Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20190806_XORG_ON_SL7_X.NASLHistoryAug 27, 2019 - 12:00 a.m.
Scientific Linux Security Update : Xorg on SL7.x x86_64 (20190806)
2019-08-2700:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.3
Confidence
High
EPSS
0.052
Percentile
93.0%
Security Fix(es) :
-
libX11: Crash on invalid reply in XListExtensions in ListExt.c (CVE-2018-14598)
-
libX11: Off-by-one error in XListExtensions in ListExt.c (CVE-2018-14599)
-
libX11: Out of Bounds write in XListExtensions in ListExt.c (CVE-2018-14600)
-
libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash (CVE-2018-15857)
-
libxkbcommon: Endless recursion in xkbcomp/expr.c resulting in a crash (CVE-2018-15853)
-
libxkbcommon: NULL pointer dereference resulting in a crash (CVE-2018-15854)
-
libxkbcommon: NULL pointer dereference when handling xkb_geometry (CVE-2018-15855)
-
libxkbcommon: Infinite loop when reaching EOL unexpectedly resulting in a crash (CVE-2018-15856)
-
libxkbcommon: NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash (CVE-2018-15859)
-
libxkbcommon: NULL pointer dereference in ExprResolveLhs resulting in a crash (CVE-2018-15861)
-
libxkbcommon: NULL pointer dereference in LookupModMask resulting in a crash (CVE-2018-15862)
-
libxkbcommon: NULL pointer dereference in ResolveStateAndPredicate resulting in a crash (CVE-2018-15863)
-
libxkbcommon: NULL pointer dereference in resolve_keysym resulting in a crash (CVE-2018-15864)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('compat.inc');
if (description)
{
script_id(128206);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/01");
script_cve_id(
"CVE-2018-14598",
"CVE-2018-14599",
"CVE-2018-14600",
"CVE-2018-15853",
"CVE-2018-15854",
"CVE-2018-15855",
"CVE-2018-15856",
"CVE-2018-15857",
"CVE-2018-15859",
"CVE-2018-15861",
"CVE-2018-15862",
"CVE-2018-15863",
"CVE-2018-15864"
);
script_name(english:"Scientific Linux Security Update : Xorg on SL7.x x86_64 (20190806)");
script_set_attribute(attribute:"synopsis", value:
"The remote Scientific Linux host is missing one or more security
updates.");
script_set_attribute(attribute:"description", value:
"Security Fix(es) :
- libX11: Crash on invalid reply in XListExtensions in
ListExt.c (CVE-2018-14598)
- libX11: Off-by-one error in XListExtensions in ListExt.c
(CVE-2018-14599)
- libX11: Out of Bounds write in XListExtensions in
ListExt.c (CVE-2018-14600)
- libxkbcommon: Invalid free in ExprAppendMultiKeysymList
resulting in a crash (CVE-2018-15857)
- libxkbcommon: Endless recursion in xkbcomp/expr.c
resulting in a crash (CVE-2018-15853)
- libxkbcommon: NULL pointer dereference resulting in a
crash (CVE-2018-15854)
- libxkbcommon: NULL pointer dereference when handling
xkb_geometry (CVE-2018-15855)
- libxkbcommon: Infinite loop when reaching EOL
unexpectedly resulting in a crash (CVE-2018-15856)
- libxkbcommon: NULL pointer dereference when parsing
invalid atoms in ExprResolveLhs resulting in a crash
(CVE-2018-15859)
- libxkbcommon: NULL pointer dereference in ExprResolveLhs
resulting in a crash (CVE-2018-15861)
- libxkbcommon: NULL pointer dereference in LookupModMask
resulting in a crash (CVE-2018-15862)
- libxkbcommon: NULL pointer dereference in
ResolveStateAndPredicate resulting in a crash
(CVE-2018-15863)
- libxkbcommon: NULL pointer dereference in resolve_keysym
resulting in a crash (CVE-2018-15864)");
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1908&L=SCIENTIFIC-LINUX-ERRATA&P=31662
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?174243fc");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-14600");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/24");
script_set_attribute(attribute:"patch_publication_date", value:"2019/08/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gdm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gdm-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gdm-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:gdm-pam-extensions-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libX11");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libX11-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libX11-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libX11-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxkbcommon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxkbcommon-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxkbcommon-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxkbcommon-x11");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxkbcommon-x11-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mesa-libGLw");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mesa-libGLw-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:mesa-libGLw-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xorg-x11-drv-ati");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xorg-x11-drv-ati-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xorg-x11-drv-vesa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xorg-x11-drv-vesa-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xorg-x11-drv-wacom");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xorg-x11-drv-wacom-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xorg-x11-drv-wacom-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-Xdmx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-Xephyr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-Xnest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-Xorg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-Xvfb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-Xwayland");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:xorg-x11-server-source");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Scientific Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gdm-3.28.2-16.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gdm-debuginfo-3.28.2-16.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gdm-devel-3.28.2-16.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"gdm-pam-extensions-devel-3.28.2-16.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libX11-1.6.7-2.el7")) flag++;
if (rpm_check(release:"SL7", reference:"libX11-common-1.6.7-2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libX11-common-1.6.7-2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libX11-debuginfo-1.6.7-2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libX11-devel-1.6.7-2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libxkbcommon-0.7.1-3.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libxkbcommon-debuginfo-0.7.1-3.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libxkbcommon-devel-0.7.1-3.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libxkbcommon-x11-0.7.1-3.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libxkbcommon-x11-devel-0.7.1-3.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mesa-libGLw-8.0.0-5.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mesa-libGLw-debuginfo-8.0.0-5.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"mesa-libGLw-devel-8.0.0-5.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xorg-x11-drv-ati-19.0.1-2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xorg-x11-drv-ati-debuginfo-19.0.1-2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xorg-x11-drv-vesa-2.4.0-3.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xorg-x11-drv-vesa-debuginfo-2.4.0-3.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xorg-x11-drv-wacom-0.36.1-3.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xorg-x11-drv-wacom-debuginfo-0.36.1-3.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xorg-x11-drv-wacom-devel-0.36.1-3.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xorg-x11-server-Xdmx-1.20.4-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xorg-x11-server-Xephyr-1.20.4-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xorg-x11-server-Xnest-1.20.4-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xorg-x11-server-Xorg-1.20.4-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xorg-x11-server-Xvfb-1.20.4-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xorg-x11-server-Xwayland-1.20.4-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xorg-x11-server-common-1.20.4-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xorg-x11-server-debuginfo-1.20.4-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xorg-x11-server-devel-1.20.4-7.el7")) flag++;
if (rpm_check(release:"SL7", reference:"xorg-x11-server-source-1.20.4-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"xorg-x11-server-source-1.20.4-7.el7")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gdm / gdm-debuginfo / gdm-devel / gdm-pam-extensions-devel / libX11 / etc");
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14598
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14599
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14600
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15853
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15854
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15855
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15856
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15857
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15859
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15861
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15862
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15863
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15864
www.nessus.org/u?174243fc
Related
amazon
amazon
Medium: xorg-x11-server
2020-06-03 18:21:00
Medium: libX11
2019-06-11 23:17:00
nessus
nessus
Amazon Linux 2 : xorg-x11-server (ALAS-2020-1433)
2020-06-04 00:00:00
RHEL 7 : Xorg (RHSA-2019:2079)
2019-08-12 00:00:00
redhat
redhat
(RHSA-2019:2079) Moderate: Xorg security and bug fix update
2019-08-06 07:58:40
centos
centos
gdm, libX11, libxkbcommon, xorg security update
2019-08-30 02:52:02
openvas
openvas
CentOS: Security Advisory for xorg-x11-drv-ati (CESA-2019:2079)
2021-04-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:0037-1)
2024-01-08 00:00:00
Mageia: Security Advisory (MGASA-2018-0369)
2022-01-28 00:00:00
oraclelinux
oraclelinux
Xorg security and bug fix update
2019-08-13 00:00:00
suse
suse
Security update for libxkbcommon (low)
2018-11-17 00:15:49
Security update for libX11 (moderate)
2018-10-05 12:07:58
Security update for libX11 (important)
2018-08-31 12:07:54
ubuntu
ubuntu
libxkbcommon vulnerabilities
2018-10-08 00:00:00
libxkbcommon vulnerabilities
2018-11-06 00:00:00
libx11 vulnerabilities
2018-08-30 00:00:00
cloudfoundry
cloudfoundry
USN-3786-1: libxkbcommon vulnerabilities | Cloud Foundry
2018-10-09 00:00:00
USN-3758-1: libx11 vulnerabilities | Cloud Foundry
2018-09-27 00:00:00
gentoo
gentoo
xkbcommon: Multiple vulnerabilities
2018-10-30 00:00:00
X.Org X11 library: Multiple vulnerabilities
2018-11-09 00:00:00
mageia
mageia
Updated libxkbcommon packages fix security vulnerabilities
2018-09-07 13:15:03
Updated libx11 packages fix security vulnerabilities
2018-09-21 02:17:55
ibm
ibm
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in xorg-x11-libX11 (CVE-2018-14598 CVE-2018-14599 CVE-2018-14600)
2023-12-07 22:45:02
slackware
slackware
[slackware-security] libX11
2018-08-21 20:09:53
freebsd
freebsd
libX11 -- Multiple vulnerabilities
2018-08-21 00:00:00
debian
debian
[SECURITY] [DLA 1482-1] libx11 security update
2018-08-29 22:17:50
osv
osv
libx11 - security update
2018-08-29 00:00:00
libX11-6-1.7.2-1.2 on GA media
2024-06-15 00:00:00
CVE-2018-15856
2018-08-25 21:29:01
fedora
fedora
[SECURITY] Fedora 28 Update: libX11-1.6.7-1.fc28
2019-04-30 01:41:08
[SECURITY] Fedora 28 Update: libxkbcommon-0.8.2-1.fc28
2018-08-30 04:58:45
[SECURITY] Fedora 27 Update: libxkbcommon-0.8.2-1.fc27
2018-09-29 23:57:09
veracode
veracode
Denial Of Service (DoS)
2019-08-08 00:07:45
Denial Of Service (DoS)
2019-08-08 00:07:45
Denial Of Service (DoS)
2019-08-08 00:07:45
ubuntucve
ubuntucve
redhatcve
redhatcve
debiancve
debiancve
alpinelinux
alpinelinux
cve
cve
nvd
nvd
prion
prion
Design/Logic Flaw
2018-08-25 21:29:00
Information disclosure
2018-08-25 21:29:00
Null pointer dereference
2018-08-25 21:29:00
cvelist
cvelist
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
7.3
Confidence
High
EPSS
0.052
Percentile
93.0%
Related for SL_20190806_XORG_ON_SL7_X.NASL