflow in the XC-MISC extension, which might lead to denial of service or local privilege escalation.\n\n - CVE-2007-1351 Greg MacManus discovered an integer overflow in the font handling, which might lead to denial of service or local privilege escalation.\n\n - CVE-2007-1352 Greg MacManus discovered an integer overflow in the font handling, which might lead to denial of service or local privilege escalation.\n\n - CVE-2007-1667 Sami Leides discovered an integer overflow in the libx11 library which might lead to the execution of arbitrary code. This update introduces tighter sanity checking of input passed to XCreateImage(). To cope with this an updated rdesktop package is delivered along with this security update. Another application reported to break is the proprietary Opera browser, which isn't part of Debian. The vendor has released updated packages, though.", "published": "2007-05-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25259", "cvelist": ["CVE-2007-1667", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2017-10-29T13:45:04"}, {"id": "MANDRAKE_MDKSA-2007-079.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2007:079-1)", "description": "Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root.\n\nThe vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. (CVE-2007-1003)\n\niDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352)\n\nMultiple integer overflows in (1) the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow. (CVE-2007-1667)\n\nUpdated packages are patched to address these issues.\n\nUpdate :\n\nPackages for Mandriva Linux 2007.1 are now available.", "published": "2007-04-05T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=24945", "cvelist": ["CVE-2007-1667", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2017-10-29T13:43:24"}, {"id": "SUSE_XORG-X11-SERVER-3082.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-3082)", "description": "Integer overflows in the XC-MISC extension of the X-server could potentially be exploited to execute code with root privileges (CVE-2007-1003).\n\nInteger overflows in libX11 could cause crashes (CVE-2007-1667).\n\nInteger overflows in the font handling of the X-server could potentially be exploited to execute code with root privileges (CVE-2007-1352, CVE-2007-1351).", "published": "2007-10-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27496", "cvelist": ["CVE-2007-1667", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2017-10-29T13:37:07"}], "osvdb": [{"id": "OSVDB:34110", "type": "osvdb", "title": "X.Org X11 XC-MISC Extension ProcXCMiscGetXIDList Function ALLOCATE_LOCAL Overflow", "description": "# No description provided by the source\n\n## References:\nSecurity Tracker: 1017857\n[Secunia Advisory ID:24765](https://secuniaresearch.flexerasoftware.com/advisories/24765/)\n[Secunia Advisory ID:24791](https://secuniaresearch.flexerasoftware.com/advisories/24791/)\n[Secunia Advisory ID:25195](https://secuniaresearch.flexerasoftware.com/advisories/25195/)\n[Secunia Advisory ID:25006](https://secuniaresearch.flexerasoftware.com/advisories/25006/)\n[Secunia Advisory ID:24741](https://secuniaresearch.flexerasoftware.com/advisories/24741/)\n[Secunia Advisory ID:24770](https://secuniaresearch.flexerasoftware.com/advisories/24770/)\n[Secunia Advisory ID:24745](https://secuniaresearch.flexerasoftware.com/advisories/24745/)\n[Secunia Advisory ID:25004](https://secuniaresearch.flexerasoftware.com/advisories/25004/)\n[Secunia Advisory ID:25305](https://secuniaresearch.flexerasoftware.com/advisories/25305/)\n[Secunia Advisory ID:25216](https://secuniaresearch.flexerasoftware.com/advisories/25216/)\n[Secunia Advisory ID:24756](https://secuniaresearch.flexerasoftware.com/advisories/24756/)\n[Secunia Advisory ID:24772](https://secuniaresearch.flexerasoftware.com/advisories/24772/)\n[Secunia Advisory ID:24758](https://secuniaresearch.flexerasoftware.com/advisories/24758/)\n[Secunia Advisory ID:24771](https://secuniaresearch.flexerasoftware.com/advisories/24771/)\nRedHat RHSA: RHSA-2007:0125\nRedHat RHSA: RHSA-2007:0126\nRedHat RHSA: RHSA-2007:0127\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102886-1\nOther Advisory URL: https://issues.rpath.com/browse/RPL-1213\nOther Advisory URL: http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-448-1\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200705-10.xml\nOther Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=503\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:079\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_27_x.html\nOther Advisory URL: http://issues.foresightlinux.org/browse/FL-223\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:080\nOther Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00051.html\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-178.htm\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-04/0061.html\nISS X-Force ID: 33424\nFrSIRT Advisory: ADV-2007-1217\n[CVE-2007-1003](https://vulners.com/cve/CVE-2007-1003)\nBugtraq ID: 23284\n", "published": "2007-04-03T08:13:01", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:34110", "cvelist": ["CVE-2007-1003"], "lastseen": "2017-04-28T13:20:30"}], "openvas": [{"id": "OPENVAS:861330", "type": "openvas", "title": "Fedora Update for xorg-x11-server FEDORA-2007-425", "description": "Check for the Version of xorg-x11-server", "published": "2009-02-27T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=861330", "cvelist": ["CVE-2007-1003"], "lastseen": "2017-07-25T10:56:13"}, {"id": "OPENVAS:1361412562310122684", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2007-0127", "description": "Oracle Linux Local Security Checks ELSA-2007-0127", "published": "2015-10-08T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122684", "cvelist": ["CVE-2007-1003"], "lastseen": "2017-07-24T12:53:18"}, {"id": "OPENVAS:861401", "type": "openvas", "title": "Fedora Update for xorg-x11-server FEDORA-2007-424", "description": "Check for the Version of xorg-x11-server", "published": "2009-02-27T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=861401", "cvelist": ["CVE-2006-1526", "CVE-2007-1003"], "lastseen": "2017-07-25T10:56:39"}, {"id": "OPENVAS:1361412562310830327", "type": "openvas", "title": "Mandriva Update for tightvnc MDKSA-2007:080 (tightvnc)", "description": "Check for the Version of tightvnc", "published": "2009-04-09T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830327", "cvelist": ["CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2018-04-09T11:38:42"}, {"id": "OPENVAS:830327", "type": "openvas", "title": "Mandriva Update for tightvnc MDKSA-2007:080 (tightvnc)", "description": "Check for the Version of tightvnc", "published": "2009-04-09T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830327", "cvelist": ["CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2017-07-24T12:56:05"}, {"id": "OPENVAS:840132", "type": "openvas", "title": "Ubuntu Update for freetype, libxfont, xorg, xorg-server vulnerabilities USN-448-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-448-1", "published": "2009-03-23T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=840132", "cvelist": ["CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2017-12-04T11:29:55"}, {"id": "OPENVAS:830338", "type": "openvas", "title": "Mandriva Update for tightvnc MDKSA-2007:080-1 (tightvnc)", "description": "Check for the Version of tightvnc", "published": "2009-04-09T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830338", "cvelist": ["CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2017-07-24T12:57:10"}, {"id": "OPENVAS:58260", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200705-10 (tightvnc, libxfont)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200705-10.", "published": "2008-09-24T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=58260", "cvelist": ["CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2017-07-24T12:49:55"}, {"id": "OPENVAS:1361412562310830338", "type": "openvas", "title": "Mandriva Update for tightvnc MDKSA-2007:080-1 (tightvnc)", "description": "Check for the Version of tightvnc", "published": "2009-04-09T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830338", "cvelist": ["CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2018-04-09T11:41:38"}, {"id": "OPENVAS:830139", "type": "openvas", "title": "Mandriva Update for xorg-x11 MDKSA-2007:079 (xorg-x11)", "description": "Check for the Version of xorg-x11", "published": "2009-04-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830139", "cvelist": ["CVE-2007-1667", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2017-07-24T12:56:53"}], "redhat": [{"id": "RHSA-2007:0127", "type": "redhat", "title": "(RHSA-2007:0127) Important: xorg-x11-server security update", "description": "X.org is an open source implementation of the X Window System. It provides\r\nthe basic low-level functionality that full-fledged graphical user\r\ninterfaces are designed upon.\r\n\r\niDefense reported an integer overflow flaw in the X.org X11 server XC-MISC\r\nextension. A malicious authorized client could exploit this issue to cause\r\na denial of service (crash) or potentially execute arbitrary code with root\r\nprivileges on the X.org server. (CVE-2007-1003)\r\n\r\nUsers of the X.org X11 server should upgrade to these updated packages,\r\nwhich contain a backported patch and is not vulnerable to this issue.", "published": "2007-04-03T04:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:0127", "cvelist": ["CVE-2007-1003"], "lastseen": "2017-09-09T07:19:15"}, {"id": "RHSA-2007:0126", "type": "redhat", "title": "(RHSA-2007:0126) Important: xorg-x11 security update", "description": "X.org is an open source implementation of the X Window System. It provides\r\nthe basic low-level functionality that full-fledged graphical user\r\ninterfaces are designed upon.\r\n\r\niDefense reported an integer overflow flaw in the X.org XC-MISC\r\nextension. A malicious authorized client could exploit this issue to cause\r\na denial of service (crash) or potentially execute arbitrary code with the\r\nprivileges of the X.org server. (CVE-2007-1003)\r\n\r\niDefense reported two integer overflows in the way X.org handled various\r\nfont files. A malicious local user could exploit these issues to\r\npotentially execute arbitrary code with the privileges of the X.org server.\r\n(CVE-2007-1351, CVE-2007-1352)\r\n\r\nAn integer overflow flaw was found in the X.org XGetPixel() function.\r\nImproper use of this function could cause an application calling it to\r\nfunction improperly, possibly leading to a crash or arbitrary code\r\nexecution. (CVE-2007-1667)\r\n\r\nUsers of X.org should upgrade to these updated packages, which contain a\r\nbackported patch and are not vulnerable to these issues.", "published": "2007-04-03T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:0126", "cvelist": ["CVE-2007-1003", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1667"], "lastseen": "2017-09-08T13:20:27"}, {"id": "RHSA-2007:0125", "type": "redhat", "title": "(RHSA-2007:0125) Important: XFree86 security update", "description": "XFree86 is an implementation of the X Window System, which provides the\r\ncore functionality for the Linux graphical desktop.\r\n\r\niDefense reported an integer overflow flaw in the XFree86 XC-MISC\r\nextension. A malicious authorized client could exploit this issue to cause\r\na denial of service (crash) or potentially execute arbitrary code with root\r\nprivileges on the XFree86 server. (CVE-2007-1003)\r\n\r\niDefense reported two integer overflows in the way X.org handled various\r\nfont files. A malicious local user could exploit these issues to\r\npotentially execute arbitrary code with the privileges of the X.org server.\r\n(CVE-2007-1351, CVE-2007-1352)\r\n\r\nAn integer overflow flaw was found in the XFree86 XGetPixel() function.\r\nImproper use of this function could cause an application calling it to\r\nfunction improperly, possibly leading to a crash or arbitrary code\r\nexecution. (CVE-2007-1667)\r\n\r\nUsers of XFree86 should upgrade to these updated packages, which contain a\r\nbackported patch and is not vulnerable to this issue.", "published": "2007-04-03T04:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:0125", "cvelist": ["CVE-2007-1003", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1667"], "lastseen": "2018-05-11T21:13:56"}], "oraclelinux": [{"id": "ELSA-2007-0127", "type": "oraclelinux", "title": "Important: xorg-x11-server security update ", "description": " [1.1.1-48.13.0.1.el5.0.1]\n - add Enterprise Linux detection\n \n [1.1.1-48.13.0.1.el5]\n - cve-2007-1003.patch. xc misc overflows (#233001) ", "published": "2007-06-26T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2007-0127.html", "cvelist": ["CVE-2007-1003"], "lastseen": "2016-09-04T11:17:09"}, {"id": "ELSA-2007-0125", "type": "oraclelinux", "title": "Important: XFree86 security update ", "description": " [4.3.0-120.EL.0.1]\n - Add oracle detection to Imake.\n \n [4.3.0-120.EL]\n - add cve-2007-1351.patch (#234056)\n \n [4.3.0-119.EL]\n - Add int-overflow.patch (#231684)\n - comment out requirement on fonts-base as that is an unreleased change.\n \n [4.3.0-118.EL]\n - Add cve-2007-1003.patch (#232996)\n \n [4.3.0-117.EL]\n - Make xfs depend on fonts-base, which provides fixed and friends. (#216542)\n \n [4.3.0-116.EL]\n - Bump for embargo branch resync. ", "published": "2007-04-04T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2007-0125.html", "cvelist": ["CVE-2007-1351", "CVE-2007-1003"], "lastseen": "2017-06-22T16:16:52"}, {"id": "ELSA-2007-0126", "type": "oraclelinux", "title": "Important: xorg-x11 security update ", "description": " [6.8.2-1.EL.13.37.0.1]\n - Add Enterprise Linux detection\n \n [6.8.2-1.EL.13.37.7]\n - Add cve-2007-1351.patch (#234056)\n \n [6.8.2-1.EL.13.37.6]\n - Add cve-2007-1003.patch (#233000)\n - Add int-overflow.patch (#231693)\n \n [6.8.2-1.EL.13.37.5]\n - Add xorg-x11-6.8.2-sorted-xkbcomp-dirs.patch to fix rpmdiff multilib\n failure.\n \n [6.8.2-1.EL.13.37.4]\n - Add xorg-x11-server-CVE-2006-6101.patch. (#218871)\n \n [6.8.2-1.EL.13.37.2]\n - Fix for CID font parser integer overflows. (CVE-2006-3470, #204548) ", "published": "2007-04-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2007-0126.html", "cvelist": ["CVE-2006-3470", "CVE-2007-1667", "CVE-2007-1351", "CVE-2006-6101", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2016-09-04T11:16:26"}], "gentoo": [{"id": "GLSA-200705-10", "type": "gentoo", "title": "LibXfont, TightVNC: Multiple vulnerabilities", "description": "### Background\n\nLibXfont is the X.Org font library. TightVNC is a VNC client/server for X displays. \n\n### Description\n\nThe libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable(). TightVNC contains a local copy of this code and is also affected. \n\n### Impact\n\nA local attacker could use a specially crafted BDF Font to gain root privileges on the vulnerable host. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll libXfont users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/libXfont-1.2.7-r1\"\n\nAll TightVNC users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/tightvnc-1.2.9-r4\"", "published": "2007-05-08T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200705-10", "cvelist": ["CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2016-09-06T19:46:06"}], "ubuntu": [{"id": "USN-448-1", "type": "ubuntu", "title": "X.org vulnerabilities", "description": "Sean Larsson of iDefense Labs discovered that the MISC-XC extension of Xorg did not correctly verify the size of allocated memory. An authenticated user could send a specially crafted X11 request and execute arbitrary code with root privileges. (CVE-2007-1003)\n\nGreg MacManus of iDefense Labs discovered that the BDF font handling code in Xorg and FreeType did not correctly verify the size of allocated memory. If a user were tricked into using a specially crafted font, a remote attacker could execute arbitrary code with root privileges. (CVE-2007-1351, CVE-2007-1352)", "published": "2007-04-03T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/448-1/", "cvelist": ["CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2018-03-29T18:19:03"}], "centos": [{"id": "CESA-2007:0125-01", "type": "centos", "title": "XFree86 security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:0125-01\n\n\nXFree86 is an implementation of the X Window System, which provides the\r\ncore functionality for the Linux graphical desktop.\r\n\r\niDefense reported an integer overflow flaw in the XFree86 XC-MISC\r\nextension. A malicious authorized client could exploit this issue to cause\r\na denial of service (crash) or potentially execute arbitrary code with root\r\nprivileges on the XFree86 server. (CVE-2007-1003)\r\n\r\niDefense reported two integer overflows in the way X.org handled various\r\nfont files. A malicious local user could exploit these issues to\r\npotentially execute arbitrary code with the privileges of the X.org server.\r\n(CVE-2007-1351, CVE-2007-1352)\r\n\r\nAn integer overflow flaw was found in the XFree86 XGetPixel() function.\r\nImproper use of this function could cause an application calling it to\r\nfunction improperly, possibly leading to a crash or arbitrary code\r\nexecution. (CVE-2007-1667)\r\n\r\nUsers of XFree86 should upgrade to these updated packages, which contain a\r\nbackported patch and is not vulnerable to this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013650.html\n\n**Affected packages:**\nXFree86\nXFree86-100dpi-fonts\nXFree86-75dpi-fonts\nXFree86-ISO8859-15-100dpi-fonts\nXFree86-ISO8859-15-75dpi-fonts\nXFree86-ISO8859-2-100dpi-fonts\nXFree86-ISO8859-2-75dpi-fonts\nXFree86-ISO8859-9-100dpi-fonts\nXFree86-ISO8859-9-75dpi-fonts\nXFree86-Xnest\nXFree86-Xvfb\nXFree86-cyrillic-fonts\nXFree86-devel\nXFree86-doc\nXFree86-libs\nXFree86-tools\nXFree86-twm\nXFree86-xdm\nXFree86-xf86cfg\nXFree86-xfs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2007-04-04T05:46:38", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-April/013650.html", "cvelist": ["CVE-2007-1667", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2017-10-12T14:47:07"}, {"id": "CESA-2007:0125", "type": "centos", "title": "XFree86 security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:0125\n\n\nXFree86 is an implementation of the X Window System, which provides the\r\ncore functionality for the Linux graphical desktop.\r\n\r\niDefense reported an integer overflow flaw in the XFree86 XC-MISC\r\nextension. A malicious authorized client could exploit this issue to cause\r\na denial of service (crash) or potentially execute arbitrary code with root\r\nprivileges on the XFree86 server. (CVE-2007-1003)\r\n\r\niDefense reported two integer overflows in the way X.org handled various\r\nfont files. A malicious local user could exploit these issues to\r\npotentially execute arbitrary code with the privileges of the X.org server.\r\n(CVE-2007-1351, CVE-2007-1352)\r\n\r\nAn integer overflow flaw was found in the XFree86 XGetPixel() function.\r\nImproper use of this function could cause an application calling it to\r\nfunction improperly, possibly leading to a crash or arbitrary code\r\nexecution. (CVE-2007-1667)\r\n\r\nUsers of XFree86 should upgrade to these updated packages, which contain a\r\nbackported patch and is not vulnerable to this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013640.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013641.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013643.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013652.html\n\n**Affected packages:**\nXFree86\nXFree86-100dpi-fonts\nXFree86-75dpi-fonts\nXFree86-ISO8859-14-100dpi-fonts\nXFree86-ISO8859-14-75dpi-fonts\nXFree86-ISO8859-15-100dpi-fonts\nXFree86-ISO8859-15-75dpi-fonts\nXFree86-ISO8859-2-100dpi-fonts\nXFree86-ISO8859-2-75dpi-fonts\nXFree86-ISO8859-9-100dpi-fonts\nXFree86-ISO8859-9-75dpi-fonts\nXFree86-Mesa-libGL\nXFree86-Mesa-libGLU\nXFree86-Xnest\nXFree86-Xvfb\nXFree86-base-fonts\nXFree86-cyrillic-fonts\nXFree86-devel\nXFree86-doc\nXFree86-font-utils\nXFree86-libs\nXFree86-libs-data\nXFree86-sdk\nXFree86-syriac-fonts\nXFree86-tools\nXFree86-truetype-fonts\nXFree86-twm\nXFree86-xauth\nXFree86-xdm\nXFree86-xfs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0125.html", "published": "2007-04-03T22:05:23", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-April/013640.html", "cvelist": ["CVE-2007-1667", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2017-10-12T14:45:45"}, {"id": "CESA-2007:0126", "type": "centos", "title": "xorg security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:0126\n\n\nX.org is an open source implementation of the X Window System. It provides\r\nthe basic low-level functionality that full-fledged graphical user\r\ninterfaces are designed upon.\r\n\r\niDefense reported an integer overflow flaw in the X.org XC-MISC\r\nextension. A malicious authorized client could exploit this issue to cause\r\na denial of service (crash) or potentially execute arbitrary code with the\r\nprivileges of the X.org server. (CVE-2007-1003)\r\n\r\niDefense reported two integer overflows in the way X.org handled various\r\nfont files. A malicious local user could exploit these issues to\r\npotentially execute arbitrary code with the privileges of the X.org server.\r\n(CVE-2007-1351, CVE-2007-1352)\r\n\r\nAn integer overflow flaw was found in the X.org XGetPixel() function.\r\nImproper use of this function could cause an application calling it to\r\nfunction improperly, possibly leading to a crash or arbitrary code\r\nexecution. (CVE-2007-1667)\r\n\r\nUsers of X.org should upgrade to these updated packages, which contain a\r\nbackported patch and are not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013647.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013651.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013658.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-April/013659.html\n\n**Affected packages:**\nxorg-x11\nxorg-x11-Mesa-libGL\nxorg-x11-Mesa-libGLU\nxorg-x11-Xdmx\nxorg-x11-Xnest\nxorg-x11-Xvfb\nxorg-x11-deprecated-libs\nxorg-x11-deprecated-libs-devel\nxorg-x11-devel\nxorg-x11-doc\nxorg-x11-font-utils\nxorg-x11-libs\nxorg-x11-sdk\nxorg-x11-tools\nxorg-x11-twm\nxorg-x11-xauth\nxorg-x11-xdm\nxorg-x11-xfs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0126.html", "published": "2007-04-04T00:24:46", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-April/013647.html", "cvelist": ["CVE-2007-1667", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2017-10-12T14:44:57"}], "debian": [{"id": "DSA-1294", "type": "debian", "title": "xfree86 -- several vulnerabilities", "description": "Several vulnerabilities have been discovered in the X Window System, which may lead to privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2007-1003](<https://security-tracker.debian.org/tracker/CVE-2007-1003>)\n\nSean Larsson discovered an integer overflow in the XC-MISC extension, which might lead to denial of service or local privilege escalation.\n\n * [CVE-2007-1351](<https://security-tracker.debian.org/tracker/CVE-2007-1351>)\n\nGreg MacManus discovered an integer overflow in the font handling, which might lead to denial of service or local privilege escalation.\n\n * [CVE-2007-1352](<https://security-tracker.debian.org/tracker/CVE-2007-1352>)\n\nGreg MacManus discovered an integer overflow in the font handling, which might lead to denial of service or local privilege escalation.\n\n * [CVE-2007-1667](<https://security-tracker.debian.org/tracker/CVE-2007-1667>)\n\nSami Leides discovered an integer overflow in the libx11 library which might lead to the execution of arbitrary code. This update introduces tighter sanity checking of input passed to XCreateImage(). To cope with this an updated rdesktop package is delivered along with this security update. Another application reported to break is the proprietary Opera browser, which isn't part of Debian. The vendor has released updated packages, though.\n\nFor the old stable distribution (sarge) these problems have been fixed in version 4.3.0.dfsg.1-14sarge4. This update lacks builds for the Sparc architecture, due to problems on the build host. Packages will be released once this problem has been resolved.\n\nThe stable distribution (etch) isn't affected by these problems, as the vulnerabilities have already been fixed during the Etch preparation freeze phase.\n\nWe recommend that you upgrade your XFree86 packages.", "published": "2007-05-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1294", "cvelist": ["CVE-2007-1667", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2016-09-02T18:34:53"}], "suse": [{"id": "SUSE-SA:2007:027", "type": "suse", "title": "local privilege escalation in XFree86, Xorg", "description": "Several X security problems were fixed that could be used by local attackers to crash the X server or potentially to execute code as root user.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2007-04-20T16:38:35", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2007-04/msg00003.html", "cvelist": ["CVE-2007-1667", "CVE-2007-1351", "CVE-2007-1352", "CVE-2007-1003"], "lastseen": "2016-09-04T11:39:22"}]}}
