ID REDHAT-RHSA-2012-0303.NASL Type nessus Reporter Tenable Modified 2018-11-26T00:00:00
Description
Updated xorg-x11-server packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.
A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028)
Red Hat would like to thank the researcher with the nickname vladz for reporting this issue.
This update also fixes the following bugs :
In rare cases, if the front and back buffer of the miDbePositionWindow() function were not both allocated in video memory, or were both allocated in system memory, the X Window System sometimes terminated unexpectedly. A patch has been provided to address this issue and X no longer crashes in the described scenario.
(BZ#596899)
Previously, when the miSetShape() function called the miRegionDestroy() function with a NULL region, X terminated unexpectedly if the backing store was enabled. Now, X no longer crashes in the described scenario. (BZ#676270)
On certain workstations running in 32-bit mode, the X11 mouse cursor occasionally became stuck near the left edge of the X11 screen. A patch has been provided to address this issue and the mouse cursor no longer becomes stuck in the described scenario. (BZ#529717)
On certain workstations with a dual-head graphics adapter using the r500 driver in Zaphod mode, the mouse pointer was confined to one monitor screen and could not move to the other screen. A patch has been provided to address this issue and the mouse cursor works properly across both screens. (BZ#559964)
Due to a double free operation, Xvfb (X virtual framebuffer) terminated unexpectedly with a segmentation fault randomly when the last client disconnected, that is when the server reset. This bug has been fixed in the miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)
Starting the Xephyr server on an AMD64 or Intel 64 architecture with an integrated graphics adapter caused the server to terminate unexpectedly. This bug has been fixed in the code and Xephyr no longer crashes in the described scenario. (BZ#454409)
Previously, when a client made a request bigger than 1/4th of the limit advertised in the BigRequestsEnable reply, the X server closed the connection unexpectedly. With this update, the maxBigRequestSize variable has been added to the code to check the size of client requests, thus fixing this bug. (BZ#555000)
When an X client running on a big-endian system called the XineramaQueryScreens() function, the X server terminated unexpectedly.
This bug has been fixed in the xf86Xinerama module and the X server no longer crashes in the described scenario. (BZ#588346)
When installing Red Hat Enterprise Linux 5 on an IBM eServer System p blade server, the installer did not set the correct mode on the built-in KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a very long time to appear and then was displayed incorrectly. A patch has been provided to address this issue and the graphical installer now works as expected in the described scenario.
Note that this fix requires the Red Hat Enterprise Linux 5.8 kernel update. (BZ#740497)
Lines longer than 46,340 pixels can be drawn with one of the coordinates being negative. However, for dashed lines, the miPolyBuildPoly() function overflowed the 'int' type when setting up edges for a section of a dashed line. Consequently, dashed segments were not drawn at all. An upstream patch has been applied to address this issue and dashed lines are now drawn correctly. (BZ#649810)
All users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2012:0303. The text
# itself is copyright (C) Red Hat, Inc.
#
include("compat.inc");
if (description)
{
script_id(58057);
script_version ("1.17");
script_cvs_date("Date: 2018/11/26 11:02:15");
script_cve_id("CVE-2011-4028");
script_bugtraq_id(50193);
script_xref(name:"RHSA", value:"2012:0303");
script_name(english:"RHEL 5 : xorg-x11-server (RHSA-2012:0303)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated xorg-x11-server packages that fix one security issue and
various bugs are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.
X.Org is an open source implementation of the X Window System. It
provides the basic low-level functionality that full-fledged graphical
user interfaces are designed upon.
A flaw was found in the way the X.Org server handled lock files. A
local user with access to the system console could use this flaw to
determine the existence of a file in a directory not accessible to the
user, via a symbolic link attack. (CVE-2011-4028)
Red Hat would like to thank the researcher with the nickname vladz for
reporting this issue.
This update also fixes the following bugs :
* In rare cases, if the front and back buffer of the
miDbePositionWindow() function were not both allocated in video
memory, or were both allocated in system memory, the X Window System
sometimes terminated unexpectedly. A patch has been provided to
address this issue and X no longer crashes in the described scenario.
(BZ#596899)
* Previously, when the miSetShape() function called the
miRegionDestroy() function with a NULL region, X terminated
unexpectedly if the backing store was enabled. Now, X no longer
crashes in the described scenario. (BZ#676270)
* On certain workstations running in 32-bit mode, the X11 mouse cursor
occasionally became stuck near the left edge of the X11 screen. A
patch has been provided to address this issue and the mouse cursor no
longer becomes stuck in the described scenario. (BZ#529717)
* On certain workstations with a dual-head graphics adapter using the
r500 driver in Zaphod mode, the mouse pointer was confined to one
monitor screen and could not move to the other screen. A patch has
been provided to address this issue and the mouse cursor works
properly across both screens. (BZ#559964)
* Due to a double free operation, Xvfb (X virtual framebuffer)
terminated unexpectedly with a segmentation fault randomly when the
last client disconnected, that is when the server reset. This bug has
been fixed in the miDCCloseScreen() function and Xvfb no longer
crashes. (BZ#674741)
* Starting the Xephyr server on an AMD64 or Intel 64 architecture with
an integrated graphics adapter caused the server to terminate
unexpectedly. This bug has been fixed in the code and Xephyr no longer
crashes in the described scenario. (BZ#454409)
* Previously, when a client made a request bigger than 1/4th of the
limit advertised in the BigRequestsEnable reply, the X server closed
the connection unexpectedly. With this update, the maxBigRequestSize
variable has been added to the code to check the size of client
requests, thus fixing this bug. (BZ#555000)
* When an X client running on a big-endian system called the
XineramaQueryScreens() function, the X server terminated unexpectedly.
This bug has been fixed in the xf86Xinerama module and the X server no
longer crashes in the described scenario. (BZ#588346)
* When installing Red Hat Enterprise Linux 5 on an IBM eServer System
p blade server, the installer did not set the correct mode on the
built-in KVM (Keyboard-Video-Mouse). Consequently, the graphical
installer took a very long time to appear and then was displayed
incorrectly. A patch has been provided to address this issue and the
graphical installer now works as expected in the described scenario.
Note that this fix requires the Red Hat Enterprise Linux 5.8 kernel
update. (BZ#740497)
* Lines longer than 46,340 pixels can be drawn with one of the
coordinates being negative. However, for dashed lines, the
miPolyBuildPoly() function overflowed the 'int' type when setting up
edges for a section of a dashed line. Consequently, dashed segments
were not drawn at all. An upstream patch has been applied to address
this issue and dashed lines are now drawn correctly. (BZ#649810)
All users of xorg-x11-server are advised to upgrade to these updated
packages, which correct these issues. All running X.Org server
instances must be restarted for this update to take effect."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2011-4028"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2012:0303"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"patch_publication_date", value:"2012/02/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/21");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2012:0303";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"xorg-x11-server-Xdmx-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"xorg-x11-server-Xdmx-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"xorg-x11-server-Xephyr-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"xorg-x11-server-Xephyr-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"xorg-x11-server-Xephyr-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"xorg-x11-server-Xnest-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"xorg-x11-server-Xnest-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"xorg-x11-server-Xnest-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"xorg-x11-server-Xorg-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"xorg-x11-server-Xorg-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"xorg-x11-server-Xvfb-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"xorg-x11-server-Xvfb-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"xorg-x11-server-Xvfb-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"xorg-x11-server-debuginfo-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"xorg-x11-server-debuginfo-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"xorg-x11-server-debuginfo-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"xorg-x11-server-sdk-1.1.1-48.90.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"xorg-x11-server-sdk-1.1.1-48.90.el5")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc");
}
}
{"id": "REDHAT-RHSA-2012-0303.NASL", "bulletinFamily": "scanner", "title": "RHEL 5 : xorg-x11-server (RHSA-2012:0303)", "description": "Updated xorg-x11-server packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the miDbePositionWindow() function were not both allocated in video memory, or were both allocated in system memory, the X Window System sometimes terminated unexpectedly. A patch has been provided to address this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the miRegionDestroy() function with a NULL region, X terminated unexpectedly if the backing store was enabled. Now, X no longer crashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor occasionally became stuck near the left edge of the X11 screen. A patch has been provided to address this issue and the mouse cursor no longer becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the r500 driver in Zaphod mode, the mouse pointer was confined to one monitor screen and could not move to the other screen. A patch has been provided to address this issue and the mouse cursor works properly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer) terminated unexpectedly with a segmentation fault randomly when the last client disconnected, that is when the server reset. This bug has been fixed in the miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with an integrated graphics adapter caused the server to terminate unexpectedly. This bug has been fixed in the code and Xephyr no longer crashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the limit advertised in the BigRequestsEnable reply, the X server closed the connection unexpectedly. With this update, the maxBigRequestSize variable has been added to the code to check the size of client requests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the XineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no longer crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System p blade server, the installer did not set the correct mode on the built-in KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a very long time to appear and then was displayed incorrectly. A patch has been provided to address this issue and the graphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel update. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the coordinates being negative. However, for dashed lines, the miPolyBuildPoly() function overflowed the 'int' type when setting up edges for a section of a dashed line. Consequently, dashed segments were not drawn at all. An upstream patch has been applied to address this issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.", "published": "2012-02-21T00:00:00", "modified": "2018-11-26T00:00:00", "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=58057", "reporter": "Tenable", "references": ["https://access.redhat.com/security/cve/cve-2011-4028", "https://access.redhat.com/errata/RHSA-2012:0303"], "cvelist": ["CVE-2011-4028"], "type": "nessus", "lastseen": "2019-02-21T01:16:07", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2011-4028"], "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Updated xorg-x11-server packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the miDbePositionWindow() function were not both allocated in video memory, or were both allocated in system memory, the X Window System sometimes terminated unexpectedly. A patch has been provided to address this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the miRegionDestroy() function with a NULL region, X terminated unexpectedly if the backing store was enabled. Now, X no longer crashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor occasionally became stuck near the left edge of the X11 screen. A patch has been provided to address this issue and the mouse cursor no longer becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the r500 driver in Zaphod mode, the mouse pointer was confined to one monitor screen and could not move to the other screen. A patch has been provided to address this issue and the mouse cursor works properly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer) terminated unexpectedly with a segmentation fault randomly when the last client disconnected, that is when the server reset. This bug has been fixed in the miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with an integrated graphics adapter caused the server to terminate unexpectedly. This bug has been fixed in the code and Xephyr no longer crashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the limit advertised in the BigRequestsEnable reply, the X server closed the connection unexpectedly. With this update, the maxBigRequestSize variable has been added to the code to check the size of client requests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the XineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no longer crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System p blade server, the installer did not set the correct mode on the built-in KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a very long time to appear and then was displayed incorrectly. A patch has been provided to address this issue and the graphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel update. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the coordinates being negative. However, for dashed lines, the miPolyBuildPoly() function overflowed the 'int' type when setting up edges for a section of a dashed line. Consequently, dashed segments were not drawn at all. An upstream patch has been applied to address this issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.", "edition": 1, "hash": "17e00ea18c3adbd7c7cf80a565a6e233504bff7fbb7f812a62737bea443e11a4", "hashmap": [{"hash": "b7bce24511082681a1a7eadc2f048e4b", "key": "title"}, {"hash": "d4d064cfe0e4042b38911306aeefc42e", "key": "modified"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "47233cada37e3377ce5d1a88a09a20ee", "key": "pluginID"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "02343277c4ce1753f944e04e412f3e43", "key": "cvss"}, {"hash": "034f63a11165ecf1aa4002f3414ead9f", "key": "references"}, {"hash": "99c7f36ec60bb7fb75cd4ed34c040711", "key": "sourceData"}, {"hash": "950c8e1607e21d5daae40d6e035c0d04", "key": "href"}, {"hash": "00e17e22c15d5193a98a6bca1c24c1a3", "key": "description"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "ec8847a9581fc9363493d64902f0c7be", "key": "cvelist"}, {"hash": "64a24d7addd059730b11d3f2438d02b7", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58057", "id": "REDHAT-RHSA-2012-0303.NASL", "lastseen": "2016-09-26T17:24:17", "modified": "2016-05-13T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "58057", "published": "2012-02-21T00:00:00", "references": ["http://rhn.redhat.com/errata/RHSA-2012-0303.html", "https://www.redhat.com/security/data/cve/CVE-2011-4028.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0303. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58057);\n script_version (\"$Revision: 1.13 $\");\n script_cvs_date(\"$Date: 2016/05/13 15:17:28 $\");\n\n script_cve_id(\"CVE-2011-4028\");\n script_bugtraq_id(50193);\n script_osvdb_id(76668);\n script_xref(name:\"RHSA\", value:\"2012:0303\");\n\n script_name(english:\"RHEL 5 : xorg-x11-server (RHSA-2012:0303)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xorg-x11-server packages that fix one security issue and\nvarious bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A\nlocal user with access to the system console could use this flaw to\ndetermine the existence of a file in a directory not accessible to the\nuser, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for\nreporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the\nmiDbePositionWindow() function were not both allocated in video\nmemory, or were both allocated in system memory, the X Window System\nsometimes terminated unexpectedly. A patch has been provided to\naddress this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the\nmiRegionDestroy() function with a NULL region, X terminated\nunexpectedly if the backing store was enabled. Now, X no longer\ncrashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor\noccasionally became stuck near the left edge of the X11 screen. A\npatch has been provided to address this issue and the mouse cursor no\nlonger becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the\nr500 driver in Zaphod mode, the mouse pointer was confined to one\nmonitor screen and could not move to the other screen. A patch has\nbeen provided to address this issue and the mouse cursor works\nproperly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer)\nterminated unexpectedly with a segmentation fault randomly when the\nlast client disconnected, that is when the server reset. This bug has\nbeen fixed in the miDCCloseScreen() function and Xvfb no longer\ncrashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with\nan integrated graphics adapter caused the server to terminate\nunexpectedly. This bug has been fixed in the code and Xephyr no longer\ncrashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the\nlimit advertised in the BigRequestsEnable reply, the X server closed\nthe connection unexpectedly. With this update, the maxBigRequestSize\nvariable has been added to the code to check the size of client\nrequests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the\nXineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no\nlonger crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System\np blade server, the installer did not set the correct mode on the\nbuilt-in KVM (Keyboard-Video-Mouse). Consequently, the graphical\ninstaller took a very long time to appear and then was displayed\nincorrectly. A patch has been provided to address this issue and the\ngraphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel\nupdate. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the\ncoordinates being negative. However, for dashed lines, the\nmiPolyBuildPoly() function overflowed the 'int' type when setting up\nedges for a section of a dashed line. Consequently, dashed segments\nwere not drawn at all. An upstream patch has been applied to address\nthis issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated\npackages, which correct these issues. All running X.Org server\ninstances must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-4028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2012-0303.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n}\n", "title": "RHEL 5 : xorg-x11-server (RHSA-2012:0303)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:24:17"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx"], "cvelist": ["CVE-2011-4028"], "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Updated xorg-x11-server packages that fix one security issue and\nvarious bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A\nlocal user with access to the system console could use this flaw to\ndetermine the existence of a file in a directory not accessible to the\nuser, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for\nreporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the\nmiDbePositionWindow() function were not both allocated in video\nmemory, or were both allocated in system memory, the X Window System\nsometimes terminated unexpectedly. A patch has been provided to\naddress this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the\nmiRegionDestroy() function with a NULL region, X terminated\nunexpectedly if the backing store was enabled. Now, X no longer\ncrashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor\noccasionally became stuck near the left edge of the X11 screen. A\npatch has been provided to address this issue and the mouse cursor no\nlonger becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the\nr500 driver in Zaphod mode, the mouse pointer was confined to one\nmonitor screen and could not move to the other screen. A patch has\nbeen provided to address this issue and the mouse cursor works\nproperly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer)\nterminated unexpectedly with a segmentation fault randomly when the\nlast client disconnected, that is when the server reset. This bug has\nbeen fixed in the miDCCloseScreen() function and Xvfb no longer\ncrashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with\nan integrated graphics adapter caused the server to terminate\nunexpectedly. This bug has been fixed in the code and Xephyr no longer\ncrashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the\nlimit advertised in the BigRequestsEnable reply, the X server closed\nthe connection unexpectedly. With this update, the maxBigRequestSize\nvariable has been added to the code to check the size of client\nrequests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the\nXineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no\nlonger crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System\np blade server, the installer did not set the correct mode on the\nbuilt-in KVM (Keyboard-Video-Mouse). Consequently, the graphical\ninstaller took a very long time to appear and then was displayed\nincorrectly. A patch has been provided to address this issue and the\ngraphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel\nupdate. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the\ncoordinates being negative. However, for dashed lines, the\nmiPolyBuildPoly() function overflowed the 'int' type when setting up\nedges for a section of a dashed line. Consequently, dashed segments\nwere not drawn at all. An upstream patch has been applied to address\nthis issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated\npackages, which correct these issues. All running X.Org server\ninstances must be restarted for this update to take effect.", "edition": 9, "enchantments": {"dependencies": {"modified": "2019-01-16T20:13:14", "references": [{"idList": ["OPENVAS:1361412562310120267", "OPENVAS:850266", "OPENVAS:136141256231070617", "OPENVAS:70782", "OPENVAS:870775", "OPENVAS:1361412562310870548", "OPENVAS:1361412562310870775", "OPENVAS:1361412562310123960", "OPENVAS:870548", "OPENVAS:881153"], "type": "openvas"}, {"idList": ["GLSA-201110-19"], "type": "gentoo"}, {"idList": ["ELSA-2012-0939", "ELSA-2012-0303"], "type": "oraclelinux"}, {"idList": ["SECURITYVULNS:VULN:11984", "SECURITYVULNS:DOC:27170"], "type": "securityvulns"}, {"idList": ["CVE-2011-4028"], "type": "cve"}, {"idList": ["ALAS-2012-104"], "type": "amazon"}, {"idList": ["CESA-2012:0939"], "type": "centos"}, {"idList": ["8441957C-F9B4-11E0-A78A-BCAEC565249C"], "type": "freebsd"}, {"idList": ["ORACLELINUX_ELSA-2012-0939.NASL", "REDHAT-RHSA-2012-0939.NASL", "CENTOS_RHSA-2012-0939.NASL", "ALA_ALAS-2012-104.NASL", "SL_20120221_XORG_X11_SERVER_ON_SL5_X.NASL", "SL_20120620_XORG_X11_SERVER_ON_SL6_X.NASL", "SUSE_11_3_XORG-X11-XVNC-111201.NASL", "FREEBSD_PKG_8441957CF9B411E0A78ABCAEC565249C.NASL", "ORACLELINUX_ELSA-2012-0303.NASL", "GENTOO_GLSA-201110-19.NASL"], "type": "nessus"}, {"idList": ["RHSA-2012:0303", "RHSA-2012:0939"], "type": "redhat"}, {"idList": ["SUSE-SU-2011:1292-1", "OPENSUSE-SU-2012:0227-1"], "type": "suse"}, {"idList": ["USN-1232-3", "USN-1232-1", "USN-1232-2"], "type": "ubuntu"}]}, "score": {"value": 7.2, "vector": "NONE"}}, "hash": "f2496e88b8afac0d72ea3d7846101716281eaaeaaeb80c773dec98975525b2d1", "hashmap": [{"hash": "fc096e0dc13abdc68980eb8de0bfe6bd", "key": "references"}, {"hash": "b7bce24511082681a1a7eadc2f048e4b", "key": "title"}, {"hash": "44b14696a5a43c1eaa2d1f4484bdea37", "key": "cpe"}, {"hash": "47233cada37e3377ce5d1a88a09a20ee", "key": "pluginID"}, {"hash": "37895c7745e0413899322068f48d4b29", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "02343277c4ce1753f944e04e412f3e43", "key": "cvss"}, {"hash": "11adcfef0c4ad5230059a01cdd38d503", "key": "modified"}, {"hash": "950c8e1607e21d5daae40d6e035c0d04", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "4a3fbc701612e997ad62189a0fd4ed8e", "key": "description"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "ec8847a9581fc9363493d64902f0c7be", "key": "cvelist"}, {"hash": "64a24d7addd059730b11d3f2438d02b7", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58057", "id": "REDHAT-RHSA-2012-0303.NASL", "lastseen": "2019-01-16T20:13:14", "modified": "2018-11-26T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "58057", "published": "2012-02-21T00:00:00", "references": ["https://access.redhat.com/security/cve/cve-2011-4028", "https://access.redhat.com/errata/RHSA-2012:0303"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0303. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58057);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2011-4028\");\n script_bugtraq_id(50193);\n script_xref(name:\"RHSA\", value:\"2012:0303\");\n\n script_name(english:\"RHEL 5 : xorg-x11-server (RHSA-2012:0303)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xorg-x11-server packages that fix one security issue and\nvarious bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A\nlocal user with access to the system console could use this flaw to\ndetermine the existence of a file in a directory not accessible to the\nuser, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for\nreporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the\nmiDbePositionWindow() function were not both allocated in video\nmemory, or were both allocated in system memory, the X Window System\nsometimes terminated unexpectedly. A patch has been provided to\naddress this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the\nmiRegionDestroy() function with a NULL region, X terminated\nunexpectedly if the backing store was enabled. Now, X no longer\ncrashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor\noccasionally became stuck near the left edge of the X11 screen. A\npatch has been provided to address this issue and the mouse cursor no\nlonger becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the\nr500 driver in Zaphod mode, the mouse pointer was confined to one\nmonitor screen and could not move to the other screen. A patch has\nbeen provided to address this issue and the mouse cursor works\nproperly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer)\nterminated unexpectedly with a segmentation fault randomly when the\nlast client disconnected, that is when the server reset. This bug has\nbeen fixed in the miDCCloseScreen() function and Xvfb no longer\ncrashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with\nan integrated graphics adapter caused the server to terminate\nunexpectedly. This bug has been fixed in the code and Xephyr no longer\ncrashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the\nlimit advertised in the BigRequestsEnable reply, the X server closed\nthe connection unexpectedly. With this update, the maxBigRequestSize\nvariable has been added to the code to check the size of client\nrequests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the\nXineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no\nlonger crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System\np blade server, the installer did not set the correct mode on the\nbuilt-in KVM (Keyboard-Video-Mouse). Consequently, the graphical\ninstaller took a very long time to appear and then was displayed\nincorrectly. A patch has been provided to address this issue and the\ngraphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel\nupdate. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the\ncoordinates being negative. However, for dashed lines, the\nmiPolyBuildPoly() function overflowed the 'int' type when setting up\nedges for a section of a dashed line. Consequently, dashed segments\nwere not drawn at all. An upstream patch has been applied to address\nthis issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated\npackages, which correct these issues. All running X.Org server\ninstances must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0303\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0303\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n }\n}\n", "title": "RHEL 5 : xorg-x11-server (RHSA-2012:0303)", "type": "nessus", "viewCount": 3}, "differentElements": ["description"], "edition": 9, "lastseen": "2019-01-16T20:13:14"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx"], "cvelist": ["CVE-2011-4028"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Updated xorg-x11-server packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the miDbePositionWindow() function were not both allocated in video memory, or were both allocated in system memory, the X Window System sometimes terminated unexpectedly. A patch has been provided to address this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the miRegionDestroy() function with a NULL region, X terminated unexpectedly if the backing store was enabled. Now, X no longer crashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor occasionally became stuck near the left edge of the X11 screen. A patch has been provided to address this issue and the mouse cursor no longer becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the r500 driver in Zaphod mode, the mouse pointer was confined to one monitor screen and could not move to the other screen. A patch has been provided to address this issue and the mouse cursor works properly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer) terminated unexpectedly with a segmentation fault randomly when the last client disconnected, that is when the server reset. This bug has been fixed in the miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with an integrated graphics adapter caused the server to terminate unexpectedly. This bug has been fixed in the code and Xephyr no longer crashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the limit advertised in the BigRequestsEnable reply, the X server closed the connection unexpectedly. With this update, the maxBigRequestSize variable has been added to the code to check the size of client requests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the XineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no longer crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System p blade server, the installer did not set the correct mode on the built-in KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a very long time to appear and then was displayed incorrectly. A patch has been provided to address this issue and the graphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel update. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the coordinates being negative. However, for dashed lines, the miPolyBuildPoly() function overflowed the 'int' type when setting up edges for a section of a dashed line. Consequently, dashed segments were not drawn at all. An upstream patch has been applied to address this issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.", "edition": 5, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "12be13c00ca2b96516d2c6dd68822dfee0fe8e991aedba54af4f69d4189e8420", "hashmap": [{"hash": "b7bce24511082681a1a7eadc2f048e4b", "key": "title"}, {"hash": "44b14696a5a43c1eaa2d1f4484bdea37", "key": "cpe"}, {"hash": "47233cada37e3377ce5d1a88a09a20ee", "key": "pluginID"}, {"hash": "8825cfcc6a68eb22807158b2fdce98f8", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "034f63a11165ecf1aa4002f3414ead9f", "key": "references"}, {"hash": "a06519dc02a16aa9eaf9b8066566d2c5", "key": "sourceData"}, {"hash": "950c8e1607e21d5daae40d6e035c0d04", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "00e17e22c15d5193a98a6bca1c24c1a3", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "ec8847a9581fc9363493d64902f0c7be", "key": "cvelist"}, {"hash": "64a24d7addd059730b11d3f2438d02b7", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58057", "id": "REDHAT-RHSA-2012-0303.NASL", "lastseen": "2018-08-30T19:37:14", "modified": "2018-07-25T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "58057", "published": "2012-02-21T00:00:00", "references": ["http://rhn.redhat.com/errata/RHSA-2012-0303.html", "https://www.redhat.com/security/data/cve/CVE-2011-4028.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0303. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58057);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\n\n script_cve_id(\"CVE-2011-4028\");\n script_bugtraq_id(50193);\n script_xref(name:\"RHSA\", value:\"2012:0303\");\n\n script_name(english:\"RHEL 5 : xorg-x11-server (RHSA-2012:0303)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xorg-x11-server packages that fix one security issue and\nvarious bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A\nlocal user with access to the system console could use this flaw to\ndetermine the existence of a file in a directory not accessible to the\nuser, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for\nreporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the\nmiDbePositionWindow() function were not both allocated in video\nmemory, or were both allocated in system memory, the X Window System\nsometimes terminated unexpectedly. A patch has been provided to\naddress this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the\nmiRegionDestroy() function with a NULL region, X terminated\nunexpectedly if the backing store was enabled. Now, X no longer\ncrashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor\noccasionally became stuck near the left edge of the X11 screen. A\npatch has been provided to address this issue and the mouse cursor no\nlonger becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the\nr500 driver in Zaphod mode, the mouse pointer was confined to one\nmonitor screen and could not move to the other screen. A patch has\nbeen provided to address this issue and the mouse cursor works\nproperly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer)\nterminated unexpectedly with a segmentation fault randomly when the\nlast client disconnected, that is when the server reset. This bug has\nbeen fixed in the miDCCloseScreen() function and Xvfb no longer\ncrashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with\nan integrated graphics adapter caused the server to terminate\nunexpectedly. This bug has been fixed in the code and Xephyr no longer\ncrashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the\nlimit advertised in the BigRequestsEnable reply, the X server closed\nthe connection unexpectedly. With this update, the maxBigRequestSize\nvariable has been added to the code to check the size of client\nrequests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the\nXineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no\nlonger crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System\np blade server, the installer did not set the correct mode on the\nbuilt-in KVM (Keyboard-Video-Mouse). Consequently, the graphical\ninstaller took a very long time to appear and then was displayed\nincorrectly. A patch has been provided to address this issue and the\ngraphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel\nupdate. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the\ncoordinates being negative. However, for dashed lines, the\nmiPolyBuildPoly() function overflowed the 'int' type when setting up\nedges for a section of a dashed line. Consequently, dashed segments\nwere not drawn at all. An upstream patch has been applied to address\nthis issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated\npackages, which correct these issues. All running X.Org server\ninstances must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-4028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2012-0303.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0303\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n }\n}\n", "title": "RHEL 5 : xorg-x11-server (RHSA-2012:0303)", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-30T19:37:14"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2011-4028"], "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Updated xorg-x11-server packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the miDbePositionWindow() function were not both allocated in video memory, or were both allocated in system memory, the X Window System sometimes terminated unexpectedly. A patch has been provided to address this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the miRegionDestroy() function with a NULL region, X terminated unexpectedly if the backing store was enabled. Now, X no longer crashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor occasionally became stuck near the left edge of the X11 screen. A patch has been provided to address this issue and the mouse cursor no longer becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the r500 driver in Zaphod mode, the mouse pointer was confined to one monitor screen and could not move to the other screen. A patch has been provided to address this issue and the mouse cursor works properly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer) terminated unexpectedly with a segmentation fault randomly when the last client disconnected, that is when the server reset. This bug has been fixed in the miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with an integrated graphics adapter caused the server to terminate unexpectedly. This bug has been fixed in the code and Xephyr no longer crashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the limit advertised in the BigRequestsEnable reply, the X server closed the connection unexpectedly. With this update, the maxBigRequestSize variable has been added to the code to check the size of client requests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the XineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no longer crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System p blade server, the installer did not set the correct mode on the built-in KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a very long time to appear and then was displayed incorrectly. A patch has been provided to address this issue and the graphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel update. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the coordinates being negative. However, for dashed lines, the miPolyBuildPoly() function overflowed the 'int' type when setting up edges for a section of a dashed line. Consequently, dashed segments were not drawn at all. An upstream patch has been applied to address this issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.", "edition": 2, "enchantments": {}, "hash": "548379473f826e5a00fee48acc78ee57bda02eff9e28f19657aa07f32c8306eb", "hashmap": [{"hash": "b7bce24511082681a1a7eadc2f048e4b", "key": "title"}, {"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "47233cada37e3377ce5d1a88a09a20ee", "key": "pluginID"}, {"hash": "df931f30c8bcbd4092ed57c29608d713", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "02343277c4ce1753f944e04e412f3e43", "key": "cvss"}, {"hash": "034f63a11165ecf1aa4002f3414ead9f", "key": "references"}, {"hash": "950c8e1607e21d5daae40d6e035c0d04", "key": "href"}, {"hash": "00e17e22c15d5193a98a6bca1c24c1a3", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "ec8847a9581fc9363493d64902f0c7be", "key": "cvelist"}, {"hash": "64a24d7addd059730b11d3f2438d02b7", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58057", "id": "REDHAT-RHSA-2012-0303.NASL", "lastseen": "2017-01-06T02:14:44", "modified": "2017-01-05T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.2", "pluginID": "58057", "published": "2012-02-21T00:00:00", "references": ["http://rhn.redhat.com/errata/RHSA-2012-0303.html", "https://www.redhat.com/security/data/cve/CVE-2011-4028.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0303. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58057);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:04:21 $\");\n\n script_cve_id(\"CVE-2011-4028\");\n script_bugtraq_id(50193);\n script_osvdb_id(76668);\n script_xref(name:\"RHSA\", value:\"2012:0303\");\n\n script_name(english:\"RHEL 5 : xorg-x11-server (RHSA-2012:0303)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xorg-x11-server packages that fix one security issue and\nvarious bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A\nlocal user with access to the system console could use this flaw to\ndetermine the existence of a file in a directory not accessible to the\nuser, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for\nreporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the\nmiDbePositionWindow() function were not both allocated in video\nmemory, or were both allocated in system memory, the X Window System\nsometimes terminated unexpectedly. A patch has been provided to\naddress this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the\nmiRegionDestroy() function with a NULL region, X terminated\nunexpectedly if the backing store was enabled. Now, X no longer\ncrashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor\noccasionally became stuck near the left edge of the X11 screen. A\npatch has been provided to address this issue and the mouse cursor no\nlonger becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the\nr500 driver in Zaphod mode, the mouse pointer was confined to one\nmonitor screen and could not move to the other screen. A patch has\nbeen provided to address this issue and the mouse cursor works\nproperly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer)\nterminated unexpectedly with a segmentation fault randomly when the\nlast client disconnected, that is when the server reset. This bug has\nbeen fixed in the miDCCloseScreen() function and Xvfb no longer\ncrashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with\nan integrated graphics adapter caused the server to terminate\nunexpectedly. This bug has been fixed in the code and Xephyr no longer\ncrashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the\nlimit advertised in the BigRequestsEnable reply, the X server closed\nthe connection unexpectedly. With this update, the maxBigRequestSize\nvariable has been added to the code to check the size of client\nrequests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the\nXineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no\nlonger crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System\np blade server, the installer did not set the correct mode on the\nbuilt-in KVM (Keyboard-Video-Mouse). Consequently, the graphical\ninstaller took a very long time to appear and then was displayed\nincorrectly. A patch has been provided to address this issue and the\ngraphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel\nupdate. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the\ncoordinates being negative. However, for dashed lines, the\nmiPolyBuildPoly() function overflowed the 'int' type when setting up\nedges for a section of a dashed line. Consequently, dashed segments\nwere not drawn at all. An upstream patch has been applied to address\nthis issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated\npackages, which correct these issues. All running X.Org server\ninstances must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-4028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2012-0303.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0303\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n }\n}\n", "title": "RHEL 5 : xorg-x11-server (RHSA-2012:0303)", "type": "nessus", "viewCount": 2}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2017-01-06T02:14:44"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx"], "cvelist": ["CVE-2011-4028"], "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Updated xorg-x11-server packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the miDbePositionWindow() function were not both allocated in video memory, or were both allocated in system memory, the X Window System sometimes terminated unexpectedly. A patch has been provided to address this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the miRegionDestroy() function with a NULL region, X terminated unexpectedly if the backing store was enabled. Now, X no longer crashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor occasionally became stuck near the left edge of the X11 screen. A patch has been provided to address this issue and the mouse cursor no longer becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the r500 driver in Zaphod mode, the mouse pointer was confined to one monitor screen and could not move to the other screen. A patch has been provided to address this issue and the mouse cursor works properly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer) terminated unexpectedly with a segmentation fault randomly when the last client disconnected, that is when the server reset. This bug has been fixed in the miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with an integrated graphics adapter caused the server to terminate unexpectedly. This bug has been fixed in the code and Xephyr no longer crashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the limit advertised in the BigRequestsEnable reply, the X server closed the connection unexpectedly. With this update, the maxBigRequestSize variable has been added to the code to check the size of client requests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the XineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no longer crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System p blade server, the installer did not set the correct mode on the built-in KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a very long time to appear and then was displayed incorrectly. A patch has been provided to address this issue and the graphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel update. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the coordinates being negative. However, for dashed lines, the miPolyBuildPoly() function overflowed the 'int' type when setting up edges for a section of a dashed line. Consequently, dashed segments were not drawn at all. An upstream patch has been applied to address this issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.", "edition": 6, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "cedd62f07627940ea275edc647fe54611e6f8933f537ad85bf29d34adcf2ac15", "hashmap": [{"hash": "b7bce24511082681a1a7eadc2f048e4b", "key": "title"}, {"hash": "44b14696a5a43c1eaa2d1f4484bdea37", "key": "cpe"}, {"hash": "47233cada37e3377ce5d1a88a09a20ee", "key": "pluginID"}, {"hash": "8825cfcc6a68eb22807158b2fdce98f8", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "02343277c4ce1753f944e04e412f3e43", "key": "cvss"}, {"hash": "034f63a11165ecf1aa4002f3414ead9f", "key": "references"}, {"hash": "a06519dc02a16aa9eaf9b8066566d2c5", "key": "sourceData"}, {"hash": "950c8e1607e21d5daae40d6e035c0d04", "key": "href"}, {"hash": "00e17e22c15d5193a98a6bca1c24c1a3", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "ec8847a9581fc9363493d64902f0c7be", "key": "cvelist"}, {"hash": "64a24d7addd059730b11d3f2438d02b7", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58057", "id": "REDHAT-RHSA-2012-0303.NASL", "lastseen": "2018-09-01T23:43:00", "modified": "2018-07-25T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "58057", "published": "2012-02-21T00:00:00", "references": ["http://rhn.redhat.com/errata/RHSA-2012-0303.html", "https://www.redhat.com/security/data/cve/CVE-2011-4028.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0303. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58057);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\n\n script_cve_id(\"CVE-2011-4028\");\n script_bugtraq_id(50193);\n script_xref(name:\"RHSA\", value:\"2012:0303\");\n\n script_name(english:\"RHEL 5 : xorg-x11-server (RHSA-2012:0303)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xorg-x11-server packages that fix one security issue and\nvarious bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A\nlocal user with access to the system console could use this flaw to\ndetermine the existence of a file in a directory not accessible to the\nuser, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for\nreporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the\nmiDbePositionWindow() function were not both allocated in video\nmemory, or were both allocated in system memory, the X Window System\nsometimes terminated unexpectedly. A patch has been provided to\naddress this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the\nmiRegionDestroy() function with a NULL region, X terminated\nunexpectedly if the backing store was enabled. Now, X no longer\ncrashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor\noccasionally became stuck near the left edge of the X11 screen. A\npatch has been provided to address this issue and the mouse cursor no\nlonger becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the\nr500 driver in Zaphod mode, the mouse pointer was confined to one\nmonitor screen and could not move to the other screen. A patch has\nbeen provided to address this issue and the mouse cursor works\nproperly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer)\nterminated unexpectedly with a segmentation fault randomly when the\nlast client disconnected, that is when the server reset. This bug has\nbeen fixed in the miDCCloseScreen() function and Xvfb no longer\ncrashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with\nan integrated graphics adapter caused the server to terminate\nunexpectedly. This bug has been fixed in the code and Xephyr no longer\ncrashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the\nlimit advertised in the BigRequestsEnable reply, the X server closed\nthe connection unexpectedly. With this update, the maxBigRequestSize\nvariable has been added to the code to check the size of client\nrequests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the\nXineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no\nlonger crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System\np blade server, the installer did not set the correct mode on the\nbuilt-in KVM (Keyboard-Video-Mouse). Consequently, the graphical\ninstaller took a very long time to appear and then was displayed\nincorrectly. A patch has been provided to address this issue and the\ngraphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel\nupdate. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the\ncoordinates being negative. However, for dashed lines, the\nmiPolyBuildPoly() function overflowed the 'int' type when setting up\nedges for a section of a dashed line. Consequently, dashed segments\nwere not drawn at all. An upstream patch has been applied to address\nthis issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated\npackages, which correct these issues. All running X.Org server\ninstances must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-4028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2012-0303.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0303\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n }\n}\n", "title": "RHEL 5 : xorg-x11-server (RHSA-2012:0303)", "type": "nessus", "viewCount": 2}, "differentElements": ["references", "modified", "sourceData"], "edition": 6, "lastseen": "2018-09-01T23:43:00"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx"], "cvelist": ["CVE-2011-4028"], "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Updated xorg-x11-server packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the miDbePositionWindow() function were not both allocated in video memory, or were both allocated in system memory, the X Window System sometimes terminated unexpectedly. A patch has been provided to address this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the miRegionDestroy() function with a NULL region, X terminated unexpectedly if the backing store was enabled. Now, X no longer crashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor occasionally became stuck near the left edge of the X11 screen. A patch has been provided to address this issue and the mouse cursor no longer becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the r500 driver in Zaphod mode, the mouse pointer was confined to one monitor screen and could not move to the other screen. A patch has been provided to address this issue and the mouse cursor works properly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer) terminated unexpectedly with a segmentation fault randomly when the last client disconnected, that is when the server reset. This bug has been fixed in the miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with an integrated graphics adapter caused the server to terminate unexpectedly. This bug has been fixed in the code and Xephyr no longer crashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the limit advertised in the BigRequestsEnable reply, the X server closed the connection unexpectedly. With this update, the maxBigRequestSize variable has been added to the code to check the size of client requests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the XineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no longer crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System p blade server, the installer did not set the correct mode on the built-in KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a very long time to appear and then was displayed incorrectly. A patch has been provided to address this issue and the graphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel update. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the coordinates being negative. However, for dashed lines, the miPolyBuildPoly() function overflowed the 'int' type when setting up edges for a section of a dashed line. Consequently, dashed segments were not drawn at all. An upstream patch has been applied to address this issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.", "edition": 4, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "cedd62f07627940ea275edc647fe54611e6f8933f537ad85bf29d34adcf2ac15", "hashmap": [{"hash": "b7bce24511082681a1a7eadc2f048e4b", "key": "title"}, {"hash": "44b14696a5a43c1eaa2d1f4484bdea37", "key": "cpe"}, {"hash": "47233cada37e3377ce5d1a88a09a20ee", "key": "pluginID"}, {"hash": "8825cfcc6a68eb22807158b2fdce98f8", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "02343277c4ce1753f944e04e412f3e43", "key": "cvss"}, {"hash": "034f63a11165ecf1aa4002f3414ead9f", "key": "references"}, {"hash": "a06519dc02a16aa9eaf9b8066566d2c5", "key": "sourceData"}, {"hash": "950c8e1607e21d5daae40d6e035c0d04", "key": "href"}, {"hash": "00e17e22c15d5193a98a6bca1c24c1a3", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "ec8847a9581fc9363493d64902f0c7be", "key": "cvelist"}, {"hash": "64a24d7addd059730b11d3f2438d02b7", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58057", "id": "REDHAT-RHSA-2012-0303.NASL", "lastseen": "2018-07-30T13:49:50", "modified": "2018-07-25T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "58057", "published": "2012-02-21T00:00:00", "references": ["http://rhn.redhat.com/errata/RHSA-2012-0303.html", "https://www.redhat.com/security/data/cve/CVE-2011-4028.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0303. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58057);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/07/25 18:58:06\");\n\n script_cve_id(\"CVE-2011-4028\");\n script_bugtraq_id(50193);\n script_xref(name:\"RHSA\", value:\"2012:0303\");\n\n script_name(english:\"RHEL 5 : xorg-x11-server (RHSA-2012:0303)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xorg-x11-server packages that fix one security issue and\nvarious bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A\nlocal user with access to the system console could use this flaw to\ndetermine the existence of a file in a directory not accessible to the\nuser, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for\nreporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the\nmiDbePositionWindow() function were not both allocated in video\nmemory, or were both allocated in system memory, the X Window System\nsometimes terminated unexpectedly. A patch has been provided to\naddress this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the\nmiRegionDestroy() function with a NULL region, X terminated\nunexpectedly if the backing store was enabled. Now, X no longer\ncrashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor\noccasionally became stuck near the left edge of the X11 screen. A\npatch has been provided to address this issue and the mouse cursor no\nlonger becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the\nr500 driver in Zaphod mode, the mouse pointer was confined to one\nmonitor screen and could not move to the other screen. A patch has\nbeen provided to address this issue and the mouse cursor works\nproperly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer)\nterminated unexpectedly with a segmentation fault randomly when the\nlast client disconnected, that is when the server reset. This bug has\nbeen fixed in the miDCCloseScreen() function and Xvfb no longer\ncrashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with\nan integrated graphics adapter caused the server to terminate\nunexpectedly. This bug has been fixed in the code and Xephyr no longer\ncrashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the\nlimit advertised in the BigRequestsEnable reply, the X server closed\nthe connection unexpectedly. With this update, the maxBigRequestSize\nvariable has been added to the code to check the size of client\nrequests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the\nXineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no\nlonger crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System\np blade server, the installer did not set the correct mode on the\nbuilt-in KVM (Keyboard-Video-Mouse). Consequently, the graphical\ninstaller took a very long time to appear and then was displayed\nincorrectly. A patch has been provided to address this issue and the\ngraphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel\nupdate. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the\ncoordinates being negative. However, for dashed lines, the\nmiPolyBuildPoly() function overflowed the 'int' type when setting up\nedges for a section of a dashed line. Consequently, dashed segments\nwere not drawn at all. An upstream patch has been applied to address\nthis issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated\npackages, which correct these issues. All running X.Org server\ninstances must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-4028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2012-0303.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0303\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n }\n}\n", "title": "RHEL 5 : xorg-x11-server (RHSA-2012:0303)", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-07-30T13:49:50"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx"], "cvelist": ["CVE-2011-4028"], "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Updated xorg-x11-server packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the miDbePositionWindow() function were not both allocated in video memory, or were both allocated in system memory, the X Window System sometimes terminated unexpectedly. A patch has been provided to address this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the miRegionDestroy() function with a NULL region, X terminated unexpectedly if the backing store was enabled. Now, X no longer crashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor occasionally became stuck near the left edge of the X11 screen. A patch has been provided to address this issue and the mouse cursor no longer becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the r500 driver in Zaphod mode, the mouse pointer was confined to one monitor screen and could not move to the other screen. A patch has been provided to address this issue and the mouse cursor works properly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer) terminated unexpectedly with a segmentation fault randomly when the last client disconnected, that is when the server reset. This bug has been fixed in the miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with an integrated graphics adapter caused the server to terminate unexpectedly. This bug has been fixed in the code and Xephyr no longer crashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the limit advertised in the BigRequestsEnable reply, the X server closed the connection unexpectedly. With this update, the maxBigRequestSize variable has been added to the code to check the size of client requests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the XineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no longer crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System p blade server, the installer did not set the correct mode on the built-in KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a very long time to appear and then was displayed incorrectly. A patch has been provided to address this issue and the graphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel update. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the coordinates being negative. However, for dashed lines, the miPolyBuildPoly() function overflowed the 'int' type when setting up edges for a section of a dashed line. Consequently, dashed segments were not drawn at all. An upstream patch has been applied to address this issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.", "edition": 8, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "96d67ca662ebf7d03ca2e65dadd9a8a15f14088c606cb060ac2c704a7371376a", "hashmap": [{"hash": "fc096e0dc13abdc68980eb8de0bfe6bd", "key": "references"}, {"hash": "b7bce24511082681a1a7eadc2f048e4b", "key": "title"}, {"hash": "44b14696a5a43c1eaa2d1f4484bdea37", "key": "cpe"}, {"hash": "47233cada37e3377ce5d1a88a09a20ee", "key": "pluginID"}, {"hash": "37895c7745e0413899322068f48d4b29", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "02343277c4ce1753f944e04e412f3e43", "key": "cvss"}, {"hash": "11adcfef0c4ad5230059a01cdd38d503", "key": "modified"}, {"hash": "950c8e1607e21d5daae40d6e035c0d04", "key": "href"}, {"hash": "00e17e22c15d5193a98a6bca1c24c1a3", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "ec8847a9581fc9363493d64902f0c7be", "key": "cvelist"}, {"hash": "64a24d7addd059730b11d3f2438d02b7", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58057", "id": "REDHAT-RHSA-2012-0303.NASL", "lastseen": "2018-11-27T05:19:24", "modified": "2018-11-26T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "58057", "published": "2012-02-21T00:00:00", "references": ["https://access.redhat.com/security/cve/cve-2011-4028", "https://access.redhat.com/errata/RHSA-2012:0303"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0303. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58057);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2011-4028\");\n script_bugtraq_id(50193);\n script_xref(name:\"RHSA\", value:\"2012:0303\");\n\n script_name(english:\"RHEL 5 : xorg-x11-server (RHSA-2012:0303)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xorg-x11-server packages that fix one security issue and\nvarious bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A\nlocal user with access to the system console could use this flaw to\ndetermine the existence of a file in a directory not accessible to the\nuser, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for\nreporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the\nmiDbePositionWindow() function were not both allocated in video\nmemory, or were both allocated in system memory, the X Window System\nsometimes terminated unexpectedly. A patch has been provided to\naddress this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the\nmiRegionDestroy() function with a NULL region, X terminated\nunexpectedly if the backing store was enabled. Now, X no longer\ncrashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor\noccasionally became stuck near the left edge of the X11 screen. A\npatch has been provided to address this issue and the mouse cursor no\nlonger becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the\nr500 driver in Zaphod mode, the mouse pointer was confined to one\nmonitor screen and could not move to the other screen. A patch has\nbeen provided to address this issue and the mouse cursor works\nproperly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer)\nterminated unexpectedly with a segmentation fault randomly when the\nlast client disconnected, that is when the server reset. This bug has\nbeen fixed in the miDCCloseScreen() function and Xvfb no longer\ncrashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with\nan integrated graphics adapter caused the server to terminate\nunexpectedly. This bug has been fixed in the code and Xephyr no longer\ncrashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the\nlimit advertised in the BigRequestsEnable reply, the X server closed\nthe connection unexpectedly. With this update, the maxBigRequestSize\nvariable has been added to the code to check the size of client\nrequests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the\nXineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no\nlonger crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System\np blade server, the installer did not set the correct mode on the\nbuilt-in KVM (Keyboard-Video-Mouse). Consequently, the graphical\ninstaller took a very long time to appear and then was displayed\nincorrectly. A patch has been provided to address this issue and the\ngraphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel\nupdate. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the\ncoordinates being negative. However, for dashed lines, the\nmiPolyBuildPoly() function overflowed the 'int' type when setting up\nedges for a section of a dashed line. Consequently, dashed segments\nwere not drawn at all. An upstream patch has been applied to address\nthis issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated\npackages, which correct these issues. All running X.Org server\ninstances must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0303\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0303\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n }\n}\n", "title": "RHEL 5 : xorg-x11-server (RHSA-2012:0303)", "type": "nessus", "viewCount": 3}, "differentElements": ["description"], "edition": 8, "lastseen": "2018-11-27T05:19:24"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx"], "cvelist": ["CVE-2011-4028"], "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Updated xorg-x11-server packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the miDbePositionWindow() function were not both allocated in video memory, or were both allocated in system memory, the X Window System sometimes terminated unexpectedly. A patch has been provided to address this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the miRegionDestroy() function with a NULL region, X terminated unexpectedly if the backing store was enabled. Now, X no longer crashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor occasionally became stuck near the left edge of the X11 screen. A patch has been provided to address this issue and the mouse cursor no longer becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the r500 driver in Zaphod mode, the mouse pointer was confined to one monitor screen and could not move to the other screen. A patch has been provided to address this issue and the mouse cursor works properly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer) terminated unexpectedly with a segmentation fault randomly when the last client disconnected, that is when the server reset. This bug has been fixed in the miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with an integrated graphics adapter caused the server to terminate unexpectedly. This bug has been fixed in the code and Xephyr no longer crashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the limit advertised in the BigRequestsEnable reply, the X server closed the connection unexpectedly. With this update, the maxBigRequestSize variable has been added to the code to check the size of client requests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the XineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no longer crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System p blade server, the installer did not set the correct mode on the built-in KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a very long time to appear and then was displayed incorrectly. A patch has been provided to address this issue and the graphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel update. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the coordinates being negative. However, for dashed lines, the miPolyBuildPoly() function overflowed the 'int' type when setting up edges for a section of a dashed line. Consequently, dashed segments were not drawn at all. An upstream patch has been applied to address this issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.", "edition": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "86044d96730197e5ca734c52898463e8f24db40e3d4a880f28d4a3e6908e790c", "hashmap": [{"hash": "b7bce24511082681a1a7eadc2f048e4b", "key": "title"}, {"hash": "369eb856f7dc4cfd31b9acc3c0811267", "key": "modified"}, {"hash": "44b14696a5a43c1eaa2d1f4484bdea37", "key": "cpe"}, {"hash": "47233cada37e3377ce5d1a88a09a20ee", "key": "pluginID"}, {"hash": "df931f30c8bcbd4092ed57c29608d713", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "02343277c4ce1753f944e04e412f3e43", "key": "cvss"}, {"hash": "034f63a11165ecf1aa4002f3414ead9f", "key": "references"}, {"hash": "950c8e1607e21d5daae40d6e035c0d04", "key": "href"}, {"hash": "00e17e22c15d5193a98a6bca1c24c1a3", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "ec8847a9581fc9363493d64902f0c7be", "key": "cvelist"}, {"hash": "64a24d7addd059730b11d3f2438d02b7", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58057", "id": "REDHAT-RHSA-2012-0303.NASL", "lastseen": "2017-10-29T13:37:05", "modified": "2017-01-05T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "58057", "published": "2012-02-21T00:00:00", "references": ["http://rhn.redhat.com/errata/RHSA-2012-0303.html", "https://www.redhat.com/security/data/cve/CVE-2011-4028.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0303. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58057);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2017/01/05 16:04:21 $\");\n\n script_cve_id(\"CVE-2011-4028\");\n script_bugtraq_id(50193);\n script_osvdb_id(76668);\n script_xref(name:\"RHSA\", value:\"2012:0303\");\n\n script_name(english:\"RHEL 5 : xorg-x11-server (RHSA-2012:0303)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xorg-x11-server packages that fix one security issue and\nvarious bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A\nlocal user with access to the system console could use this flaw to\ndetermine the existence of a file in a directory not accessible to the\nuser, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for\nreporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the\nmiDbePositionWindow() function were not both allocated in video\nmemory, or were both allocated in system memory, the X Window System\nsometimes terminated unexpectedly. A patch has been provided to\naddress this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the\nmiRegionDestroy() function with a NULL region, X terminated\nunexpectedly if the backing store was enabled. Now, X no longer\ncrashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor\noccasionally became stuck near the left edge of the X11 screen. A\npatch has been provided to address this issue and the mouse cursor no\nlonger becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the\nr500 driver in Zaphod mode, the mouse pointer was confined to one\nmonitor screen and could not move to the other screen. A patch has\nbeen provided to address this issue and the mouse cursor works\nproperly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer)\nterminated unexpectedly with a segmentation fault randomly when the\nlast client disconnected, that is when the server reset. This bug has\nbeen fixed in the miDCCloseScreen() function and Xvfb no longer\ncrashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with\nan integrated graphics adapter caused the server to terminate\nunexpectedly. This bug has been fixed in the code and Xephyr no longer\ncrashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the\nlimit advertised in the BigRequestsEnable reply, the X server closed\nthe connection unexpectedly. With this update, the maxBigRequestSize\nvariable has been added to the code to check the size of client\nrequests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the\nXineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no\nlonger crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System\np blade server, the installer did not set the correct mode on the\nbuilt-in KVM (Keyboard-Video-Mouse). Consequently, the graphical\ninstaller took a very long time to appear and then was displayed\nincorrectly. A patch has been provided to address this issue and the\ngraphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel\nupdate. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the\ncoordinates being negative. However, for dashed lines, the\nmiPolyBuildPoly() function overflowed the 'int' type when setting up\nedges for a section of a dashed line. Consequently, dashed segments\nwere not drawn at all. An upstream patch has been applied to address\nthis issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated\npackages, which correct these issues. All running X.Org server\ninstances must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-4028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2012-0303.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0303\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n }\n}\n", "title": "RHEL 5 : xorg-x11-server (RHSA-2012:0303)", "type": "nessus", "viewCount": 2}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2017-10-29T13:37:05"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx"], "cvelist": ["CVE-2011-4028"], "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Updated xorg-x11-server packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the miDbePositionWindow() function were not both allocated in video memory, or were both allocated in system memory, the X Window System sometimes terminated unexpectedly. A patch has been provided to address this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the miRegionDestroy() function with a NULL region, X terminated unexpectedly if the backing store was enabled. Now, X no longer crashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor occasionally became stuck near the left edge of the X11 screen. A patch has been provided to address this issue and the mouse cursor no longer becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the r500 driver in Zaphod mode, the mouse pointer was confined to one monitor screen and could not move to the other screen. A patch has been provided to address this issue and the mouse cursor works properly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer) terminated unexpectedly with a segmentation fault randomly when the last client disconnected, that is when the server reset. This bug has been fixed in the miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with an integrated graphics adapter caused the server to terminate unexpectedly. This bug has been fixed in the code and Xephyr no longer crashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the limit advertised in the BigRequestsEnable reply, the X server closed the connection unexpectedly. With this update, the maxBigRequestSize variable has been added to the code to check the size of client requests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the XineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no longer crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System p blade server, the installer did not set the correct mode on the built-in KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a very long time to appear and then was displayed incorrectly. A patch has been provided to address this issue and the graphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel update. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the coordinates being negative. However, for dashed lines, the miPolyBuildPoly() function overflowed the 'int' type when setting up edges for a section of a dashed line. Consequently, dashed segments were not drawn at all. An upstream patch has been applied to address this issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.", "edition": 7, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "29b6870ca9eb45e15469775a6e1abf9cc597ce4e582eaebcd7729173c438ccd0", "hashmap": [{"hash": "b7bce24511082681a1a7eadc2f048e4b", "key": "title"}, {"hash": "44b14696a5a43c1eaa2d1f4484bdea37", "key": "cpe"}, {"hash": "47233cada37e3377ce5d1a88a09a20ee", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "02343277c4ce1753f944e04e412f3e43", "key": "cvss"}, {"hash": "30bd48e17de549e3bd046bca29da59c5", "key": "sourceData"}, {"hash": "f6625669c9ca8057391dcd4315946436", "key": "references"}, {"hash": "950c8e1607e21d5daae40d6e035c0d04", "key": "href"}, {"hash": "00e17e22c15d5193a98a6bca1c24c1a3", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "b46559ea68ec9a13474c3a7776817cfd", "key": "naslFamily"}, {"hash": "ec8847a9581fc9363493d64902f0c7be", "key": "cvelist"}, {"hash": "64a24d7addd059730b11d3f2438d02b7", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=58057", "id": "REDHAT-RHSA-2012-0303.NASL", "lastseen": "2018-11-13T16:51:36", "modified": "2018-11-10T00:00:00", "naslFamily": "Red Hat Local Security Checks", "objectVersion": "1.3", "pluginID": "58057", "published": "2012-02-21T00:00:00", "references": ["https://www.redhat.com/security/data/cve/CVE-2011-4028.html", "https://access.redhat.com/errata/RHSA-2012:0303"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0303. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58057);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/11/10 11:49:51\");\n\n script_cve_id(\"CVE-2011-4028\");\n script_bugtraq_id(50193);\n script_xref(name:\"RHSA\", value:\"2012:0303\");\n\n script_name(english:\"RHEL 5 : xorg-x11-server (RHSA-2012:0303)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xorg-x11-server packages that fix one security issue and\nvarious bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A\nlocal user with access to the system console could use this flaw to\ndetermine the existence of a file in a directory not accessible to the\nuser, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for\nreporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the\nmiDbePositionWindow() function were not both allocated in video\nmemory, or were both allocated in system memory, the X Window System\nsometimes terminated unexpectedly. A patch has been provided to\naddress this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the\nmiRegionDestroy() function with a NULL region, X terminated\nunexpectedly if the backing store was enabled. Now, X no longer\ncrashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor\noccasionally became stuck near the left edge of the X11 screen. A\npatch has been provided to address this issue and the mouse cursor no\nlonger becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the\nr500 driver in Zaphod mode, the mouse pointer was confined to one\nmonitor screen and could not move to the other screen. A patch has\nbeen provided to address this issue and the mouse cursor works\nproperly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer)\nterminated unexpectedly with a segmentation fault randomly when the\nlast client disconnected, that is when the server reset. This bug has\nbeen fixed in the miDCCloseScreen() function and Xvfb no longer\ncrashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with\nan integrated graphics adapter caused the server to terminate\nunexpectedly. This bug has been fixed in the code and Xephyr no longer\ncrashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the\nlimit advertised in the BigRequestsEnable reply, the X server closed\nthe connection unexpectedly. With this update, the maxBigRequestSize\nvariable has been added to the code to check the size of client\nrequests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the\nXineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no\nlonger crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System\np blade server, the installer did not set the correct mode on the\nbuilt-in KVM (Keyboard-Video-Mouse). Consequently, the graphical\ninstaller took a very long time to appear and then was displayed\nincorrectly. A patch has been provided to address this issue and the\ngraphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel\nupdate. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the\ncoordinates being negative. However, for dashed lines, the\nmiPolyBuildPoly() function overflowed the 'int' type when setting up\nedges for a section of a dashed line. Consequently, dashed segments\nwere not drawn at all. An upstream patch has been applied to address\nthis issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated\npackages, which correct these issues. All running X.Org server\ninstances must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-4028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0303\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0303\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n }\n}\n", "title": "RHEL 5 : xorg-x11-server (RHSA-2012:0303)", "type": "nessus", "viewCount": 2}, "differentElements": ["references", "modified", "sourceData"], "edition": 7, "lastseen": "2018-11-13T16:51:36"}], "edition": 10, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "44b14696a5a43c1eaa2d1f4484bdea37"}, {"key": "cvelist", "hash": "ec8847a9581fc9363493d64902f0c7be"}, {"key": "cvss", "hash": "02343277c4ce1753f944e04e412f3e43"}, {"key": "description", "hash": "00e17e22c15d5193a98a6bca1c24c1a3"}, {"key": "href", "hash": "950c8e1607e21d5daae40d6e035c0d04"}, {"key": "modified", "hash": "11adcfef0c4ad5230059a01cdd38d503"}, {"key": "naslFamily", "hash": "b46559ea68ec9a13474c3a7776817cfd"}, {"key": "pluginID", "hash": "47233cada37e3377ce5d1a88a09a20ee"}, {"key": "published", "hash": "64a24d7addd059730b11d3f2438d02b7"}, {"key": "references", "hash": "fc096e0dc13abdc68980eb8de0bfe6bd"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "37895c7745e0413899322068f48d4b29"}, {"key": "title", "hash": "b7bce24511082681a1a7eadc2f048e4b"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "96d67ca662ebf7d03ca2e65dadd9a8a15f14088c606cb060ac2c704a7371376a", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-4028"]}, {"type": "redhat", "idList": ["RHSA-2012:0303", "RHSA-2012:0939"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310870548", "OPENVAS:1361412562310123960", "OPENVAS:870548", "OPENVAS:136141256231070782", "OPENVAS:1361412562310123878", "OPENVAS:881153", "OPENVAS:70782", "OPENVAS:1361412562310870775", "OPENVAS:70617", "OPENVAS:1361412562310850266"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2012-0303.NASL", "SL_20120221_XORG_X11_SERVER_ON_SL5_X.NASL", "SUSE_11_3_XORG-X11-XVNC-111201.NASL", "FREEBSD_PKG_8441957CF9B411E0A78ABCAEC565249C.NASL", "REDHAT-RHSA-2012-0939.NASL", "ALA_ALAS-2012-104.NASL", "SL_20120620_XORG_X11_SERVER_ON_SL6_X.NASL", "CENTOS_RHSA-2012-0939.NASL", "SOLARIS11_XORG_20120417.NASL", "GENTOO_GLSA-201110-19.NASL"]}, {"type": "centos", "idList": ["CESA-2012:0939"]}, {"type": "suse", "idList": ["SUSE-SU-2011:1292-1", "OPENSUSE-SU-2012:0227-1"]}, {"type": "freebsd", "idList": ["8441957C-F9B4-11E0-A78A-BCAEC565249C"]}, {"type": "gentoo", "idList": ["GLSA-201110-19"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0939", "ELSA-2012-0303"]}, {"type": "amazon", "idList": ["ALAS-2012-104"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11984", "SECURITYVULNS:DOC:27170"]}, {"type": "ubuntu", "idList": ["USN-1232-3", "USN-1232-1", "USN-1232-2"]}], "modified": "2019-02-21T01:16:07"}, "score": {"value": 4.0, "vector": "NONE", "modified": "2019-02-21T01:16:07"}, "vulnersScore": 4.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0303. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58057);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/11/26 11:02:15\");\n\n script_cve_id(\"CVE-2011-4028\");\n script_bugtraq_id(50193);\n script_xref(name:\"RHSA\", value:\"2012:0303\");\n\n script_name(english:\"RHEL 5 : xorg-x11-server (RHSA-2012:0303)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xorg-x11-server packages that fix one security issue and\nvarious bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A\nlocal user with access to the system console could use this flaw to\ndetermine the existence of a file in a directory not accessible to the\nuser, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for\nreporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the\nmiDbePositionWindow() function were not both allocated in video\nmemory, or were both allocated in system memory, the X Window System\nsometimes terminated unexpectedly. A patch has been provided to\naddress this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the\nmiRegionDestroy() function with a NULL region, X terminated\nunexpectedly if the backing store was enabled. Now, X no longer\ncrashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor\noccasionally became stuck near the left edge of the X11 screen. A\npatch has been provided to address this issue and the mouse cursor no\nlonger becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the\nr500 driver in Zaphod mode, the mouse pointer was confined to one\nmonitor screen and could not move to the other screen. A patch has\nbeen provided to address this issue and the mouse cursor works\nproperly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer)\nterminated unexpectedly with a segmentation fault randomly when the\nlast client disconnected, that is when the server reset. This bug has\nbeen fixed in the miDCCloseScreen() function and Xvfb no longer\ncrashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with\nan integrated graphics adapter caused the server to terminate\nunexpectedly. This bug has been fixed in the code and Xephyr no longer\ncrashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the\nlimit advertised in the BigRequestsEnable reply, the X server closed\nthe connection unexpectedly. With this update, the maxBigRequestSize\nvariable has been added to the code to check the size of client\nrequests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the\nXineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no\nlonger crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System\np blade server, the installer did not set the correct mode on the\nbuilt-in KVM (Keyboard-Video-Mouse). Consequently, the graphical\ninstaller took a very long time to appear and then was displayed\nincorrectly. A patch has been provided to address this issue and the\ngraphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel\nupdate. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the\ncoordinates being negative. However, for dashed lines, the\nmiPolyBuildPoly() function overflowed the 'int' type when setting up\nedges for a section of a dashed line. Consequently, dashed segments\nwere not drawn at all. An upstream patch has been applied to address\nthis issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated\npackages, which correct these issues. All running X.Org server\ninstances must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-4028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0303\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0303\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "58057", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvnc-source", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xephyr", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xorg", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-debuginfo", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xnest", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xvfb", "p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-Xdmx"], "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:11:24", "bulletinFamily": "NVD", "description": "The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.", "modified": "2012-07-17T04:00:00", "id": "CVE-2011-4028", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4028", "published": "2012-07-03T19:55:00", "title": "CVE-2011-4028", "type": "cve", "cvss": {"score": 1.2, "vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2018-01-06T13:07:14", "bulletinFamily": "scanner", "description": "Check for the Version of xorg-x11-server", "modified": "2018-01-05T00:00:00", "published": "2012-02-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870548", "id": "OPENVAS:870548", "title": "RedHat Update for xorg-x11-server RHSA-2012:0303-03", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xorg-x11-server RHSA-2012:0303-03\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"X.Org is an open source implementation of the X Window System. It provides\n the basic low-level functionality that full-fledged graphical user\n interfaces are designed upon.\n\n A flaw was found in the way the X.Org server handled lock files. A local\n user with access to the system console could use this flaw to determine the\n existence of a file in a directory not accessible to the user, via a\n symbolic link attack. (CVE-2011-4028)\n\n Red Hat would like to thank the researcher with the nickname vladz for\n reporting this issue.\n\n This update also fixes the following bugs:\n\n * In rare cases, if the front and back buffer of the miDbePositionWindow()\n function were not both allocated in video memory, or were both allocated in\n system memory, the X Window System sometimes terminated unexpectedly. A\n patch has been provided to address this issue and X no longer crashes in\n the described scenario. (BZ#596899)\n\n * Previously, when the miSetShape() function called the miRegionDestroy()\n function with a NULL region, X terminated unexpectedly if the backing store\n was enabled. Now, X no longer crashes in the described scenario.\n (BZ#676270)\n\n * On certain workstations running in 32-bit mode, the X11 mouse cursor\n occasionally became stuck near the left edge of the X11 screen. A patch has\n been provided to address this issue and the mouse cursor no longer becomes\n stuck in the described scenario. (BZ#529717)\n\n * On certain workstations with a dual-head graphics adapter using the r500\n driver in Zaphod mode, the mouse pointer was confined to one monitor screen\n and could not move to the other screen. A patch has been provided to\n address this issue and the mouse cursor works properly across both screens.\n (BZ#559964)\n\n * Due to a double free operation, Xvfb (X virtual framebuffer) terminated\n unexpectedly with a segmentation fault randomly when the last client\n disconnected, that is when the server reset. This bug has been fixed in the\n miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)\n\n * Starting the Xephyr server on an AMD64 or Intel 64 architecture with an\n integrated graphics adapter caused the server to terminate unexpectedly.\n This bug has been fixed in the code and Xephyr no longer crashes in the\n described scenario. (BZ#454409)\n\n * Previously, when a client made a request bigger than 1/4th of the limit\n advertised in the BigRequestsEnable reply, the X server closed the\n connection unexpectedly. With this update, the maxBigRequestSize variable\n has been added to the code to check the size ...\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"xorg-x11-server on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00057.html\");\n script_id(870548);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:56:14 +0530 (Tue, 21 Feb 2012)\");\n script_tag(name:\"cvss_base\", value:\"1.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-4028\");\n script_xref(name: \"RHSA\", value: \"2012:0303-03\");\n script_name(\"RedHat Update for xorg-x11-server RHSA-2012:0303-03\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xorg-x11-server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xdmx\", rpm:\"xorg-x11-server-Xdmx~1.1.1~48.90.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.1.1~48.90.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xnest\", rpm:\"xorg-x11-server-Xnest~1.1.1~48.90.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.1.1~48.90.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvfb\", rpm:\"xorg-x11-server-Xvfb~1.1.1~48.90.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvnc-source\", rpm:\"xorg-x11-server-Xvnc-source~1.1.1~48.90.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-debuginfo\", rpm:\"xorg-x11-server-debuginfo~1.1.1~48.90.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~1.1.1~48.90.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:48", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-02-21T00:00:00", "id": "OPENVAS:1361412562310870548", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870548", "title": "RedHat Update for xorg-x11-server RHSA-2012:0303-03", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xorg-x11-server RHSA-2012:0303-03\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00057.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870548\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:56:14 +0530 (Tue, 21 Feb 2012)\");\n script_tag(name:\"cvss_base\", value:\"1.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-4028\");\n script_xref(name:\"RHSA\", value:\"2012:0303-03\");\n script_name(\"RedHat Update for xorg-x11-server RHSA-2012:0303-03\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xorg-x11-server'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"xorg-x11-server on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"X.Org is an open source implementation of the X Window System. It provides\n the basic low-level functionality that full-fledged graphical user\n interfaces are designed upon.\n\n A flaw was found in the way the X.Org server handled lock files. A local\n user with access to the system console could use this flaw to determine the\n existence of a file in a directory not accessible to the user, via a\n symbolic link attack. (CVE-2011-4028)\n\n Red Hat would like to thank the researcher with the nickname vladz for\n reporting this issue.\n\n This update also fixes the following bugs:\n\n * In rare cases, if the front and back buffer of the miDbePositionWindow()\n function were not both allocated in video memory, or were both allocated in\n system memory, the X Window System sometimes terminated unexpectedly. A\n patch has been provided to address this issue and X no longer crashes in\n the described scenario. (BZ#596899)\n\n * Previously, when the miSetShape() function called the miRegionDestroy()\n function with a NULL region, X terminated unexpectedly if the backing store\n was enabled. Now, X no longer crashes in the described scenario.\n (BZ#676270)\n\n * On certain workstations running in 32-bit mode, the X11 mouse cursor\n occasionally became stuck near the left edge of the X11 screen. A patch has\n been provided to address this issue and the mouse cursor no longer becomes\n stuck in the described scenario. (BZ#529717)\n\n * On certain workstations with a dual-head graphics adapter using the r500\n driver in Zaphod mode, the mouse pointer was confined to one monitor screen\n and could not move to the other screen. A patch has been provided to\n address this issue and the mouse cursor works properly across both screens.\n (BZ#559964)\n\n * Due to a double free operation, Xvfb (X virtual framebuffer) terminated\n unexpectedly with a segmentation fault randomly when the last client\n disconnected, that is when the server reset. This bug has been fixed in the\n miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)\n\n * Starting the Xephyr server on an AMD64 or Intel 64 architecture with an\n integrated graphics adapter caused the server to terminate unexpectedly.\n This bug has been fixed in the code and Xephyr no longer crashes in the\n described scenario. (BZ#454409)\n\n * Previously, when a client made a request bigger than 1/4th of the limit\n advertised in the BigRequestsEnable reply, the X server closed the\n connection unexpectedly. With this update, the maxBigRequestSize variable\n has been added to the code to check the size ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xdmx\", rpm:\"xorg-x11-server-Xdmx~1.1.1~48.90.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.1.1~48.90.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xnest\", rpm:\"xorg-x11-server-Xnest~1.1.1~48.90.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.1.1~48.90.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvfb\", rpm:\"xorg-x11-server-Xvfb~1.1.1~48.90.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvnc-source\", rpm:\"xorg-x11-server-Xvnc-source~1.1.1~48.90.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-debuginfo\", rpm:\"xorg-x11-server-debuginfo~1.1.1~48.90.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~1.1.1~48.90.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 1.2, "vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:36", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2012-0303", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123960", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123960", "title": "Oracle Linux Local Check: ELSA-2012-0303", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0303.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123960\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:51 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0303\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0303 - xorg-x11-server security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0303\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0303.html\");\n script_cve_id(\"CVE-2011-4028\");\n script_tag(name:\"cvss_base\", value:\"1.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xdmx\", rpm:\"xorg-x11-server-Xdmx~1.1.1~48.90.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.1.1~48.90.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xnest\", rpm:\"xorg-x11-server-Xnest~1.1.1~48.90.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.1.1~48.90.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvfb\", rpm:\"xorg-x11-server-Xvfb~1.1.1~48.90.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvnc-source\", rpm:\"xorg-x11-server-Xvnc-source~1.1.1~48.90.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~1.1.1~48.90.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 1.2, "vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-11T11:06:09", "bulletinFamily": "scanner", "description": "Check for the Version of xorg-x11-server", "modified": "2018-01-09T00:00:00", "published": "2012-06-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870775", "id": "OPENVAS:870775", "title": "RedHat Update for xorg-x11-server RHSA-2012:0939-04", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xorg-x11-server RHSA-2012:0939-04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"X.Org is an open source implementation of the X Window System. It provides\n the basic low-level functionality that full-fledged graphical user\n interfaces are designed upon.\n\n A flaw was found in the way the X.Org server handled lock files. A local\n user with access to the system console could use this flaw to determine the\n existence of a file in a directory not accessible to the user, via a\n symbolic link attack. (CVE-2011-4028)\n\n A race condition was found in the way the X.Org server managed temporary\n lock files. A local attacker could use this flaw to perform a symbolic link\n attack, allowing them to make an arbitrary file world readable, leading to\n the disclosure of sensitive information. (CVE-2011-4029)\n\n Red Hat would like to thank the researcher with the nickname vladz for\n reporting these issues.\n\n This update also fixes the following bugs:\n\n * Prior to this update, the KDE Display Manager (KDM) could pass invalid\n 24bpp pixmap formats to the X server. As a consequence, the X server could\n unexpectedly abort. This update modifies the underlying code to pass the\n correct formats. (BZ#651934, BZ#722860)\n \n * Prior to this update, absolute input devices, like the stylus of a\n graphic tablet, could become unresponsive in the right-most or bottom-most\n screen if the X server was configured as a multi-screen setup through\n multiple "Device" sections in the xorg.conf file. This update changes the\n screen crossing behavior so that absolute devices are always mapped across\n all screens. (BZ#732467)\n \n * Prior to this update, the misleading message "Session active, not\n inhibited, screen idle. If you see this test, your display server is broken\n and you should notify your distributor." could be displayed after resuming\n the system or re-enabling the display, and included a URL to an external\n web page. This update removes this message. (BZ#748704)\n \n * Prior to this update, the erroneous input handling code of the Xephyr\n server disabled screens on a screen crossing event. The focus was only on\n the screen where the mouse was located and only this screen was updated\n when the Xephyr nested X server was configured in a multi-screen setup.\n This update removes this code and Xephyr now correctly updates screens in\n multi-screen setups. (BZ#757792)\n \n * Prior to this update, raw events did not contain relative axis values. As\n a consequence, clients which relied on relative values for functioning did\n ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"xorg-x11-server on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-June/msg00036.html\");\n script_id(870775);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-22 10:26:29 +0530 (Fri, 22 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-4028\", \"CVE-2011-4029\");\n script_xref(name: \"RHSA\", value: \"2012:0939-04\");\n script_name(\"RedHat Update for xorg-x11-server RHSA-2012:0939-04\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xorg-x11-server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.10.6~1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.10.6~1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-common\", rpm:\"xorg-x11-server-common~1.10.6~1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-debuginfo\", rpm:\"xorg-x11-server-debuginfo~1.10.6~1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:53", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120267", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120267", "title": "Amazon Linux Local Check: ALAS-2012-104", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2012-104.nasl 6578 2017-07-06 13:44:33Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120267\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:21:58 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2012-104\");\n script_tag(name:\"insight\", value:\"A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028 )A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information. (CVE-2011-4029 )\");\n script_tag(name:\"solution\", value:\"Run yum update xorg-x11-server to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2012-104.html\");\n script_cve_id(\"CVE-2011-4029\", \"CVE-2011-4028\");\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"xorg-x11-server-common\", rpm:\"xorg-x11-server-common~1.10.6~1.12.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvfb\", rpm:\"xorg-x11-server-Xvfb~1.10.6~1.12.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.10.6~1.12.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-server-Xnest\", rpm:\"xorg-x11-server-Xnest~1.10.6~1.12.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-server-source\", rpm:\"xorg-x11-server-source~1.10.6~1.12.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-02T10:57:42", "bulletinFamily": "scanner", "description": "Check for the Version of xorg-x11-server", "modified": "2017-12-26T00:00:00", "published": "2012-08-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850266", "id": "OPENVAS:850266", "title": "SuSE Update for xorg-x11-server openSUSE-SU-2012:0227-1 (xorg-x11-server)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0227_1.nasl 8245 2017-12-26 06:29:59Z teissa $\n#\n# SuSE Update for xorg-x11-server openSUSE-SU-2012:0227-1 (xorg-x11-server)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The X server had two security issues and one bug that is\n fixed by this update.\n\n CVE-2011-4028: It is possible for a local attacker to\n deduce if a file exists or not by exploiting the way that\n Xorg creates its lock files.\n\n CVE-2011-4029: It is possible for a non-root local user to\n set the read permission for all users on any file or\n directory.\";\n\ntag_affected = \"xorg-x11-server on openSUSE 11.3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850266);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 23:08:35 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2011-4028\", \"CVE-2011-4029\");\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0227_1\");\n script_name(\"SuSE Update for xorg-x11-server openSUSE-SU-2012:0227-1 (xorg-x11-server)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xorg-x11-server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~7.5_1.8.0~10.15.2\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~7.5_1.8.0~10.15.2\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-extra\", rpm:\"xorg-x11-server-extra~7.5_1.8.0~10.15.2\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~7.5_1.8.0~10.15.2\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:47", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881153", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881153", "title": "CentOS Update for xorg-x11-server-common CESA-2012:0939 centos6", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xorg-x11-server-common CESA-2012:0939 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2012-July/018722.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881153\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:24:06 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-4028\", \"CVE-2011-4029\");\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"CESA\", value:\"2012:0939\");\n script_name(\"CentOS Update for xorg-x11-server-common CESA-2012:0939 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xorg-x11-server-common'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"xorg-x11-server-common on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"X.Org is an open source implementation of the X Window System. It provides\n the basic low-level functionality that full-fledged graphical user\n interfaces are designed upon.\n\n A flaw was found in the way the X.Org server handled lock files. A local\n user with access to the system console could use this flaw to determine the\n existence of a file in a directory not accessible to the user, via a\n symbolic link attack. (CVE-2011-4028)\n\n A race condition was found in the way the X.Org server managed temporary\n lock files. A local attacker could use this flaw to perform a symbolic link\n attack, allowing them to make an arbitrary file world readable, leading to\n the disclosure of sensitive information. (CVE-2011-4029)\n\n Red Hat would like to thank the researcher with the nickname vladz for\n reporting these issues.\n\n This update also fixes the following bugs:\n\n * Prior to this update, the KDE Display Manager (KDM) could pass invalid\n 24bpp pixmap formats to the X server. As a consequence, the X server could\n unexpectedly abort. This update modifies the underlying code to pass the\n correct formats. (BZ#651934, BZ#722860)\n\n * Prior to this update, absolute input devices, like the stylus of a\n graphic tablet, could become unresponsive in the right-most or bottom-most\n screen if the X server was configured as a multi-screen setup through\n multiple 'Device' sections in the xorg.conf file. This update changes the\n screen crossing behavior so that absolute devices are always mapped across\n all screens. (BZ#732467)\n\n * Prior to this update, the misleading message 'Session active, not\n inhibited, screen idle. If you see this test, your display server is broken\n and you should notify your distributor.' could be displayed after resuming\n the system or re-enabling the display, and included a URL to an external\n web page. This update removes this message. (BZ#748704)\n\n * Prior to this update, the erroneous input handling code of the Xephyr\n server disabled screens on a screen crossing event. The focus was only on\n the screen where the mouse was located and only this screen was updated\n when the Xephyr nested X server was configured in a multi-screen setup.\n This update removes this code and Xephyr now correctly updates screens in\n multi-screen setups. (BZ#757792)\n\n * Prior to this update, raw events did not contain relative axis values. As\n a consequence, clients which relied on relative values for functioning did\n not behave as expected. This update sets the values to the original driver\n values instead of the already transf ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-common\", rpm:\"xorg-x11-server-common~1.10.6~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-devel\", rpm:\"xorg-x11-server-devel~1.10.6~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-source\", rpm:\"xorg-x11-server-source~1.10.6~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xdmx\", rpm:\"xorg-x11-server-Xdmx~1.10.6~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xephyr\", rpm:\"xorg-x11-server-Xephyr~1.10.6~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xnest\", rpm:\"xorg-x11-server-Xnest~1.10.6~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xorg\", rpm:\"xorg-x11-server-Xorg~1.10.6~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-Xvfb\", rpm:\"xorg-x11-server-Xvfb~1.10.6~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~1.10.6~1.el6.centos\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-02T21:10:36", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-11T00:00:00", "published": "2012-02-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=70617", "id": "OPENVAS:70617", "title": "FreeBSD Ports: xorg-server", "type": "openvas", "sourceData": "#\n#VID 8441957c-f9b4-11e0-a78a-bcaec565249c\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 8441957c-f9b4-11e0-a78a-bcaec565249c\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: xorg-server\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(70617);\n script_tag(name:\"creation_date\", value:\"2012-02-13 01:48:16 +0100 (Mon, 13 Feb 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-11 11:02:04 +0200 (Tue, 11 Apr 2017) $\");\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-4028\", \"CVE-2011-4029\");\n script_version(\"$Revision: 5931 $\");\n script_name(\"FreeBSD Ports: xorg-server\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"xorg-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.7_3\")<0) {\n txt += 'Package xorg-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:24", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-08-02T00:00:00", "id": "OPENVAS:1361412562310850266", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850266", "title": "SuSE Update for xorg-x11-server openSUSE-SU-2012:0227-1 (xorg-x11-server)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0227_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for xorg-x11-server openSUSE-SU-2012:0227-1 (xorg-x11-server)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850266\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-02 23:08:35 +0530 (Thu, 02 Aug 2012)\");\n script_cve_id(\"CVE-2011-4028\", \"CVE-2011-4029\");\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:0227_1\");\n script_name(\"SuSE Update for xorg-x11-server openSUSE-SU-2012:0227-1 (xorg-x11-server)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xorg-x11-server'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE11\\.3\");\n script_tag(name:\"affected\", value:\"xorg-x11-server on openSUSE 11.3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The X server had two security issues and one bug that is\n fixed by this update.\n\n CVE-2011-4028: It is possible for a local attacker to\n deduce if a file exists or not by exploiting the way that\n Xorg creates its lock files.\n\n CVE-2011-4029: It is possible for a non-root local user to\n set the read permission for all users on any file or\n directory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE11.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~7.5_1.8.0~10.15.2\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~7.5_1.8.0~10.15.2\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-extra\", rpm:\"xorg-x11-server-extra~7.5_1.8.0~10.15.2\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~7.5_1.8.0~10.15.2\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2012-02-13T00:00:00", "id": "OPENVAS:136141256231070617", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070617", "title": "FreeBSD Ports: xorg-server", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_xorg-server2.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 8441957c-f9b4-11e0-a78a-bcaec565249c\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70617\");\n script_tag(name:\"creation_date\", value:\"2012-02-13 01:48:16 +0100 (Mon, 13 Feb 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-4028\", \"CVE-2011-4029\");\n script_version(\"$Revision: 11762 $\");\n script_name(\"FreeBSD Ports: xorg-server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: xorg-server\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"xorg-server\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.7_3\")<0) {\n txt += 'Package xorg-server version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2019-02-21T01:17:22", "bulletinFamily": "scanner", "description": "X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028)\n\nThis update also fixes the following bugs :\n\n - In rare cases, if the front and back buffer of the miDbePositionWindow() function were not both allocated in video memory, or were both allocated in system memory, the X Window System sometimes terminated unexpectedly. A patch has been provided to address this issue and X no longer crashes in the described scenario.\n\n - Previously, when the miSetShape() function called the miRegionDestroy() function with a NULL region, X terminated unexpectedly if the backing store was enabled. Now, X no longer crashes in the described scenario.\n\n - On certain workstations running in 32-bit mode, the X11 mouse cursor occasionally became stuck near the left edge of the X11 screen. A patch has been provided to address this issue and the mouse cursor no longer becomes stuck in the described scenario.\n\n - On certain workstations with a dual-head graphics adapter using the r500 driver in Zaphod mode, the mouse pointer was confined to one monitor screen and could not move to the other screen. A patch has been provided to address this issue and the mouse cursor works properly across both screens.\n\n - Due to a double free operation, Xvfb (X virtual framebuffer) terminated unexpectedly with a segmentation fault randomly when the last client disconnected, that is when the server reset. This bug has been fixed in the miDCCloseScreen() function and Xvfb no longer crashes.\n\n - Starting the Xephyr server on an AMD64 or Intel 64 architecture with an integrated graphics adapter caused the server to terminate unexpectedly. This bug has been fixed in the code and Xephyr no longer crashes in the described scenario.\n\n - Previously, when a client made a request bigger than 1/4th of the limit advertised in the BigRequestsEnable reply, the X server closed the connection unexpectedly.\n With this update, the maxBigRequestSize variable has been added to the code to check the size of client requests, thus fixing this bug.\n\n - When an X client running on a big-endian system called the XineramaQueryScreens() function, the X server terminated unexpectedly. This bug has been fixed in the xf86Xinerama module and the X server no longer crashes in the described scenario.\n\n - When installing Scientific Linux 5 on an IBM eServer System p blade server, the installer did not set the correct mode on the built-in KVM (Keyboard-Video-Mouse).\n Consequently, the graphical installer took a very long time to appear and then was displayed incorrectly. A patch has been provided to address this issue and the graphical installer now works as expected in the described scenario. Note that this fix requires the Scientific Linux 5.8 kernel update.\n\n - Lines longer than 46,340 pixels can be drawn with one of the coordinates being negative. However, for dashed lines, the miPolyBuildPoly() function overflowed the 'int' type when setting up edges for a section of a dashed line. Consequently, dashed segments were not drawn at all. An upstream patch has been applied to address this issue and dashed lines are now drawn correctly.\n\nAll users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.", "modified": "2018-12-31T00:00:00", "id": "SL_20120221_XORG_X11_SERVER_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61274", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : xorg-x11-server on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61274);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2011-4028\");\n\n script_name(english:\"Scientific Linux Security Update : xorg-x11-server on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"X.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A\nlocal user with access to the system console could use this flaw to\ndetermine the existence of a file in a directory not accessible to the\nuser, via a symbolic link attack. (CVE-2011-4028)\n\nThis update also fixes the following bugs :\n\n - In rare cases, if the front and back buffer of the\n miDbePositionWindow() function were not both allocated\n in video memory, or were both allocated in system\n memory, the X Window System sometimes terminated\n unexpectedly. A patch has been provided to address this\n issue and X no longer crashes in the described scenario.\n\n - Previously, when the miSetShape() function called the\n miRegionDestroy() function with a NULL region, X\n terminated unexpectedly if the backing store was\n enabled. Now, X no longer crashes in the described\n scenario.\n\n - On certain workstations running in 32-bit mode, the X11\n mouse cursor occasionally became stuck near the left\n edge of the X11 screen. A patch has been provided to\n address this issue and the mouse cursor no longer\n becomes stuck in the described scenario.\n\n - On certain workstations with a dual-head graphics\n adapter using the r500 driver in Zaphod mode, the mouse\n pointer was confined to one monitor screen and could not\n move to the other screen. A patch has been provided to\n address this issue and the mouse cursor works properly\n across both screens.\n\n - Due to a double free operation, Xvfb (X virtual\n framebuffer) terminated unexpectedly with a segmentation\n fault randomly when the last client disconnected, that\n is when the server reset. This bug has been fixed in the\n miDCCloseScreen() function and Xvfb no longer crashes.\n\n - Starting the Xephyr server on an AMD64 or Intel 64\n architecture with an integrated graphics adapter caused\n the server to terminate unexpectedly. This bug has been\n fixed in the code and Xephyr no longer crashes in the\n described scenario.\n\n - Previously, when a client made a request bigger than\n 1/4th of the limit advertised in the BigRequestsEnable\n reply, the X server closed the connection unexpectedly.\n With this update, the maxBigRequestSize variable has\n been added to the code to check the size of client\n requests, thus fixing this bug.\n\n - When an X client running on a big-endian system called\n the XineramaQueryScreens() function, the X server\n terminated unexpectedly. This bug has been fixed in the\n xf86Xinerama module and the X server no longer crashes\n in the described scenario.\n\n - When installing Scientific Linux 5 on an IBM eServer\n System p blade server, the installer did not set the\n correct mode on the built-in KVM (Keyboard-Video-Mouse).\n Consequently, the graphical installer took a very long\n time to appear and then was displayed incorrectly. A\n patch has been provided to address this issue and the\n graphical installer now works as expected in the\n described scenario. Note that this fix requires the\n Scientific Linux 5.8 kernel update.\n\n - Lines longer than 46,340 pixels can be drawn with one of\n the coordinates being negative. However, for dashed\n lines, the miPolyBuildPoly() function overflowed the\n 'int' type when setting up edges for a section of a\n dashed line. Consequently, dashed segments were not\n drawn at all. An upstream patch has been applied to\n address this issue and dashed lines are now drawn\n correctly.\n\nAll users of xorg-x11-server are advised to upgrade to these updated\npackages, which correct these issues. All running X.Org server\ninstances must be restarted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1203&L=scientific-linux-errata&T=0&P=2653\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eceff98c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xorg-x11-server-debuginfo-1.1.1-48.90.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:19:34", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2012:0303 :\n\nUpdated xorg-x11-server packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the miDbePositionWindow() function were not both allocated in video memory, or were both allocated in system memory, the X Window System sometimes terminated unexpectedly. A patch has been provided to address this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the miRegionDestroy() function with a NULL region, X terminated unexpectedly if the backing store was enabled. Now, X no longer crashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor occasionally became stuck near the left edge of the X11 screen. A patch has been provided to address this issue and the mouse cursor no longer becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the r500 driver in Zaphod mode, the mouse pointer was confined to one monitor screen and could not move to the other screen. A patch has been provided to address this issue and the mouse cursor works properly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer) terminated unexpectedly with a segmentation fault randomly when the last client disconnected, that is when the server reset. This bug has been fixed in the miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with an integrated graphics adapter caused the server to terminate unexpectedly. This bug has been fixed in the code and Xephyr no longer crashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the limit advertised in the BigRequestsEnable reply, the X server closed the connection unexpectedly. With this update, the maxBigRequestSize variable has been added to the code to check the size of client requests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the XineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no longer crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System p blade server, the installer did not set the correct mode on the built-in KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a very long time to appear and then was displayed incorrectly. A patch has been provided to address this issue and the graphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel update. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the coordinates being negative. However, for dashed lines, the miPolyBuildPoly() function overflowed the 'int' type when setting up edges for a section of a dashed line. Consequently, dashed segments were not drawn at all. An upstream patch has been applied to address this issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2012-0303.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68474", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : xorg-x11-server (ELSA-2012-0303)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0303 and \n# Oracle Linux Security Advisory ELSA-2012-0303 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68474);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2011-4028\");\n script_bugtraq_id(50193);\n script_xref(name:\"RHSA\", value:\"2012:0303\");\n\n script_name(english:\"Oracle Linux 5 : xorg-x11-server (ELSA-2012-0303)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0303 :\n\nUpdated xorg-x11-server packages that fix one security issue and\nvarious bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A\nlocal user with access to the system console could use this flaw to\ndetermine the existence of a file in a directory not accessible to the\nuser, via a symbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for\nreporting this issue.\n\nThis update also fixes the following bugs :\n\n* In rare cases, if the front and back buffer of the\nmiDbePositionWindow() function were not both allocated in video\nmemory, or were both allocated in system memory, the X Window System\nsometimes terminated unexpectedly. A patch has been provided to\naddress this issue and X no longer crashes in the described scenario.\n(BZ#596899)\n\n* Previously, when the miSetShape() function called the\nmiRegionDestroy() function with a NULL region, X terminated\nunexpectedly if the backing store was enabled. Now, X no longer\ncrashes in the described scenario. (BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor\noccasionally became stuck near the left edge of the X11 screen. A\npatch has been provided to address this issue and the mouse cursor no\nlonger becomes stuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the\nr500 driver in Zaphod mode, the mouse pointer was confined to one\nmonitor screen and could not move to the other screen. A patch has\nbeen provided to address this issue and the mouse cursor works\nproperly across both screens. (BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer)\nterminated unexpectedly with a segmentation fault randomly when the\nlast client disconnected, that is when the server reset. This bug has\nbeen fixed in the miDCCloseScreen() function and Xvfb no longer\ncrashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with\nan integrated graphics adapter caused the server to terminate\nunexpectedly. This bug has been fixed in the code and Xephyr no longer\ncrashes in the described scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the\nlimit advertised in the BigRequestsEnable reply, the X server closed\nthe connection unexpectedly. With this update, the maxBigRequestSize\nvariable has been added to the code to check the size of client\nrequests, thus fixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the\nXineramaQueryScreens() function, the X server terminated unexpectedly.\nThis bug has been fixed in the xf86Xinerama module and the X server no\nlonger crashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System\np blade server, the installer did not set the correct mode on the\nbuilt-in KVM (Keyboard-Video-Mouse). Consequently, the graphical\ninstaller took a very long time to appear and then was displayed\nincorrectly. A patch has been provided to address this issue and the\ngraphical installer now works as expected in the described scenario.\nNote that this fix requires the Red Hat Enterprise Linux 5.8 kernel\nupdate. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the\ncoordinates being negative. However, for dashed lines, the\nmiPolyBuildPoly() function overflowed the 'int' type when setting up\nedges for a section of a dashed line. Consequently, dashed segments\nwere not drawn at all. An upstream patch has been applied to address\nthis issue and dashed lines are now drawn correctly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated\npackages, which correct these issues. All running X.Org server\ninstances must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-March/002654.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xorg-x11-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xvnc-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xdmx-1.1.1-48.90.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xephyr-1.1.1-48.90.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xnest-1.1.1-48.90.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xorg-1.1.1-48.90.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xvfb-1.1.1-48.90.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-Xvnc-source-1.1.1-48.90.0.1.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"xorg-x11-server-sdk-1.1.1-48.90.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n}\n", "cvss": {"score": 1.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:19:37", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2012:0939 :\n\nUpdated xorg-x11-server packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nX.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028)\n\nA race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information.\n(CVE-2011-4029)\n\nRed Hat would like to thank the researcher with the nickname vladz for reporting these issues.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, the KDE Display Manager (KDM) could pass invalid 24bpp pixmap formats to the X server. As a consequence, the X server could unexpectedly abort. This update modifies the underlying code to pass the correct formats. (BZ#651934, BZ#722860)\n\n* Prior to this update, absolute input devices, like the stylus of a graphic tablet, could become unresponsive in the right-most or bottom-most screen if the X server was configured as a multi-screen setup through multiple 'Device' sections in the xorg.conf file. This update changes the screen crossing behavior so that absolute devices are always mapped across all screens. (BZ#732467)\n\n* Prior to this update, the misleading message 'Session active, not inhibited, screen idle. If you see this test, your display server is broken and you should notify your distributor.' could be displayed after resuming the system or re-enabling the display, and included a URL to an external web page. This update removes this message.\n(BZ#748704)\n\n* Prior to this update, the erroneous input handling code of the Xephyr server disabled screens on a screen crossing event. The focus was only on the screen where the mouse was located and only this screen was updated when the Xephyr nested X server was configured in a multi-screen setup. This update removes this code and Xephyr now correctly updates screens in multi-screen setups. (BZ#757792)\n\n* Prior to this update, raw events did not contain relative axis values. As a consequence, clients which relied on relative values for functioning did not behave as expected. This update sets the values to the original driver values instead of the already transformed values.\nNow, raw events contain relative axis values as expected. (BZ#805377)\n\nAll users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2012-0939.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68561", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : xorg-x11-server (ELSA-2012-0939)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0939 and \n# Oracle Linux Security Advisory ELSA-2012-0939 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68561);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2011-4028\", \"CVE-2011-4029\");\n script_bugtraq_id(50193, 50196);\n script_xref(name:\"RHSA\", value:\"2012:0939\");\n\n script_name(english:\"Oracle Linux 6 : xorg-x11-server (ELSA-2012-0939)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0939 :\n\nUpdated xorg-x11-server packages that fix two security issues and\nseveral bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A\nlocal user with access to the system console could use this flaw to\ndetermine the existence of a file in a directory not accessible to the\nuser, via a symbolic link attack. (CVE-2011-4028)\n\nA race condition was found in the way the X.Org server managed\ntemporary lock files. A local attacker could use this flaw to perform\na symbolic link attack, allowing them to make an arbitrary file world\nreadable, leading to the disclosure of sensitive information.\n(CVE-2011-4029)\n\nRed Hat would like to thank the researcher with the nickname vladz for\nreporting these issues.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, the KDE Display Manager (KDM) could pass\ninvalid 24bpp pixmap formats to the X server. As a consequence, the X\nserver could unexpectedly abort. This update modifies the underlying\ncode to pass the correct formats. (BZ#651934, BZ#722860)\n\n* Prior to this update, absolute input devices, like the stylus of a\ngraphic tablet, could become unresponsive in the right-most or\nbottom-most screen if the X server was configured as a multi-screen\nsetup through multiple 'Device' sections in the xorg.conf file. This\nupdate changes the screen crossing behavior so that absolute devices\nare always mapped across all screens. (BZ#732467)\n\n* Prior to this update, the misleading message 'Session active, not\ninhibited, screen idle. If you see this test, your display server is\nbroken and you should notify your distributor.' could be displayed\nafter resuming the system or re-enabling the display, and included a\nURL to an external web page. This update removes this message.\n(BZ#748704)\n\n* Prior to this update, the erroneous input handling code of the\nXephyr server disabled screens on a screen crossing event. The focus\nwas only on the screen where the mouse was located and only this\nscreen was updated when the Xephyr nested X server was configured in a\nmulti-screen setup. This update removes this code and Xephyr now\ncorrectly updates screens in multi-screen setups. (BZ#757792)\n\n* Prior to this update, raw events did not contain relative axis\nvalues. As a consequence, clients which relied on relative values for\nfunctioning did not behave as expected. This update sets the values to\nthe original driver values instead of the already transformed values.\nNow, raw events contain relative axis values as expected. (BZ#805377)\n\nAll users of xorg-x11-server are advised to upgrade to these updated\npackages, which correct these issues. All running X.Org server\ninstances must be restarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-July/002912.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xorg-x11-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:xorg-x11-server-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"xorg-x11-server-Xdmx-1.10.6-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xorg-x11-server-Xephyr-1.10.6-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xorg-x11-server-Xnest-1.10.6-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xorg-x11-server-Xorg-1.10.6-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xorg-x11-server-Xvfb-1.10.6-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xorg-x11-server-common-1.10.6-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xorg-x11-server-devel-1.10.6-1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"xorg-x11-server-source-1.10.6-1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xdmx / xorg-x11-server-Xephyr / etc\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:15:32", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201110-19 (X.Org X Server: Multiple vulnerabilities)\n\n vladz reported the following vulnerabilities in the X.Org X server:\n The X.Org X server follows symbolic links when trying to access the lock file for a X display, showing a predictable behavior depending on the file type of the link target (CVE-2011-4028).\n The X.Org X server lock file mechanism allows for a race condition to cause the X server to modify the file permissions of an arbitrary file to 0444 (CVE-2011-4029).\n Impact :\n\n A local attacker could exploit these vulnerabilities to disclose information by making arbitrary files on a system world-readable or gain information whether a specified file exists on the system and whether it is a file, directory, or a named pipe.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-07-11T00:00:00", "id": "GENTOO_GLSA-201110-19.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56594", "published": "2011-10-24T00:00:00", "title": "GLSA-201110-19 : X.Org X Server: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201110-19.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56594);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n\n script_cve_id(\"CVE-2011-4028\", \"CVE-2011-4029\");\n script_xref(name:\"GLSA\", value:\"201110-19\");\n\n script_name(english:\"GLSA-201110-19 : X.Org X Server: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201110-19\n(X.Org X Server: Multiple vulnerabilities)\n\n vladz reported the following vulnerabilities in the X.Org X server:\n The X.Org X server follows symbolic links when trying to access the\n lock file for a X display, showing a predictable behavior depending on\n the file type of the link target (CVE-2011-4028).\n The X.Org X server lock file mechanism allows for a race condition to\n cause the X server to modify the file permissions of an arbitrary file\n to 0444 (CVE-2011-4029).\n \nImpact :\n\n A local attacker could exploit these vulnerabilities to disclose\n information by making arbitrary files on a system world-readable or gain\n information whether a specified file exists on the system and whether it\n is a file, directory, or a named pipe.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201110-19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All X.Org X Server 1.9 users should upgrade to the latest 1.9 version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-base/xorg-server-1.9.5-r1'\n All X.Org X Server 1.10 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=x11-base/xorg-server-1.10.4-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:xorg-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"x11-base/xorg-server\", unaffected:make_list(\"rge 1.9.5-r1\", \"ge 1.10.4-r1\"), vulnerable:make_list(\"lt 1.10.4-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"X.Org X Server\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:15:44", "bulletinFamily": "scanner", "description": "This update fixes two security issues with the X server :\n\n - A local attacker could find out if a file exists by exploiting the way that Xorg creates its lock files.\n (CVE-2011-4028)\n\n - A non-root local user could set the read permission for all users on any file or directory. (CVE-2011-4029)", "modified": "2013-10-25T00:00:00", "id": "SUSE_11_XORG-X11-XVNC-111124.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57138", "published": "2011-12-13T00:00:00", "title": "SuSE 11.1 Security Update : xorg-x11-server (SAT Patch Number 5479)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57138);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:56:05 $\");\n\n script_cve_id(\"CVE-2011-4028\", \"CVE-2011-4029\");\n\n script_name(english:\"SuSE 11.1 Security Update : xorg-x11-server (SAT Patch Number 5479)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes two security issues with the X server :\n\n - A local attacker could find out if a file exists by\n exploiting the way that Xorg creates its lock files.\n (CVE-2011-4028)\n\n - A non-root local user could set the read permission for\n all users on any file or directory. (CVE-2011-4029)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4029.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5479.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xorg-x11-Xvnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xorg-x11-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xorg-x11-server-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"xorg-x11-Xvnc-7.4-27.40.52.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"xorg-x11-server-7.4-27.40.52.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"xorg-x11-server-extra-7.4-27.40.52.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"xorg-x11-Xvnc-7.4-27.40.52.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"xorg-x11-server-7.4-27.40.52.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"xorg-x11-server-extra-7.4-27.40.52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"xorg-x11-Xvnc-7.4-27.40.52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"xorg-x11-server-7.4-27.40.52.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"xorg-x11-server-extra-7.4-27.40.52.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:16:56", "bulletinFamily": "scanner", "description": "Updated xorg-x11-server packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nX.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028)\n\nA race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information.\n(CVE-2011-4029)\n\nRed Hat would like to thank the researcher with the nickname vladz for reporting these issues.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, the KDE Display Manager (KDM) could pass invalid 24bpp pixmap formats to the X server. As a consequence, the X server could unexpectedly abort. This update modifies the underlying code to pass the correct formats. (BZ#651934, BZ#722860)\n\n* Prior to this update, absolute input devices, like the stylus of a graphic tablet, could become unresponsive in the right-most or bottom-most screen if the X server was configured as a multi-screen setup through multiple 'Device' sections in the xorg.conf file. This update changes the screen crossing behavior so that absolute devices are always mapped across all screens. (BZ#732467)\n\n* Prior to this update, the misleading message 'Session active, not inhibited, screen idle. If you see this test, your display server is broken and you should notify your distributor.' could be displayed after resuming the system or re-enabling the display, and included a URL to an external web page. This update removes this message.\n(BZ#748704)\n\n* Prior to this update, the erroneous input handling code of the Xephyr server disabled screens on a screen crossing event. The focus was only on the screen where the mouse was located and only this screen was updated when the Xephyr nested X server was configured in a multi-screen setup. This update removes this code and Xephyr now correctly updates screens in multi-screen setups. (BZ#757792)\n\n* Prior to this update, raw events did not contain relative axis values. As a consequence, clients which relied on relative values for functioning did not behave as expected. This update sets the values to the original driver values instead of the already transformed values.\nNow, raw events contain relative axis values as expected. (BZ#805377)\n\nAll users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2012-0939.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59932", "published": "2012-07-11T00:00:00", "title": "CentOS 6 : xorg-x11-server (CESA-2012:0939)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0939 and \n# CentOS Errata and Security Advisory 2012:0939 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59932);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:30\");\n\n script_cve_id(\"CVE-2011-4028\", \"CVE-2011-4029\");\n script_bugtraq_id(50193, 50196);\n script_xref(name:\"RHSA\", value:\"2012:0939\");\n\n script_name(english:\"CentOS 6 : xorg-x11-server (CESA-2012:0939)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated xorg-x11-server packages that fix two security issues and\nseveral bugs are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nX.Org is an open source implementation of the X Window System. It\nprovides the basic low-level functionality that full-fledged graphical\nuser interfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A\nlocal user with access to the system console could use this flaw to\ndetermine the existence of a file in a directory not accessible to the\nuser, via a symbolic link attack. (CVE-2011-4028)\n\nA race condition was found in the way the X.Org server managed\ntemporary lock files. A local attacker could use this flaw to perform\na symbolic link attack, allowing them to make an arbitrary file world\nreadable, leading to the disclosure of sensitive information.\n(CVE-2011-4029)\n\nRed Hat would like to thank the researcher with the nickname vladz for\nreporting these issues.\n\nThis update also fixes the following bugs :\n\n* Prior to this update, the KDE Display Manager (KDM) could pass\ninvalid 24bpp pixmap formats to the X server. As a consequence, the X\nserver could unexpectedly abort. This update modifies the underlying\ncode to pass the correct formats. (BZ#651934, BZ#722860)\n\n* Prior to this update, absolute input devices, like the stylus of a\ngraphic tablet, could become unresponsive in the right-most or\nbottom-most screen if the X server was configured as a multi-screen\nsetup through multiple 'Device' sections in the xorg.conf file. This\nupdate changes the screen crossing behavior so that absolute devices\nare always mapped across all screens. (BZ#732467)\n\n* Prior to this update, the misleading message 'Session active, not\ninhibited, screen idle. If you see this test, your display server is\nbroken and you should notify your distributor.' could be displayed\nafter resuming the system or re-enabling the display, and included a\nURL to an external web page. This update removes this message.\n(BZ#748704)\n\n* Prior to this update, the erroneous input handling code of the\nXephyr server disabled screens on a screen crossing event. The focus\nwas only on the screen where the mouse was located and only this\nscreen was updated when the Xephyr nested X server was configured in a\nmulti-screen setup. This update removes this code and Xephyr now\ncorrectly updates screens in multi-screen setups. (BZ#757792)\n\n* Prior to this update, raw events did not contain relative axis\nvalues. As a consequence, clients which relied on relative values for\nfunctioning did not behave as expected. This update sets the values to\nthe original driver values instead of the already transformed values.\nNow, raw events contain relative axis values as expected. (BZ#805377)\n\nAll users of xorg-x11-server are advised to upgrade to these updated\npackages, which correct these issues. All running X.Org server\ninstances must be restarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-July/018722.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c991279d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xorg-x11-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xorg-x11-server-Xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xorg-x11-server-Xorg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xorg-x11-server-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xorg-x11-server-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:xorg-x11-server-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"xorg-x11-server-Xdmx-1.10.6-1.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xorg-x11-server-Xephyr-1.10.6-1.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xorg-x11-server-Xnest-1.10.6-1.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xorg-x11-server-Xorg-1.10.6-1.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xorg-x11-server-Xvfb-1.10.6-1.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xorg-x11-server-common-1.10.6-1.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xorg-x11-server-devel-1.10.6-1.el6.centos\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"xorg-x11-server-source-1.10.6-1.el6.centos\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:23:18", "bulletinFamily": "scanner", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists. (CVE-2011-4028)\n\n - The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file. (CVE-2011-4029)", "modified": "2018-11-15T00:00:00", "id": "SOLARIS11_XORG_20120417.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80818", "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : xorg (cve_2011_4028_information_disclosure)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80818);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\"CVE-2011-4028\", \"CVE-2011-4029\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : xorg (cve_2011_4028_information_disclosure)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - The LockServer function in os/utils.c in X.Org xserver\n before 1.11.2 allows local users to determine the\n existence of arbitrary files via a symlink attack on a\n temporary lock file, which is handled differently if the\n file exists. (CVE-2011-4028)\n\n - The LockServer function in os/utils.c in X.Org xserver\n before 1.11.2 allows local users to change the\n permissions of arbitrary files to 444, read those files,\n and possibly cause a denial of service (removed\n execution permission) via a symlink attack on a\n temporary lock file. (CVE-2011-4029)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2011-4028-information-disclosure-vulnerability-in-xorg\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?37e2409e\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2011-4029-race-condition-vulnerability-in-xorg\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?71efa4a9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 6.6.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:xorg\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^xorg$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.6.0.6.0\", sru:\"SRU 6.6\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : xorg\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_note(port:0, extra:error_extra);\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"xorg\");\n", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:21:48", "bulletinFamily": "scanner", "description": "The X server had two security issues and one bug that is fixed by this update.\n\nCVE-2011-4028: It is possible for a local attacker to deduce if a file exists or not by exploiting the way that Xorg creates its lock files.\n\nCVE-2011-4029: It is possible for a non-root local user to set the read permission for all users on any file or directory.", "modified": "2018-11-10T00:00:00", "id": "SUSE_11_3_XORG-X11-XVNC-111201.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75780", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : xorg-x11-Xvnc (openSUSE-SU-2012:0227-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update xorg-x11-Xvnc-5490.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75780);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:49:59\");\n\n script_cve_id(\"CVE-2011-4028\", \"CVE-2011-4029\");\n\n script_name(english:\"openSUSE Security Update : xorg-x11-Xvnc (openSUSE-SU-2012:0227-1)\");\n script_summary(english:\"Check for the xorg-x11-Xvnc-5490 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The X server had two security issues and one bug that is fixed by this\nupdate.\n\nCVE-2011-4028: It is possible for a local attacker to deduce if a file\nexists or not by exploiting the way that Xorg creates its lock files.\n\nCVE-2011-4029: It is possible for a non-root local user to set the\nread permission for all users on any file or directory.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-02/msg00028.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xorg-x11-Xvnc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-Xvnc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-server-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xorg-x11-server-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"xorg-x11-Xvnc-7.5_1.8.0-10.15.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"xorg-x11-server-7.5_1.8.0-10.15.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"xorg-x11-server-extra-7.5_1.8.0-10.15.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"xorg-x11-server-sdk-7.5_1.8.0-10.15.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:15:31", "bulletinFamily": "scanner", "description": "Matthieu Herrb reports :\n\nIt is possible to deduce if a file exists or not by exploiting the way that Xorg creates its lock files. This is caused by the fact that the X server is behaving differently if the lock file already exists as a symbolic link pointing to an existing or non-existing file.\n\nIt is possible for a non-root user to set the permissions for all users on any file or directory to 444, giving unwanted read access or causing denies of service (by removing execute permission). This is caused by a race between creating the lock file and setting its access modes.", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_8441957CF9B411E0A78ABCAEC565249C.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56548", "published": "2011-10-19T00:00:00", "title": "FreeBSD : Xorg server -- two vulnerabilities in X server lock handling code (8441957c-f9b4-11e0-a78a-bcaec565249c)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56548);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/11/10 11:49:42\");\n\n script_cve_id(\"CVE-2011-4028\", \"CVE-2011-4029\");\n\n script_name(english:\"FreeBSD : Xorg server -- two vulnerabilities in X server lock handling code (8441957c-f9b4-11e0-a78a-bcaec565249c)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Matthieu Herrb reports :\n\nIt is possible to deduce if a file exists or not by exploiting the way\nthat Xorg creates its lock files. This is caused by the fact that the\nX server is behaving differently if the lock file already exists as a\nsymbolic link pointing to an existing or non-existing file.\n\nIt is possible for a non-root user to set the permissions for all\nusers on any file or directory to 444, giving unwanted read access or\ncausing denies of service (by removing execute permission). This is\ncaused by a race between creating the lock file and setting its access\nmodes.\"\n );\n # https://vuxml.freebsd.org/freebsd/8441957c-f9b4-11e0-a78a-bcaec565249c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0c0099c5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:xorg-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/10/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"xorg-server<1.7.7_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:19:56", "bulletinFamily": "scanner", "description": "A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028)\n\nA race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information.\n(CVE-2011-4029)", "modified": "2018-04-18T00:00:00", "id": "ALA_ALAS-2012-104.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69594", "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : xorg-x11-server (ALAS-2012-104)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-104.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69594);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2011-4028\", \"CVE-2011-4029\");\n script_xref(name:\"ALAS\", value:\"2012-104\");\n script_xref(name:\"RHSA\", value:\"2012:0939\");\n\n script_name(english:\"Amazon Linux AMI : xorg-x11-server (ALAS-2012-104)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way the X.Org server handled lock files. A\nlocal user with access to the system console could use this flaw to\ndetermine the existence of a file in a directory not accessible to the\nuser, via a symbolic link attack. (CVE-2011-4028)\n\nA race condition was found in the way the X.Org server managed\ntemporary lock files. A local attacker could use this flaw to perform\na symbolic link attack, allowing them to make an arbitrary file world\nreadable, leading to the disclosure of sensitive information.\n(CVE-2011-4029)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-104.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update xorg-x11-server' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xorg-x11-server-Xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xorg-x11-server-Xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xorg-x11-server-Xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xorg-x11-server-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xorg-x11-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:xorg-x11-server-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"xorg-x11-server-Xephyr-1.10.6-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"xorg-x11-server-Xnest-1.10.6-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"xorg-x11-server-Xvfb-1.10.6-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"xorg-x11-server-common-1.10.6-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"xorg-x11-server-debuginfo-1.10.6-1.12.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"xorg-x11-server-source-1.10.6-1.12.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server-Xephyr / xorg-x11-server-Xnest / etc\");\n}\n", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:19", "bulletinFamily": "unix", "description": "X.Org is an open source implementation of the X Window System. It provides\nthe basic low-level functionality that full-fledged graphical user\ninterfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A local\nuser with access to the system console could use this flaw to determine the\nexistence of a file in a directory not accessible to the user, via a\nsymbolic link attack. (CVE-2011-4028)\n\nRed Hat would like to thank the researcher with the nickname vladz for\nreporting this issue.\n\nThis update also fixes the following bugs:\n\n* In rare cases, if the front and back buffer of the miDbePositionWindow()\nfunction were not both allocated in video memory, or were both allocated in\nsystem memory, the X Window System sometimes terminated unexpectedly. A\npatch has been provided to address this issue and X no longer crashes in\nthe described scenario. (BZ#596899)\n\n* Previously, when the miSetShape() function called the miRegionDestroy()\nfunction with a NULL region, X terminated unexpectedly if the backing store\nwas enabled. Now, X no longer crashes in the described scenario.\n(BZ#676270)\n\n* On certain workstations running in 32-bit mode, the X11 mouse cursor\noccasionally became stuck near the left edge of the X11 screen. A patch has\nbeen provided to address this issue and the mouse cursor no longer becomes\nstuck in the described scenario. (BZ#529717)\n\n* On certain workstations with a dual-head graphics adapter using the r500\ndriver in Zaphod mode, the mouse pointer was confined to one monitor screen\nand could not move to the other screen. A patch has been provided to\naddress this issue and the mouse cursor works properly across both screens.\n(BZ#559964)\n\n* Due to a double free operation, Xvfb (X virtual framebuffer) terminated\nunexpectedly with a segmentation fault randomly when the last client\ndisconnected, that is when the server reset. This bug has been fixed in the\nmiDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)\n\n* Starting the Xephyr server on an AMD64 or Intel 64 architecture with an\nintegrated graphics adapter caused the server to terminate unexpectedly.\nThis bug has been fixed in the code and Xephyr no longer crashes in the\ndescribed scenario. (BZ#454409)\n\n* Previously, when a client made a request bigger than 1/4th of the limit\nadvertised in the BigRequestsEnable reply, the X server closed the\nconnection unexpectedly. With this update, the maxBigRequestSize variable\nhas been added to the code to check the size of client requests, thus\nfixing this bug. (BZ#555000)\n\n* When an X client running on a big-endian system called the\nXineramaQueryScreens() function, the X server terminated unexpectedly. This\nbug has been fixed in the xf86Xinerama module and the X server no longer\ncrashes in the described scenario. (BZ#588346)\n\n* When installing Red Hat Enterprise Linux 5 on an IBM eServer System p\nblade server, the installer did not set the correct mode on the built-in\nKVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a\nvery long time to appear and then was displayed incorrectly. A patch has\nbeen provided to address this issue and the graphical installer now works\nas expected in the described scenario. Note that this fix requires the\nRed Hat Enterprise Linux 5.8 kernel update. (BZ#740497)\n\n* Lines longer than 46,340 pixels can be drawn with one of the coordinates\nbeing negative. However, for dashed lines, the miPolyBuildPoly() function\noverflowed the \"int\" type when setting up edges for a section of a dashed\nline. Consequently, dashed segments were not drawn at all. An upstream\npatch has been applied to address this issue and dashed lines are now drawn\ncorrectly. (BZ#649810)\n\nAll users of xorg-x11-server are advised to upgrade to these updated\npackages, which correct these issues. All running X.Org server instances\nmust be restarted for this update to take effect.\n", "modified": "2017-09-08T11:54:54", "published": "2012-02-21T05:00:00", "id": "RHSA-2012:0303", "href": "https://access.redhat.com/errata/RHSA-2012:0303", "type": "redhat", "title": "(RHSA-2012:0303) Low: xorg-x11-server security and bug fix update", "cvss": {"score": 1.2, "vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:44:55", "bulletinFamily": "unix", "description": "X.Org is an open source implementation of the X Window System. It provides\nthe basic low-level functionality that full-fledged graphical user\ninterfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A local\nuser with access to the system console could use this flaw to determine the\nexistence of a file in a directory not accessible to the user, via a\nsymbolic link attack. (CVE-2011-4028)\n\nA race condition was found in the way the X.Org server managed temporary\nlock files. A local attacker could use this flaw to perform a symbolic link\nattack, allowing them to make an arbitrary file world readable, leading to\nthe disclosure of sensitive information. (CVE-2011-4029)\n\nRed Hat would like to thank the researcher with the nickname vladz for\nreporting these issues.\n\nThis update also fixes the following bugs:\n\n* Prior to this update, the KDE Display Manager (KDM) could pass invalid\n24bpp pixmap formats to the X server. As a consequence, the X server could\nunexpectedly abort. This update modifies the underlying code to pass the\ncorrect formats. (BZ#651934, BZ#722860)\n\n* Prior to this update, absolute input devices, like the stylus of a\ngraphic tablet, could become unresponsive in the right-most or bottom-most\nscreen if the X server was configured as a multi-screen setup through\nmultiple \"Device\" sections in the xorg.conf file. This update changes the\nscreen crossing behavior so that absolute devices are always mapped across\nall screens. (BZ#732467)\n\n* Prior to this update, the misleading message \"Session active, not\ninhibited, screen idle. If you see this test, your display server is broken\nand you should notify your distributor.\" could be displayed after resuming\nthe system or re-enabling the display, and included a URL to an external\nweb page. This update removes this message. (BZ#748704)\n\n* Prior to this update, the erroneous input handling code of the Xephyr\nserver disabled screens on a screen crossing event. The focus was only on\nthe screen where the mouse was located and only this screen was updated\nwhen the Xephyr nested X server was configured in a multi-screen setup.\nThis update removes this code and Xephyr now correctly updates screens in\nmulti-screen setups. (BZ#757792)\n\n* Prior to this update, raw events did not contain relative axis values. As\na consequence, clients which relied on relative values for functioning did\nnot behave as expected. This update sets the values to the original driver\nvalues instead of the already transformed values. Now, raw events contain\nrelative axis values as expected. (BZ#805377)\n\nAll users of xorg-x11-server are advised to upgrade to these updated\npackages, which correct these issues. All running X.Org server instances\nmust be restarted for this update to take effect.\n", "modified": "2018-06-06T20:24:25", "published": "2012-06-20T04:00:00", "id": "RHSA-2012:0939", "href": "https://access.redhat.com/errata/RHSA-2012:0939", "type": "redhat", "title": "(RHSA-2012:0939) Low: xorg-x11-server security and bug fix update", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "amazon": [{"lastseen": "2019-05-29T17:22:47", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. ([CVE-2011-4028 __](<https://access.redhat.com/security/cve/CVE-2011-4028>))\n\nA race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information. ([CVE-2011-4029 __](<https://access.redhat.com/security/cve/CVE-2011-4029>))\n\n \n**Affected Packages:** \n\n\nxorg-x11-server\n\n \n**Issue Correction:** \nRun _yum update xorg-x11-server_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n xorg-x11-server-common-1.10.6-1.12.amzn1.i686 \n xorg-x11-server-Xvfb-1.10.6-1.12.amzn1.i686 \n xorg-x11-server-Xephyr-1.10.6-1.12.amzn1.i686 \n xorg-x11-server-Xnest-1.10.6-1.12.amzn1.i686 \n xorg-x11-server-debuginfo-1.10.6-1.12.amzn1.i686 \n \n noarch: \n xorg-x11-server-source-1.10.6-1.12.amzn1.noarch \n \n src: \n xorg-x11-server-1.10.6-1.12.amzn1.src \n \n x86_64: \n xorg-x11-server-debuginfo-1.10.6-1.12.amzn1.x86_64 \n xorg-x11-server-Xephyr-1.10.6-1.12.amzn1.x86_64 \n xorg-x11-server-Xnest-1.10.6-1.12.amzn1.x86_64 \n xorg-x11-server-Xvfb-1.10.6-1.12.amzn1.x86_64 \n xorg-x11-server-common-1.10.6-1.12.amzn1.x86_64 \n \n \n", "modified": "2014-09-14T16:44:00", "published": "2014-09-14T16:44:00", "id": "ALAS-2012-104", "href": "https://alas.aws.amazon.com/ALAS-2012-104.html", "title": "Low: xorg-x11-server", "type": "amazon", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2016-09-04T12:23:22", "bulletinFamily": "unix", "description": "The X server had two security issues and one bug that is\n fixed by this update.\n\n CVE-2011-4028: It is possible for a local attacker to\n deduce if a file exists or not by exploiting the way that\n Xorg creates its lock files.\n\n CVE-2011-4029: It is possible for a non-root local user to\n set the read permission for all users on any file or\n directory.\n\n", "modified": "2012-02-09T19:10:34", "published": "2012-02-09T19:10:34", "id": "OPENSUSE-SU-2012:0227-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00008.html", "title": "xorg-x11-server (important)", "type": "suse", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-04T11:32:37", "bulletinFamily": "unix", "description": "This update fixes two security issues with the X server:\n\n * A local attacker could find out if a file exists by\n exploiting the way that Xorg creates its lock files.\n (CVE-2011-4028\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4028\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4028</a>\n > )\n * A non-root local user could set the read permission\n for all users on any file or directory. (CVE-2011-4029\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4029\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4029</a>\n > )\n", "modified": "2011-12-02T08:08:16", "published": "2011-12-02T08:08:16", "id": "SUSE-SU-2011:1292-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00002.html", "type": "suse", "title": "Security update for xorg-x11-server (important)", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:21", "bulletinFamily": "unix", "description": "[1.10.6-1]\n- xserver 1.10.6\n- Use git-style patch names\n- compsize.h, glxcmds.h: Copy from upstream git since they fell out of the\n upstream tarball\n[1.10.4-15]\n- Undo regression introduced in Patch8007 (#732467)\n[1.10.4-14]\n- xserver-1.10.4-sync-revert.patch: Revert an edge-case change in IDLETIME\n that appears to be more wrong than right. (#748704)\n[1.10.4-13]\n- xserver-1.10.4-randr-corner-case.patch: Fix a corner case in initial\n mode selection. (#657580)\n- xserver-1.10.4-vbe-no-cache-ddc-support.patch: Only interpret complete\n non-support for DDC extension as 'DDC unavailable'. (#657580)\n[1.10.4-11]\n- xserver-1.10.4-dix-when-rescaling-from-master-rescale-from-desktop-.patch:\n fix rescaling from master to slave if the pointer (#732467)\n[1.10.4-10]\n- Add patches to change the screen crossing behaviour for multiple\n ScreenRecs (#732467)\n- remove the xorg.conf.man page from our .gitignore - we need to patch it\n now and its part of the upstream distribution\n[1.10.4-9]\n- xserver-1.10.4-no-24bpp-xaa-composite.patch: Disable Composite at 24bpp\n in XAA (#651934)\n[1.10.4-8]\n- xserver-1.10.4-fb-picture-crash.patch: Fix crash on invalid pictures (#722680)\n[1.10.4-7]\n- fix xephyr rendering when using two screens (#757792)", "modified": "2012-06-27T00:00:00", "published": "2012-06-27T00:00:00", "id": "ELSA-2012-0939", "href": "http://linux.oracle.com/errata/ELSA-2012-0939.html", "title": "xorg-x11-server security and bug fix update", "type": "oraclelinux", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:37", "bulletinFamily": "unix", "description": "[1.1.1-48.90.0.1.el5]\n- Added oracle-enterprise-detect.patch\n- Replaced 'Red Hat' in spec file\n[1.1.1-48.90]\n- cve-2011-4028.patch: File existence disclosure vulnerability.\n[1.1.1-48.88]\n- cve-2011-4818.patch: Multiple input sanitization flaws in Render and GLX\n- xorg-x11-server-1.1.0-mesa-copy-sub-buffer.patch: Likewise.\n[1.1.1-48.87]\n- xserver-1.1.1-fbdev-iterate-modes.patch: fix fbdev driver not iterating\n across all modes of a certain dimension (#740497)\n[1.1.1-48.86]\n- xserver-1.1.1-midc-double-free.patch: Don't double-free the picture for\n the root window when using the mi (software) cursor path. (#674741)\n[1.1.1-48.85]\n- xserver-1.1.1-bigreqs-buffer-size.patch: Fix BIG-REQUESTS buffer size\n (#555000)\n[1.1.1-48.84]\n- xserver-1.1.1-xinerama-crash.patch: Fix a crash in XineramaQueryScreens\n when client is swapped (#588346)\n[1.1.1-48.83]\n- xserver-1.1.1-xephyr-keymap.patch: Fix types in Xephyr keymap setup (#454409)\n[1.1.1-48.82]\n- xserver-1.1.1-wideline-overflow.patch: Fix integer overflow in wide line\n renderer (#649810)\n[1.1.1-48.81]\n- Fix mouse stuck on edge (#529717)\n[1.1.1-48.80]\n- xserver-1.1.1-bs-crash.patch: Fix a crash in backing store. (#676270)\n[1.1.1-48.79]\n- xserver-1.1.1-randr-fix-mouse-crossing.patch: fix zaphod mouse crossing (#559964)\n[1.1.1-48.78]\n- cve-2010-1166.patch: Fix broken modulo math in Render and arc code.\n Identical to xserver-1.1.1-mod-macro-parens.patch in 5.5.z. (#582651)\n[1.1.1-48.77]\n- xserver-1.1.1-dbe-validate-gc.patch: Validate the GC against both front\n and back buffers (#596899)", "modified": "2012-03-01T00:00:00", "published": "2012-03-01T00:00:00", "id": "ELSA-2012-0303", "href": "http://linux.oracle.com/errata/ELSA-2012-0303.html", "title": "xorg-x11-server security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:54", "bulletinFamily": "unix", "description": "### Background\n\nThe X Window System is a graphical windowing system based on a client/server model. \n\n### Description\n\nvladz reported the following vulnerabilities in the X.Org X server:\n\n * The X.Org X server follows symbolic links when trying to access the lock file for a X display, showing a predictable behavior depending on the file type of the link target (CVE-2011-4028). \n * The X.Org X server lock file mechanism allows for a race condition to cause the X server to modify the file permissions of an arbitrary file to 0444 (CVE-2011-4029). \n\n### Impact\n\nA local attacker could exploit these vulnerabilities to disclose information by making arbitrary files on a system world-readable or gain information whether a specified file exists on the system and whether it is a file, directory, or a named pipe. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll X.Org X Server 1.9 users should upgrade to the latest 1.9 version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-base/xorg-server-1.9.5-r1\"\n \n\nAll X.Org X Server 1.10 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-base/xorg-server-1.10.4-r1\"", "modified": "2011-10-22T00:00:00", "published": "2011-10-22T00:00:00", "id": "GLSA-201110-19", "href": "https://security.gentoo.org/glsa/201110-19", "type": "gentoo", "title": "X.Org X Server: Multiple vulnerabilities", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:56", "bulletinFamily": "unix", "description": "\nMatthieu Herrb reports:\n\nIt is possible to deduce if a file exists or not by exploiting\n\t the way that Xorg creates its lock files. This is caused by the\n\t fact that the X server is behaving differently if the lock file\n\t already exists as a symbolic link pointing to an existing or\n\t non-existing file.\nIt is possible for a non-root user to set the permissions for\n\t all users on any file or directory to 444, giving unwanted read\n\t access or causing denies of service (by removing execute\n\t permission). This is caused by a race between creating the lock\n\t file and setting its access modes.\n\n", "modified": "2011-10-18T00:00:00", "published": "2011-10-18T00:00:00", "id": "8441957C-F9B4-11E0-A78A-BCAEC565249C", "href": "https://vuxml.freebsd.org/freebsd/8441957c-f9b4-11e0-a78a-bcaec565249c.html", "title": "Xorg server -- two vulnerabilities in X server lock handling code", "type": "freebsd", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "centos": [{"lastseen": "2019-05-29T18:35:41", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0939\n\n\nX.Org is an open source implementation of the X Window System. It provides\nthe basic low-level functionality that full-fledged graphical user\ninterfaces are designed upon.\n\nA flaw was found in the way the X.Org server handled lock files. A local\nuser with access to the system console could use this flaw to determine the\nexistence of a file in a directory not accessible to the user, via a\nsymbolic link attack. (CVE-2011-4028)\n\nA race condition was found in the way the X.Org server managed temporary\nlock files. A local attacker could use this flaw to perform a symbolic link\nattack, allowing them to make an arbitrary file world readable, leading to\nthe disclosure of sensitive information. (CVE-2011-4029)\n\nRed Hat would like to thank the researcher with the nickname vladz for\nreporting these issues.\n\nThis update also fixes the following bugs:\n\n* Prior to this update, the KDE Display Manager (KDM) could pass invalid\n24bpp pixmap formats to the X server. As a consequence, the X server could\nunexpectedly abort. This update modifies the underlying code to pass the\ncorrect formats. (BZ#651934, BZ#722860)\n\n* Prior to this update, absolute input devices, like the stylus of a\ngraphic tablet, could become unresponsive in the right-most or bottom-most\nscreen if the X server was configured as a multi-screen setup through\nmultiple \"Device\" sections in the xorg.conf file. This update changes the\nscreen crossing behavior so that absolute devices are always mapped across\nall screens. (BZ#732467)\n\n* Prior to this update, the misleading message \"Session active, not\ninhibited, screen idle. If you see this test, your display server is broken\nand you should notify your distributor.\" could be displayed after resuming\nthe system or re-enabling the display, and included a URL to an external\nweb page. This update removes this message. (BZ#748704)\n\n* Prior to this update, the erroneous input handling code of the Xephyr\nserver disabled screens on a screen crossing event. The focus was only on\nthe screen where the mouse was located and only this screen was updated\nwhen the Xephyr nested X server was configured in a multi-screen setup.\nThis update removes this code and Xephyr now correctly updates screens in\nmulti-screen setups. (BZ#757792)\n\n* Prior to this update, raw events did not contain relative axis values. As\na consequence, clients which relied on relative values for functioning did\nnot behave as expected. This update sets the values to the original driver\nvalues instead of the already transformed values. Now, raw events contain\nrelative axis values as expected. (BZ#805377)\n\nAll users of xorg-x11-server are advised to upgrade to these updated\npackages, which correct these issues. All running X.Org server instances\nmust be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-July/018722.html\n\n**Affected packages:**\nxorg-x11-server\nxorg-x11-server-Xdmx\nxorg-x11-server-Xephyr\nxorg-x11-server-Xnest\nxorg-x11-server-Xorg\nxorg-x11-server-Xvfb\nxorg-x11-server-common\nxorg-x11-server-devel\nxorg-x11-server-source\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0939.html", "modified": "2012-07-10T13:26:54", "published": "2012-07-10T13:26:54", "href": "http://lists.centos.org/pipermail/centos-announce/2012-July/018722.html", "id": "CESA-2012:0939", "title": "xorg security update", "type": "centos", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "ubuntu": [{"lastseen": "2019-05-29T17:21:50", "bulletinFamily": "unix", "description": "USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support.\n\nThis update temporarily disables the fix for CVE-2010-4818 that introduced the regression.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-4818)\n\nIt was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly read arbitrary data from the X server process. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-4819)\n\nVladz discovered that the X server incorrectly handled lock files. A local attacker could use this flaw to determine if a file existed or not. (CVE-2011-4028)\n\nVladz discovered that the X server incorrectly handled setting lock file permissions. A local attacker could use this flaw to gain read permissions on arbitrary files and view sensitive information. (CVE-2011-4029)", "modified": "2011-10-19T00:00:00", "published": "2011-10-19T00:00:00", "id": "USN-1232-2", "href": "https://usn.ubuntu.com/1232-2/", "title": "X.Org X server regression", "type": "ubuntu", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:23:26", "bulletinFamily": "unix", "description": "It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-4818)\n\nIt was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly read arbitrary data from the X server process. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-4819)\n\nVladz discovered that the X server incorrectly handled lock files. A local attacker could use this flaw to determine if a file existed or not. (CVE-2011-4028)\n\nVladz discovered that the X server incorrectly handled setting lock file permissions. A local attacker could use this flaw to gain read permissions on arbitrary files and view sensitive information. (CVE-2011-4029)", "modified": "2011-10-18T00:00:00", "published": "2011-10-18T00:00:00", "id": "USN-1232-1", "href": "https://usn.ubuntu.com/1232-1/", "title": "X.Org X server vulnerabilities", "type": "ubuntu", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:22:41", "bulletinFamily": "unix", "description": "USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support, and USN-1232-2 was released to temporarily disable the problematic security fix. This update includes a revised fix for CVE-2010-4818.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. (CVE-2010-4818)\n\nIt was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly read arbitrary data from the X server process. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-4819)\n\nVladz discovered that the X server incorrectly handled lock files. A local attacker could use this flaw to determine if a file existed or not. (CVE-2011-4028)\n\nVladz discovered that the X server incorrectly handled setting lock file permissions. A local attacker could use this flaw to gain read permissions on arbitrary files and view sensitive information. (CVE-2011-4029)", "modified": "2011-10-20T00:00:00", "published": "2011-10-20T00:00:00", "id": "USN-1232-3", "href": "https://usn.ubuntu.com/1232-3/", "title": "X.Org X server vulnerability", "type": "ubuntu", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:44", "bulletinFamily": "software", "description": "Memory corruprions, insecure lock file creation.", "modified": "2011-10-20T00:00:00", "published": "2011-10-20T00:00:00", "id": "SECURITYVULNS:VULN:11984", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11984", "title": "X.Org multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "description": "==========================================================================\r\nUbuntu Security Notice USN-1232-1\r\nOctober 18, 2011\r\n\r\nxorg-server vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.10\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nThe X server could be made to crash, run programs as an administrator, or\r\nread arbitrary files.\r\n\r\nSoftware Description:\r\n- xorg-server: X.Org X server\r\n\r\nDetails:\r\n\r\nIt was discovered that the X server incorrectly handled certain malformed\r\ninput. An authorized attacker could exploit this to cause the X server to\r\ncrash, leading to a denial or service, or possibly execute arbitrary code\r\nwith root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10.\r\n(CVE-2010-4818)\r\n\r\nIt was discovered that the X server incorrectly handled certain malformed\r\ninput. An authorized attacker could exploit this to cause the X server to\r\ncrash, leading to a denial or service, or possibly read arbitrary data from\r\nthe X server process. This issue only affected Ubuntu 10.04 LTS.\r\n(CVE-2010-4819)\r\n\r\nVladz discovered that the X server incorrectly handled lock files. A local\r\nattacker could use this flaw to determine if a file existed or not.\r\n(CVE-2011-4028)\r\n\r\nVladz discovered that the X server incorrectly handled setting lock file\r\npermissions. A local attacker could use this flaw to gain read permissions\r\non arbitrary files and view sensitive information. (CVE-2011-4029)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.10:\r\n xserver-xorg-core 2:1.10.4-1ubuntu4.1\r\n\r\nUbuntu 11.04:\r\n xserver-xorg-core 2:1.10.1-1ubuntu1.3\r\n\r\nUbuntu 10.10:\r\n xserver-xorg-core 2:1.9.0-0ubuntu7.5\r\n\r\nUbuntu 10.04 LTS:\r\n xserver-xorg-core 2:1.7.6-2ubuntu7.8\r\n\r\nAfter a standard system update you need to restart your session to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1232-1\r\n CVE-2010-4818, CVE-2010-4819, CVE-2011-4028, CVE-2011-4029\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/xorg-server/2:1.10.4-1ubuntu4.1\r\n https://launchpad.net/ubuntu/+source/xorg-server/2:1.10.1-1ubuntu1.3\r\n https://launchpad.net/ubuntu/+source/xorg-server/2:1.9.0-0ubuntu7.5\r\n https://launchpad.net/ubuntu/+source/xorg-server/2:1.7.6-2ubuntu7.8\r\n", "modified": "2011-10-20T00:00:00", "published": "2011-10-20T00:00:00", "id": "SECURITYVULNS:DOC:27170", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27170", "title": "[USN-1232-1] X.Org X server vulnerabilities", "type": "securityvulns", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
