{"id": "REDHAT-RHSA-2008-0485.NASL", "bulletinFamily": "scanner", "title": "RHEL 5 : compiz (RHSA-2008:0485)", "description": "Updated compiz packages that prevent Compiz from breaking screen saver\ngrabs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nCompiz is an OpenGL-based window and compositing manager.\n\nMost screen savers create a top-level fullscreen window to cover the\ndesktop, and grab the input with that window. Compiz has an option to\nun-redirect that window, but in some cases, this breaks the grab and\ncompromises the locked screen. (CVE-2007-3920)\n\nUsers of compiz are advised to upgrade to these updated packages,\nwhich remove this option to resolve this issue.", "published": "2008-05-22T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/32427", "reporter": "This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/cve-2007-3920", "https://access.redhat.com/errata/RHSA-2008:0485"], "cvelist": ["CVE-2007-3920"], "type": "nessus", "lastseen": "2021-01-01T04:56:18", "edition": 26, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-3920"]}, {"type": "openvas", "idList": ["OPENVAS:850006", "OPENVAS:860927", "OPENVAS:840019", "OPENVAS:136141256231066034", "OPENVAS:66034", "OPENVAS:840184", "OPENVAS:860171"]}, {"type": "redhat", "idList": ["RHSA-2008:0485"]}, {"type": "ubuntu", "idList": ["USN-537-1", "USN-537-2"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2009-278.NASL", "FEDORA_2008-0956.NASL", "SUSE_XORG-X11-XVNC-5317.NASL", "UBUNTU_USN-537-1.NASL", "SUSE_XORG-X11-SERVER-5316.NASL", "UBUNTU_USN-537-2.NASL", "SL_20080521_COMPIZ_ON_SL5_X.NASL", "FEDORA_2008-0930.NASL"]}, {"type": "fedora", "idList": ["FEDORA:M0OLNAMJ021525", "FEDORA:M0OLW5GW022177"]}, {"type": "suse", "idList": ["SUSE-SA:2008:027"]}], "modified": "2021-01-01T04:56:18", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-01-01T04:56:18", "rev": 2}, "vulnersScore": 6.0}, "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0485. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(32427);\n script_version (\"1.21\");\n script_cvs_date(\"Date: 2019/10/25 13:36:13\");\n\n script_cve_id(\"CVE-2007-3920\");\n script_bugtraq_id(26188);\n script_xref(name:\"RHSA\", value:\"2008:0485\");\n\n script_name(english:\"RHEL 5 : compiz (RHSA-2008:0485)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated compiz packages that prevent Compiz from breaking screen saver\ngrabs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nCompiz is an OpenGL-based window and compositing manager.\n\nMost screen savers create a top-level fullscreen window to cover the\ndesktop, and grab the input with that window. Compiz has an option to\nun-redirect that window, but in some cases, this breaks the grab and\ncompromises the locked screen. (CVE-2007-3920)\n\nUsers of compiz are advised to upgrade to these updated packages,\nwhich remove this option to resolve this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-3920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0485\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected compiz and / or compiz-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:compiz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:compiz-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/10/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/05/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0485\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"compiz-0.0.13-0.37.20060817git.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"compiz-0.0.13-0.37.20060817git.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"compiz-devel-0.0.13-0.37.20060817git.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"compiz-devel-0.0.13-0.37.20060817git.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compiz / compiz-devel\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "32427", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:compiz", "p-cpe:/a:redhat:enterprise_linux:compiz-devel"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:45:52", "description": "GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.", "edition": 3, "cvss3": {}, "published": "2007-10-29T21:46:00", "title": "CVE-2007-3920", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3920"], "modified": "2017-09-29T01:29:00", "cpe": ["cpe:/a:gnome:screensaver:2.20", "cpe:/a:compiz:compiz:*"], "id": "CVE-2007-3920", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3920", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:gnome:screensaver:2.20:*:*:*:*:*:*:*", "cpe:2.3:a:compiz:compiz:*:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-12-04T11:27:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3920"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-537-2", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840019", "href": "http://plugins.openvas.org/nasl.php?oid=840019", "type": "openvas", "title": "Ubuntu Update for compiz vulnerability USN-537-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_537_2.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for compiz vulnerability USN-537-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-537-1 fixed vulnerabilities in gnome-screensaver. The fixes were\n incomplete, and only reduced the scope of the vulnerability, without\n fully solving it. This update fixes related problems in compiz.\n\n Original advisory details:\n \n Jens Askengren discovered that gnome-screensaver became confused when\n running under Compiz, and could lose keyboard lock focus. A local attacker\n could exploit this to bypass the user's locked screen saver.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-537-2\";\ntag_affected = \"compiz vulnerability on Ubuntu 7.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-537-2/\");\n script_id(840019);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"537-2\");\n script_cve_id(\"CVE-2007-3920\");\n script_name( \"Ubuntu Update for compiz vulnerability USN-537-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"compiz-core\", ver:\"0.6.0+git20071008-0ubuntu1.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"compiz-dev\", ver:\"0.6.0+git20071008-0ubuntu1.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"compiz-gnome\", ver:\"0.6.0+git20071008-0ubuntu1.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"compiz-plugins\", ver:\"0.6.0+git20071008-0ubuntu1.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libdecoration0-dev\", ver:\"0.6.0+git20071008-0ubuntu1.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libdecoration0\", ver:\"0.6.0+git20071008-0ubuntu1.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"compiz-kde\", ver:\"0.6.0+git20071008-0ubuntu1.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"compiz\", ver:\"0.6.0+git20071008-0ubuntu1.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3920"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-537-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840184", "href": "http://plugins.openvas.org/nasl.php?oid=840184", "type": "openvas", "title": "Ubuntu Update for gnome-screensaver vulnerability USN-537-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_537_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for gnome-screensaver vulnerability USN-537-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Jens Askengren discovered that gnome-screensaver became confused when\n running under Compiz, and could lose keyboard lock focus. A local\n attacker could exploit this to bypass the user's locked screen saver.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-537-1\";\ntag_affected = \"gnome-screensaver vulnerability on Ubuntu 7.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-537-1/\");\n script_id(840184);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"537-1\");\n script_cve_id(\"CVE-2007-3920\");\n script_name( \"Ubuntu Update for gnome-screensaver vulnerability USN-537-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gnome-screensaver\", ver:\"2.20.0-0ubuntu4.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:55:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3920", "CVE-2008-6514"], "description": "The remote host is missing an update to compiz-fusion-plugins-main\nannounced via advisory MDVSA-2009:278.", "modified": "2017-07-06T00:00:00", "published": "2009-10-19T00:00:00", "id": "OPENVAS:66034", "href": "http://plugins.openvas.org/nasl.php?oid=66034", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:278 (compiz-fusion-plugins-main)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_278.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:278 (compiz-fusion-plugins-main)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in\ncompiz-fusion-plugins-main:\n\nThe Expo plugin in Compiz Fusion 0.7.8 allows local users with physical\naccess to drag the screen saver aside and access the locked desktop\nby using Expo mouse shortcuts, a related issue to CVE-2007-3920\n(CVE-2008-6514).\n\nThis update fixes this vulnerability.\n\nAffected: 2009.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:278\";\ntag_summary = \"The remote host is missing an update to compiz-fusion-plugins-main\nannounced via advisory MDVSA-2009:278.\";\n\n \n\nif(description)\n{\n script_id(66034);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2007-3920\", \"CVE-2008-6514\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:278 (compiz-fusion-plugins-main)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"compiz-fusion-plugins-main\", rpm:\"compiz-fusion-plugins-main~0.7.8~0.20080912.1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compiz-fusion-plugins-main-devel\", rpm:\"compiz-fusion-plugins-main-devel~0.7.8~0.20080912.1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3920", "CVE-2008-6514"], "description": "The remote host is missing an update to compiz-fusion-plugins-main\nannounced via advisory MDVSA-2009:278.", "modified": "2018-04-06T00:00:00", "published": "2009-10-19T00:00:00", "id": "OPENVAS:136141256231066034", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066034", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:278 (compiz-fusion-plugins-main)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_278.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:278 (compiz-fusion-plugins-main)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in\ncompiz-fusion-plugins-main:\n\nThe Expo plugin in Compiz Fusion 0.7.8 allows local users with physical\naccess to drag the screen saver aside and access the locked desktop\nby using Expo mouse shortcuts, a related issue to CVE-2007-3920\n(CVE-2008-6514).\n\nThis update fixes this vulnerability.\n\nAffected: 2009.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:278\";\ntag_summary = \"The remote host is missing an update to compiz-fusion-plugins-main\nannounced via advisory MDVSA-2009:278.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66034\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2007-3920\", \"CVE-2008-6514\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:278 (compiz-fusion-plugins-main)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"compiz-fusion-plugins-main\", rpm:\"compiz-fusion-plugins-main~0.7.8~0.20080912.1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compiz-fusion-plugins-main-devel\", rpm:\"compiz-fusion-plugins-main-devel~0.7.8~0.20080912.1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3069", "CVE-2007-3920"], "description": "Check for the Version of xorg-x11-server", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860927", "href": "http://plugins.openvas.org/nasl.php?oid=860927", "type": "openvas", "title": "Fedora Update for xorg-x11-server FEDORA-2008-0930", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xorg-x11-server FEDORA-2008-0930\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xorg-x11-server on Fedora 8\";\ntag_insight = \"X.Org X11 X server\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00811.html\");\n script_id(860927);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:12:43 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-0930\");\n script_cve_id(\"CVE-2007-3069\", \"CVE-2007-3920\");\n script_name( \"Fedora Update for xorg-x11-server FEDORA-2008-0930\");\n\n script_summary(\"Check for the Version of xorg-x11-server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~1.3.0.0~40.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-debuginfo\", rpm:\"xorg-x11-server-debuginfo~1.3.0.0~40.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-source\", rpm:\"xorg-x11-server-source~1.3.0.0~40.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~1.3.0.0~40.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.3.0.0~40.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvfb\", rpm:\"xorg-x11-server-Xvfb~1.3.0.0~40.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xdmx\", rpm:\"xorg-x11-server-Xdmx~1.3.0.0~40.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xnest\", rpm:\"xorg-x11-server-Xnest~1.3.0.0~40.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.3.0.0~40.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-debuginfo\", rpm:\"xorg-x11-server-debuginfo~1.3.0.0~40.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-source\", rpm:\"xorg-x11-server-source~1.3.0.0~40.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~1.3.0.0~40.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.3.0.0~40.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvfb\", rpm:\"xorg-x11-server-Xvfb~1.3.0.0~40.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xdmx\", rpm:\"xorg-x11-server-Xdmx~1.3.0.0~40.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xnest\", rpm:\"xorg-x11-server-Xnest~1.3.0.0~40.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.3.0.0~40.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3069", "CVE-2007-3920"], "description": "Check for the Version of xorg-x11-server", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "id": "OPENVAS:860171", "href": "http://plugins.openvas.org/nasl.php?oid=860171", "type": "openvas", "title": "Fedora Update for xorg-x11-server FEDORA-2008-0956", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xorg-x11-server FEDORA-2008-0956\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xorg-x11-server on Fedora 7\";\ntag_insight = \"X.Org X11 X server\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00841.html\");\n script_id(860171);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:12:43 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-0956\");\n script_cve_id(\"CVE-2007-3069\", \"CVE-2007-3920\");\n script_name( \"Fedora Update for xorg-x11-server FEDORA-2008-0956\");\n\n script_summary(\"Check for the Version of xorg-x11-server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~1.3.0.0~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-debuginfo\", rpm:\"xorg-x11-server-debuginfo~1.3.0.0~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-source\", rpm:\"xorg-x11-server-source~1.3.0.0~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~1.3.0.0~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.3.0.0~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvfb\", rpm:\"xorg-x11-server-Xvfb~1.3.0.0~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xdmx\", rpm:\"xorg-x11-server-Xdmx~1.3.0.0~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xnest\", rpm:\"xorg-x11-server-Xnest~1.3.0.0~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.3.0.0~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.3.0.0~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-source\", rpm:\"xorg-x11-server-source~1.3.0.0~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-debuginfo\", rpm:\"xorg-x11-server-debuginfo~1.3.0.0~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~1.3.0.0~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xdmx\", rpm:\"xorg-x11-server-Xdmx~1.3.0.0~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.3.0.0~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xnest\", rpm:\"xorg-x11-server-Xnest~1.3.0.0~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvfb\", rpm:\"xorg-x11-server-Xvfb~1.3.0.0~16.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:19:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2007-3920", "CVE-2008-2361", "CVE-2008-2360"], "description": "Check for the Version of xorg-x11,XFree86", "modified": "2017-12-08T00:00:00", "published": "2009-01-23T00:00:00", "id": "OPENVAS:850006", "href": "http://plugins.openvas.org/nasl.php?oid=850006", "type": "openvas", "title": "SuSE Update for xorg-x11,XFree86 SUSE-SA:2008:027", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2008_027.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for xorg-x11,XFree86 SUSE-SA:2008:027\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in the X.org X Server were reported by iDefense\n and fixed:\n - CVE-2008-2360 - RENDER Extension heap buffer overflow\n - CVE-2008-2361 - RENDER Extension crash\n - CVE-2008-2362 - RENDER Extension memory corruption\n - CVE-2008-1379 - MIT-SHM arbitrary memory read\n - CVE-2008-1377 - RECORD and Security extensions memory corruption\n\n Additionally the updated packages include fixes for:\n - XvReputImage crashes due to Nulled PortPriv-&gt;pDraw\n - gnome-screensaver loses keyboard focus lock under compiz CVE-2007-3920\";\n\ntag_impact = \"local code execution\";\ntag_affected = \"xorg-x11,XFree86 on openSUSE 10.2, openSUSE 10.3, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SLE SDK 10 SP2, SUSE Linux Enterprise Server 10 SP1, SUSE Linux Enterprise Desktop 10 SP2, SUSE Linux Enterprise Server 10 SP2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850006);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-23 16:44:26 +0100 (Fri, 23 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2008-027\");\n script_cve_id(\"CVE-2007-3920\", \"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\");\n script_name( \"SuSE Update for xorg-x11,XFree86 SUSE-SA:2008:027\");\n\n script_summary(\"Check for the Version of xorg-x11,XFree86\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE10.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~7.1~91.3\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~7.2~143.13\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-extra\", rpm:\"xorg-x11-server-extra~7.2~143.13\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~7.2~143.13\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~7.2~30.15\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~7.2~30.15\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDK10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.54.11\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.54.11\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.54.11\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.54.11\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.60\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.60\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.60\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.60\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLPOS9\")\n{\n\n if ((res = isrpmvuln(pkg:\"XFree86-server\", rpm:\"XFree86-server~4.3.99.902~43.96\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xnest\", rpm:\"XFree86-Xnest~4.3.99.902~43.96\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xprt\", rpm:\"XFree86-Xprt~4.3.99.902~43.96\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvfb\", rpm:\"XFree86-Xvfb~4.3.99.902~43.96\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvnc\", rpm:\"XFree86-Xvnc~4.3.99.902~43.96\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"OES\")\n{\n\n if ((res = isrpmvuln(pkg:\"XFree86-server\", rpm:\"XFree86-server~4.3.99.902~43.96\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xnest\", rpm:\"XFree86-Xnest~4.3.99.902~43.96\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xprt\", rpm:\"XFree86-Xprt~4.3.99.902~43.96\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvfb\", rpm:\"XFree86-Xvfb~4.3.99.902~43.96\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvnc\", rpm:\"XFree86-Xvnc~4.3.99.902~43.96\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLES9\")\n{\n\n if ((res = isrpmvuln(pkg:\"XFree86-server\", rpm:\"XFree86-server~4.3.99.902~43.96\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xnest\", rpm:\"XFree86-Xnest~4.3.99.902~43.96\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xprt\", rpm:\"XFree86-Xprt~4.3.99.902~43.96\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvfb\", rpm:\"XFree86-Xvfb~4.3.99.902~43.96\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvnc\", rpm:\"XFree86-Xvnc~4.3.99.902~43.96\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"LES10SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.54.11\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.54.11\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.54.11\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.54.11\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.60\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.60\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.60\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.60\", rls:\"LES10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"LES10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.54.11\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.54.11\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.54.11\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.54.11\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.60\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.60\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.60\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.60\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLDk9\")\n{\n\n if ((res = isrpmvuln(pkg:\"XFree86-server\", rpm:\"XFree86-server~4.3.99.902~43.96\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xnest\", rpm:\"XFree86-Xnest~4.3.99.902~43.96\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xprt\", rpm:\"XFree86-Xprt~4.3.99.902~43.96\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvfb\", rpm:\"XFree86-Xvfb~4.3.99.902~43.96\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"XFree86-Xvnc\", rpm:\"XFree86-Xvnc~4.3.99.902~43.96\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDK10SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.54.11\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.54.11\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.54.11\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.54.11\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.60\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.60\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.60\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.60\", rls:\"SLESDK10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDk10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.54.11\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.54.11\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.54.11\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.54.11\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.60\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.60\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.60\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.60\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDk10SP2\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.54.11\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.54.11\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.54.11\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.54.11\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~6.9.0~50.60\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xnest\", rpm:\"xorg-x11-Xnest~6.9.0~50.60\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvfb\", rpm:\"xorg-x11-Xvfb~6.9.0~50.60\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~6.9.0~50.60\", rls:\"SLESDk10SP2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:46", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3920"], "description": "Compiz is an OpenGL-based window and compositing manager.\n\nMost screen savers create a top-level fullscreen window to cover the\ndesktop, and grab the input with that window. Compiz has an option to\nun-redirect that window, but in some cases, this breaks the grab and\ncompromises the locked screen. (CVE-2007-3920)\n\nUsers of compiz are advised to upgrade to these updated packages, which\nremove this option to resolve this issue.", "modified": "2017-09-08T11:47:51", "published": "2008-05-20T04:00:00", "id": "RHSA-2008:0485", "href": "https://access.redhat.com/errata/RHSA-2008:0485", "type": "redhat", "title": "(RHSA-2008:0485) Low: compiz security update", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T06:56:31", "description": "Jens Askengren discovered that gnome-screensaver became confused when\nrunning under Compiz, and could lose keyboard lock focus. A local\nattacker could exploit this to bypass the user's locked screen saver.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2007-11-10T00:00:00", "title": "Ubuntu 7.10 : gnome-screensaver vulnerability (USN-537-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3920"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:7.10", "p-cpe:/a:canonical:ubuntu_linux:gnome-screensaver"], "id": "UBUNTU_USN-537-1.NASL", "href": "https://www.tenable.com/plugins/nessus/28143", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-537-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(28143);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:33:01\");\n\n script_cve_id(\"CVE-2007-3920\");\n script_bugtraq_id(26188);\n script_xref(name:\"USN\", value:\"537-1\");\n\n script_name(english:\"Ubuntu 7.10 : gnome-screensaver vulnerability (USN-537-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jens Askengren discovered that gnome-screensaver became confused when\nrunning under Compiz, and could lose keyboard lock focus. A local\nattacker could exploit this to bypass the user's locked screen saver.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/537-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-screensaver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gnome-screensaver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(7\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 7.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"7.10\", pkgname:\"gnome-screensaver\", pkgver:\"2.20.0-0ubuntu4.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-screensaver\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:32:58", "description": "Most screen savers create a top-level fullscreen window to cover the\ndesktop, and grab the input with that window. Compiz has an option to\nun-redirect that window, but in some cases, this breaks the grab and\ncompromises the locked screen. (CVE-2007-3920)", "edition": 23, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : compiz on SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3920"], "modified": "2021-01-02T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20080521_COMPIZ_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60403", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60403);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:17\");\n\n script_cve_id(\"CVE-2007-3920\");\n\n script_name(english:\"Scientific Linux Security Update : compiz on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Most screen savers create a top-level fullscreen window to cover the\ndesktop, and grab the input with that window. Compiz has an option to\nun-redirect that window, but in some cases, this breaks the grab and\ncompromises the locked screen. (CVE-2007-3920)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0805&L=scientific-linux-errata&T=0&P=1469\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c7d94d6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected compiz and / or compiz-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"compiz-0.0.13-0.37.20060817git.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"compiz-devel-0.0.13-0.37.20060817git.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:56:31", "description": "USN-537-1 fixed vulnerabilities in gnome-screensaver. The fixes were\nincomplete, and only reduced the scope of the vulnerability, without\nfully solving it. This update fixes related problems in compiz.\n\nJens Askengren discovered that gnome-screensaver became confused when\nrunning under Compiz, and could lose keyboard lock focus. A local\nattacker could exploit this to bypass the user's locked screen saver.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2007-11-10T00:00:00", "title": "Ubuntu 7.10 : compiz vulnerability (USN-537-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3920"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:7.10", "p-cpe:/a:canonical:ubuntu_linux:compiz-kde", "p-cpe:/a:canonical:ubuntu_linux:compiz", "p-cpe:/a:canonical:ubuntu_linux:compiz-plugins", "p-cpe:/a:canonical:ubuntu_linux:compiz-gnome", "p-cpe:/a:canonical:ubuntu_linux:compiz-dev", "p-cpe:/a:canonical:ubuntu_linux:libdecoration0-dev", "p-cpe:/a:canonical:ubuntu_linux:compiz-core", "p-cpe:/a:canonical:ubuntu_linux:libdecoration0"], "id": "UBUNTU_USN-537-2.NASL", "href": "https://www.tenable.com/plugins/nessus/28144", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-537-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(28144);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:33:01\");\n\n script_cve_id(\"CVE-2007-3920\");\n script_xref(name:\"USN\", value:\"537-2\");\n\n script_name(english:\"Ubuntu 7.10 : compiz vulnerability (USN-537-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-537-1 fixed vulnerabilities in gnome-screensaver. The fixes were\nincomplete, and only reduced the scope of the vulnerability, without\nfully solving it. This update fixes related problems in compiz.\n\nJens Askengren discovered that gnome-screensaver became confused when\nrunning under Compiz, and could lose keyboard lock focus. A local\nattacker could exploit this to bypass the user's locked screen saver.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/537-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:compiz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:compiz-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:compiz-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:compiz-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:compiz-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:compiz-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdecoration0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdecoration0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(7\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 7.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"7.10\", pkgname:\"compiz\", pkgver:\"0.6.0+git20071008-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"compiz-core\", pkgver:\"1:0.6.0+git20071008-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"compiz-dev\", pkgver:\"0.6.0+git20071008-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"compiz-gnome\", pkgver:\"0.6.0+git20071008-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"compiz-kde\", pkgver:\"0.6.0+git20071008-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"compiz-plugins\", pkgver:\"0.6.0+git20071008-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libdecoration0\", pkgver:\"0.6.0+git20071008-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libdecoration0-dev\", pkgver:\"0.6.0+git20071008-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"compiz / compiz-core / compiz-dev / compiz-gnome / compiz-kde / etc\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:52:22", "description": "A vulnerability has been found and corrected in\ncompiz-fusion-plugins-main :\n\nThe Expo plugin in Compiz Fusion 0.7.8 allows local users with\nphysical access to drag the screen saver aside and access the locked\ndesktop by using Expo mouse shortcuts, a related issue to\nCVE-2007-3920 (CVE-2008-6514).\n\nThis update fixes this vulnerability.", "edition": 25, "published": "2009-10-15T00:00:00", "title": "Mandriva Linux Security Advisory : compiz-fusion-plugins-main (MDVSA-2009:278)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3920", "CVE-2008-6514"], "modified": "2009-10-15T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:compiz-fusion-plugins-main", "p-cpe:/a:mandriva:linux:compiz-fusion-plugins-main-devel"], "id": "MANDRIVA_MDVSA-2009-278.NASL", "href": "https://www.tenable.com/plugins/nessus/42133", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:278. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42133);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-6514\");\n script_bugtraq_id(32712);\n script_xref(name:\"MDVSA\", value:\"2009:278\");\n\n script_name(english:\"Mandriva Linux Security Advisory : compiz-fusion-plugins-main (MDVSA-2009:278)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in\ncompiz-fusion-plugins-main :\n\nThe Expo plugin in Compiz Fusion 0.7.8 allows local users with\nphysical access to drag the screen saver aside and access the locked\ndesktop by using Expo mouse shortcuts, a related issue to\nCVE-2007-3920 (CVE-2008-6514).\n\nThis update fixes this vulnerability.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected compiz-fusion-plugins-main and / or\ncompiz-fusion-plugins-main-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:compiz-fusion-plugins-main\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:compiz-fusion-plugins-main-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"compiz-fusion-plugins-main-0.7.8-0.20080912.1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"compiz-fusion-plugins-main-devel-0.7.8-0.20080912.1.1mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:18", "description": "When enabling the 'unredirect fullscreen windows' option, compiz will\nunredirect fullscreen windows to improve performace. However,\nunredirecting will as a side effect break any grabs on that window,\nwhich compromises most screensavers. This X server update suppresses\nthis unintended side effect and restores the security of the\nscreensavers. See also CVE-2007-3069.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2008-01-27T00:00:00", "title": "Fedora 8 : xorg-x11-server-1.3.0.0-40.fc8 (2008-0930)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3069", "CVE-2007-3920"], "modified": "2008-01-27T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xephyr", "p-cpe:/a:fedoraproject:fedora:xorg-x11-server-sdk", "cpe:/o:fedoraproject:fedora:8", "p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xdmx", "p-cpe:/a:fedoraproject:fedora:xorg-x11-server-debuginfo", "p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xvfb", "p-cpe:/a:fedoraproject:fedora:xorg-x11-server-source", "p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xnest", "p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xorg"], "id": "FEDORA_2008-0930.NASL", "href": "https://www.tenable.com/plugins/nessus/30082", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-0930.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30082);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-3920\");\n script_bugtraq_id(26188);\n script_xref(name:\"FEDORA\", value:\"2008-0930\");\n\n script_name(english:\"Fedora 8 : xorg-x11-server-1.3.0.0-40.fc8 (2008-0930)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When enabling the 'unredirect fullscreen windows' option, compiz will\nunredirect fullscreen windows to improve performace. However,\nunredirecting will as a side effect break any grabs on that window,\nwhich compromises most screensavers. This X server update suppresses\nthis unintended side effect and restores the security of the\nscreensavers. See also CVE-2007-3069.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=350271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=363061\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-January/007164.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b8427742\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"xorg-x11-server-Xdmx-1.3.0.0-40.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"xorg-x11-server-Xephyr-1.3.0.0-40.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"xorg-x11-server-Xnest-1.3.0.0-40.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"xorg-x11-server-Xorg-1.3.0.0-40.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"xorg-x11-server-Xvfb-1.3.0.0-40.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"xorg-x11-server-debuginfo-1.3.0.0-40.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"xorg-x11-server-sdk-1.3.0.0-40.fc8\")) flag++;\nif (rpm_check(release:\"FC8\", reference:\"xorg-x11-server-source-1.3.0.0-40.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:06:18", "description": "When enabling the 'unredirect fullscreen windows' option, compiz will\nunredirect fullscreen windows to improve performace. However,\nunredirecting will as a side effect break any grabs on that window,\nwhich compromises most screensavers. This X server update suppresses\nthis unintended side effect and restores the security of the\nscreensavers. See also CVE-2007-3069.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2008-01-27T00:00:00", "title": "Fedora 7 : xorg-x11-server-1.3.0.0-16.fc7 (2008-0956)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-3069", "CVE-2007-3920"], "modified": "2008-01-27T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xephyr", "cpe:/o:fedoraproject:fedora:7", "p-cpe:/a:fedoraproject:fedora:xorg-x11-server-sdk", "p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xdmx", "p-cpe:/a:fedoraproject:fedora:xorg-x11-server-debuginfo", "p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xvfb", "p-cpe:/a:fedoraproject:fedora:xorg-x11-server-source", "p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xnest", "p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xorg"], "id": "FEDORA_2008-0956.NASL", "href": "https://www.tenable.com/plugins/nessus/30083", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-0956.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(30083);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-3920\");\n script_bugtraq_id(26188);\n script_xref(name:\"FEDORA\", value:\"2008-0956\");\n\n script_name(english:\"Fedora 7 : xorg-x11-server-1.3.0.0-16.fc7 (2008-0956)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When enabling the 'unredirect fullscreen windows' option, compiz will\nunredirect fullscreen windows to improve performace. However,\nunredirecting will as a side effect break any grabs on that window,\nwhich compromises most screensavers. This X server update suppresses\nthis unintended side effect and restores the security of the\nscreensavers. See also CVE-2007-3069.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=350271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=357071\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-January/007194.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f2ef6d99\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"xorg-x11-server-Xdmx-1.3.0.0-16.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"xorg-x11-server-Xephyr-1.3.0.0-16.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"xorg-x11-server-Xnest-1.3.0.0-16.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"xorg-x11-server-Xorg-1.3.0.0-16.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"xorg-x11-server-Xvfb-1.3.0.0-16.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"xorg-x11-server-debuginfo-1.3.0.0-16.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"xorg-x11-server-sdk-1.3.0.0-16.fc7\")) flag++;\nif (rpm_check(release:\"FC7\", reference:\"xorg-x11-server-source-1.3.0.0-16.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:33:29", "description": "This update fixes multiple vulnerabilities reported by iDefense :\n\n - CVE-2008-2360 - RENDER Extension heap buffer overflow\n\n - CVE-2008-2361 - RENDER Extension crash\n\n - CVE-2008-2362 - RENDER Extension memory corruption \n\n - CVE-2008-1379 - MIT-SHM arbitrary memory read\n\n - CVE-2008-1377 - RECORD and Security extensions memory\n corruption Additionally fixes for :\n\n - XvReputImage crashes due to Nulled PortPriv->pDraw\n\n - gnome-screensaver loses keyboard focus lock under compiz\n (CVE-2007-3920)", "edition": 22, "published": "2008-06-12T00:00:00", "title": "openSUSE 10 Security Update : xorg-x11-Xvnc (xorg-x11-Xvnc-5317)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2007-3920", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:xorg-x11-server", "p-cpe:/a:novell:opensuse:xorg-x11-server-sdk", "p-cpe:/a:novell:opensuse:xorg-x11-server-extra", "p-cpe:/a:novell:opensuse:xorg-x11-Xvnc"], "id": "SUSE_XORG-X11-XVNC-5317.NASL", "href": "https://www.tenable.com/plugins/nessus/33165", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update xorg-x11-Xvnc-5317.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33165);\n script_version (\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:33\");\n\n script_cve_id(\"CVE-2007-3920\", \"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\");\n\n script_name(english:\"openSUSE 10 Security Update : xorg-x11-Xvnc (xorg-x11-Xvnc-5317)\");\n script_summary(english:\"Check for the xorg-x11-Xvnc-5317 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes multiple vulnerabilities reported by iDefense :\n\n - CVE-2008-2360 - RENDER Extension heap buffer overflow\n\n - CVE-2008-2361 - RENDER Extension crash\n\n - CVE-2008-2362 - RENDER Extension memory corruption \n\n - CVE-2008-1379 - MIT-SHM arbitrary memory read\n\n - CVE-2008-1377 - RECORD and Security extensions memory\n corruption Additionally fixes for :\n\n - XvReputImage crashes due to Nulled PortPriv->pDraw\n\n - gnome-screensaver loses keyboard focus lock under compiz\n (CVE-2007-3920)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xorg-x11-Xvnc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-Xvnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-server-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"xorg-x11-Xvnc-7.1-91.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"xorg-x11-server-7.2-143.13\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"xorg-x11-server-extra-7.2-143.13\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"xorg-x11-server-sdk-7.2-143.13\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-Xvnc / xorg-x11-server / xorg-x11-server-extra / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:33:30", "description": "This update fixes multiple vulnerabilities reported by iDefense :\n\n - CVE-2008-2360 - RENDER Extension heap buffer overflow\n\n - CVE-2008-2361 - RENDER Extension crash\n\n - CVE-2008-2362 - RENDER Extension memory corruption \n\n - CVE-2008-1379 - MIT-SHM arbitrary memory read\n\n - CVE-2008-1377 - RECORD and Security extensions memory\n corruption Additionally fixes for :\n\n - gnome-screensaver loses keyboard focus lock under compiz\n (CVE-2007-3920)", "edition": 23, "published": "2008-06-12T00:00:00", "title": "openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-5316)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2007-3920", "CVE-2008-2361", "CVE-2008-2360"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:xorg-x11-server", "p-cpe:/a:novell:opensuse:xorg-x11-server-sdk"], "id": "SUSE_XORG-X11-SERVER-5316.NASL", "href": "https://www.tenable.com/plugins/nessus/33166", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update xorg-x11-server-5316.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33166);\n script_version (\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:33\");\n\n script_cve_id(\"CVE-2007-3920\", \"CVE-2008-1377\", \"CVE-2008-1379\", \"CVE-2008-2360\", \"CVE-2008-2361\", \"CVE-2008-2362\");\n\n script_name(english:\"openSUSE 10 Security Update : xorg-x11-server (xorg-x11-server-5316)\");\n script_summary(english:\"Check for the xorg-x11-server-5316 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes multiple vulnerabilities reported by iDefense :\n\n - CVE-2008-2360 - RENDER Extension heap buffer overflow\n\n - CVE-2008-2361 - RENDER Extension crash\n\n - CVE-2008-2362 - RENDER Extension memory corruption \n\n - CVE-2008-1379 - MIT-SHM arbitrary memory read\n\n - CVE-2008-1377 - RECORD and Security extensions memory\n corruption Additionally fixes for :\n\n - gnome-screensaver loses keyboard focus lock under compiz\n (CVE-2007-3920)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xorg-x11-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xorg-x11-server-7.2-30.15\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"xorg-x11-server-sdk-7.2-30.15\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server / xorg-x11-server-sdk\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:34:09", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3920"], "description": "USN-537-1 fixed vulnerabilities in gnome-screensaver. The fixes were \nincomplete, and only reduced the scope of the vulnerability, without \nfully solving it. This update fixes related problems in compiz.\n\nOriginal advisory details:\n\nJens Askengren discovered that gnome-screensaver became confused when \nrunning under Compiz, and could lose keyboard lock focus. A local attacker \ncould exploit this to bypass the user's locked screen saver.", "edition": 5, "modified": "2007-11-02T00:00:00", "published": "2007-11-02T00:00:00", "id": "USN-537-2", "href": "https://ubuntu.com/security/notices/USN-537-2", "title": "Compiz vulnerability", "type": "ubuntu", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:28:18", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3920"], "description": "Jens Askengren discovered that gnome-screensaver became confused when \nrunning under Compiz, and could lose keyboard lock focus. A local \nattacker could exploit this to bypass the user's locked screen saver.", "edition": 5, "modified": "2007-10-23T00:00:00", "published": "2007-10-23T00:00:00", "id": "USN-537-1", "href": "https://ubuntu.com/security/notices/USN-537-1", "title": "gnome-screensaver vulnerability", "type": "ubuntu", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3069", "CVE-2007-3920"], "description": "X.Org X11 X server ", "modified": "2008-01-24T21:49:41", "published": "2008-01-24T21:49:41", "id": "FEDORA:M0OLNAMJ021525", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 8 Update: xorg-x11-server-1.3.0.0-40.fc8", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2007-3069", "CVE-2007-3920"], "description": "X.Org X11 X server ", "modified": "2008-01-24T21:58:23", "published": "2008-01-24T21:58:23", "id": "FEDORA:M0OLW5GW022177", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 7 Update: xorg-x11-server-1.3.0.0-16.fc7", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:39:30", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2362", "CVE-2008-1379", "CVE-2008-1377", "CVE-2007-3920", "CVE-2008-2361", "CVE-2008-2360"], "description": "Multiple vulnerabilities in the X.org X Server were reported by iDefense and fixed: - CVE-2008-2360 - RENDER Extension heap buffer overflow - CVE-2008-2361 - RENDER Extension crash - CVE-2008-2362 - RENDER Extension memory corruption - CVE-2008-1379 - MIT-SHM arbitrary memory read - CVE-2008-1377 - RECORD and Security extensions memory corruption\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2008-06-13T15:29:54", "published": "2008-06-13T15:29:54", "id": "SUSE-SA:2008:027", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html", "title": "local code execution in xorg-x11,XFree86", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}