{"id": "UBUNTU_USN-2211-1.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : libxfont vulnerabilities (USN-2211-1)", "description": "Ilja van Sprundel discovered that libXfont incorrectly handled font\nmetadata file parsing. A local attacker could use this issue to cause\nlibXfont to crash, or possibly execute arbitrary code in order to gain\nprivileges. (CVE-2014-0209)\n\nIlja van Sprundel discovered that libXfont incorrectly handled X Font\nServer replies. A malicious font server could return specially crafted\ndata that could cause libXfont to crash, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS,\nUbuntu 12.10 and Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2014-05-15T00:00:00", "modified": "2014-05-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/74022", "reporter": "Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://usn.ubuntu.com/2211-1/"], "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "type": "nessus", "lastseen": "2020-09-23T18:53:58", "edition": 21, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K16118", "SOL16118"]}, {"type": "cve", "idList": ["CVE-2014-0211", "CVE-2014-0210", "CVE-2014-0209"]}, {"type": "openvas", "idList": ["OPENVAS:702927", "OPENVAS:1361412562310882085", "OPENVAS:1361412562310120495", "OPENVAS:1361412562310882086", "OPENVAS:1361412562310123241", "OPENVAS:1361412562310121214", "OPENVAS:1361412562310123247", "OPENVAS:1361412562310702927", "OPENVAS:1361412562310871295", "OPENVAS:1361412562310841825"]}, {"type": "freebsd", "idList": ["B060EE50-DABA-11E3-99F2-BCAEC565249C"]}, {"type": "centos", "idList": ["CESA-2014:1893", "CESA-2014:1870"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30744", "SECURITYVULNS:VULN:13772", "SECURITYVULNS:DOC:30726", "SECURITYVULNS:VULN:13868"]}, {"type": "ubuntu", "idList": ["USN-2211-1"]}, {"type": "amazon", "idList": ["ALAS-2014-404"]}, {"type": "nessus", "idList": ["OPENSUSE-2014-391.NASL", "SOLARIS11_XORG_20141107_2.NASL", "MANDRIVA_MDVSA-2014-132.NASL", "SL_20141118_LIBXFONT_ON_SL6_X.NASL", "CENTOS_RHSA-2014-1893.NASL", "SL_20141124_LIBXFONT_ON_SL5_X.NASL", "REDHAT-RHSA-2014-1870.NASL", "ORACLELINUX_ELSA-2014-1893.NASL", "GENTOO_GLSA-201406-11.NASL", "SUSE_11_XORG-X11-DEVEL-140515.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-1893", "ELSA-2014-1870"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2927-1:0278C"]}, {"type": "redhat", "idList": ["RHSA-2014:1893", "RHSA-2014:1870"]}, {"type": "gentoo", "idList": ["GLSA-201406-11"]}, {"type": "fedora", "idList": ["FEDORA:0E1E921DFE", "FEDORA:A13DB60C7030", "FEDORA:2F66C2216A", "FEDORA:593706093B2E", "FEDORA:A5A9D608A4BC"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2014-1972956"]}], "modified": "2020-09-23T18:53:58", "rev": 2}, "score": {"value": 7.3, "vector": "NONE", "modified": "2020-09-23T18:53:58", "rev": 2}, "vulnersScore": 7.3}, "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2211-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74022);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n script_bugtraq_id(67382);\n script_xref(name:\"USN\", value:\"2211-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : libxfont vulnerabilities (USN-2211-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ilja van Sprundel discovered that libXfont incorrectly handled font\nmetadata file parsing. A local attacker could use this issue to cause\nlibXfont to crash, or possibly execute arbitrary code in order to gain\nprivileges. (CVE-2014-0209)\n\nIlja van Sprundel discovered that libXfont incorrectly handled X Font\nServer replies. A malicious font server could return specially crafted\ndata that could cause libXfont to crash, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS,\nUbuntu 12.10 and Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2211-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxfont1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxfont1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|12\\.10|13\\.10|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 12.10 / 13.10 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libxfont1\", pkgver:\"1:1.4.1-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libxfont1\", pkgver:\"1:1.4.4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libxfont1\", pkgver:\"1:1.4.5-2ubuntu0.12.10.2\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"libxfont1\", pkgver:\"1:1.4.6-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libxfont1\", pkgver:\"1:1.4.7-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxfont1\");\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "74022", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libxfont1", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "scheme": null}

{"f5": [{"lastseen": "2017-10-12T02:11:03", "bulletinFamily": "software", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "edition": 1, "description": " \n\n\n[CVE-2014-0209](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0209>)\n\nMultiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.\n\n[CVE-2014-0210](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0210>)\n\nMultiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.\n\n[CVE-2014-0211](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0211>)\n\nMultiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.\n\nImpact \n\n\nA malicious X.org server may cause an X client to crash (CVE-2014-0210 and CVE-2014-0211), or possibly execute arbitrary code with the privileges of the X.org server (CVE-2014-0209, CVE-2014-0210, and CVE-2014-0211).\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n**ARX**\n\nTo mitigate this vulnerability, do not use X Windows environments when connecting to the ARX command line. \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2016-01-09T02:19:00", "published": "2015-02-13T07:24:00", "href": "https://support.f5.com/csp/article/K16118", "id": "F5:K16118", "title": "libXfont vulnerabilities CVE-2014-0209, CVE-2014-0210 and CVE-2014-0211", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:24", "bulletinFamily": "software", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "edition": 1, "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\n**ARX**\n\nTo mitigate this vulnerability, do not use X Windows environments when connecting to the ARX command line. \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2015-02-12T00:00:00", "published": "2015-02-12T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/100/sol16118.html", "id": "SOL16118", "title": "SOL16118 - libXfont vulnerabilities CVE-2014-0209, CVE-2014-0210 and CVE-2014-0211", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2020-12-09T19:58:19", "description": "Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.", "edition": 5, "cvss3": {}, "published": "2014-05-15T14:55:00", "title": "CVE-2014-0210", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0210"], "modified": "2018-10-09T19:38:00", "cpe": ["cpe:/a:x:libxfont:1.2.9", "cpe:/a:x:libxfont:1.3.4", "cpe:/a:x:libxfont:1.3.3", "cpe:/a:x:libxfont:1.4.3", "cpe:/a:x:libxfont:1.4.7", "cpe:/a:x:libxfont:1.4.99", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/a:x:libxfont:1.4.4", "cpe:/a:x:libxfont:1.2.3", "cpe:/a:x:libxfont:1.3.0", "cpe:/a:x:libxfont:1.2.8", "cpe:/a:x:libxfont:1.2.6", "cpe:/a:x:libxfont:1.2.4", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/a:x:libxfont:1.4.1", "cpe:/a:x:libxfont:1.4.5", "cpe:/a:x:libxfont:1.2.5", "cpe:/a:x:libxfont:1.3.2", "cpe:/a:x:libxfont:1.3.1", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:x:libxfont:1.4.0", "cpe:/a:x:libxfont:1.4.6", "cpe:/a:x:libxfont:1.2.7", "cpe:/a:x:libxfont:1.4.2", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-0210", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0210", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:x:libxfont:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.99:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T19:58:19", "description": "Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.", "edition": 5, "cvss3": {}, "published": "2014-05-15T14:55:00", "title": "CVE-2014-0209", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0209"], "modified": "2018-10-09T19:38:00", "cpe": ["cpe:/a:x:libxfont:1.2.9", "cpe:/a:x:libxfont:1.3.4", "cpe:/a:x:libxfont:1.3.3", "cpe:/a:x:libxfont:1.4.3", "cpe:/a:x:libxfont:1.4.7", "cpe:/a:x:libxfont:1.4.99", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/a:x:libxfont:1.4.4", "cpe:/a:x:libxfont:1.2.3", "cpe:/a:x:libxfont:1.3.0", "cpe:/a:x:libxfont:1.2.8", "cpe:/a:x:libxfont:1.2.6", "cpe:/a:x:libxfont:1.2.4", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/a:x:libxfont:1.4.1", "cpe:/a:x:libxfont:1.4.5", "cpe:/a:x:libxfont:1.2.5", "cpe:/a:x:libxfont:1.3.2", "cpe:/a:x:libxfont:1.3.1", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:x:libxfont:1.4.0", "cpe:/a:x:libxfont:1.4.6", "cpe:/a:x:libxfont:1.2.7", "cpe:/a:x:libxfont:1.4.2", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-0209", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0209", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:x:libxfont:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.99:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2020-12-09T19:58:19", "description": "Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.", "edition": 5, "cvss3": {}, "published": "2014-05-15T14:55:00", "title": "CVE-2014-0211", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0211"], "modified": "2018-10-09T19:38:00", "cpe": ["cpe:/a:x:libxfont:1.2.9", "cpe:/a:x:libxfont:1.3.4", "cpe:/a:x:libxfont:1.3.3", "cpe:/a:x:libxfont:1.4.3", "cpe:/a:x:libxfont:1.4.7", "cpe:/a:x:libxfont:1.4.99", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/a:x:libxfont:1.4.4", "cpe:/a:x:libxfont:1.2.3", "cpe:/a:x:libxfont:1.3.0", "cpe:/a:x:libxfont:1.2.8", "cpe:/a:x:libxfont:1.2.6", "cpe:/a:x:libxfont:1.2.4", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/a:x:libxfont:1.4.1", "cpe:/a:x:libxfont:1.4.5", "cpe:/a:x:libxfont:1.2.5", "cpe:/a:x:libxfont:1.3.2", "cpe:/a:x:libxfont:1.3.1", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:x:libxfont:1.4.0", "cpe:/a:x:libxfont:1.4.6", "cpe:/a:x:libxfont:1.2.7", "cpe:/a:x:libxfont:1.4.2", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2014-0211", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0211", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:x:libxfont:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.4.99:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:x:libxfont:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:36:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "Oracle Linux Local Security Checks ELSA-2014-1870", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123247", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123247", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-1870", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1870.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123247\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:14 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1870\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1870 - libXfont security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1870\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1870.html\");\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"libXfont\", rpm:\"libXfont~1.4.7~2.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libXfont-devel\", rpm:\"libXfont-devel~1.4.7~2.el7_0\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"libXfont\", rpm:\"libXfont~1.4.5~4.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libXfont-devel\", rpm:\"libXfont-devel~1.4.5~4.el6_6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "Check the version of libXfont", "modified": "2019-03-08T00:00:00", "published": "2014-11-19T00:00:00", "id": "OPENVAS:1361412562310882085", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882085", "type": "openvas", "title": "CentOS Update for libXfont CESA-2014:1870 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libXfont CESA-2014:1870 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882085\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-19 06:35:21 +0100 (Wed, 19 Nov 2014)\");\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for libXfont CESA-2014:1870 centos7\");\n\n script_tag(name:\"summary\", value:\"Check the version of libXfont\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The libXfont packages provide the X.Org\nlibXfont runtime library. X.Org is an open source implementation of the X Window\nSystem.\n\nA use-after-free flaw was found in the way libXfont processed certain font\nfiles when attempting to add a new directory to the font path. A malicious,\nlocal user could exploit this issue to potentially execute arbitrary code\nwith the privileges of the X.Org server. (CVE-2014-0209)\n\nMultiple out-of-bounds write flaws were found in the way libXfont parsed\nreplies received from an X.org font server. A malicious X.org server could\ncause an X client to crash or, possibly, execute arbitrary code with the\nprivileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211)\n\nRed Hat would like to thank the X.org project for reporting these issues.\nUpstream acknowledges Ilja van Sprundel as the original reporter.\n\nUsers of libXfont should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. All running X.Org server instances\nmust be restarted for the update to take effect.\");\n script_tag(name:\"affected\", value:\"libXfont on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:1870\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-November/020769.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libXfont\", rpm:\"libXfont~1.4.7~2.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libXfont-devel\", rpm:\"libXfont-devel~1.4.7~2.el7_0\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-05-19T00:00:00", "id": "OPENVAS:1361412562310841825", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841825", "type": "openvas", "title": "Ubuntu Update for libxfont USN-2211-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2211_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for libxfont USN-2211-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841825\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-19 11:24:57 +0530 (Mon, 19 May 2014)\");\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for libxfont USN-2211-1\");\n\n script_tag(name:\"affected\", value:\"libxfont on Ubuntu 14.04 LTS,\n Ubuntu 13.10,\n Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Ilja van Sprundel discovered that libXfont incorrectly handled\nfont metadata file parsing. A local attacker could use this issue to cause\nlibXfont to crash, or possibly execute arbitrary code in order to gain\nprivileges. (CVE-2014-0209)\n\nIlja van Sprundel discovered that libXfont incorrectly handled X Font\nServer replies. A malicious font server could return specially-crafted data\nthat could cause libXfont to crash, or possibly execute arbitrary code.\nThis issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10\nand Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2211-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2211-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libxfont'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|10\\.04 LTS|13\\.10|12\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxfont1:i386\", ver:\"1:1.4.7-1ubuntu0.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxfont1\", ver:\"1:1.4.4-1ubuntu0.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxfont1\", ver:\"1:1.4.1-1ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxfont1:i386\", ver:\"1:1.4.6-1ubuntu0.2\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libxfont1\", ver:\"1:1.4.5-2ubuntu0.12.10.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-28T10:49:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "Ilja van Sprundel of IOActive discovered several security issues in the\nX.Org libXfont library, which may allow a local, authenticated user to\nattempt to raise privileges; or a remote attacker who can control the\nfont server to attempt to execute code with the privileges of the X\nserver.\n\nCVE-2014-0209 \nInteger overflow of allocations in font metadata file parsing could\nallow a local user who is already authenticated to the X server to\noverwrite other memory in the heap.\n\nCVE-2014-0210 \nlibxfont does not validate length fields when parsing xfs protocol\nreplies allowing to write past the bounds of allocated memory when\nstoring the returned data from the font server.\n\nCVE-2014-0211 \nInteger overflows calculating memory needs for xfs replies could\nresult in allocating too little memory and then writing the returned\ndata from the font server past the end of the allocated buffer.", "modified": "2017-07-13T00:00:00", "published": "2014-05-13T00:00:00", "id": "OPENVAS:702927", "href": "http://plugins.openvas.org/nasl.php?oid=702927", "type": "openvas", "title": "Debian Security Advisory DSA 2927-1 (libxfont - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2927.nasl 6715 2017-07-13 09:57:40Z teissa $\n# Auto-generated from advisory DSA 2927-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"libxfont on Debian Linux\";\ntag_solution = \"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:1.4.1-5.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1:1.4.5-4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:1.4.7-2.\n\nWe recommend that you upgrade your libxfont packages.\";\ntag_summary = \"Ilja van Sprundel of IOActive discovered several security issues in the\nX.Org libXfont library, which may allow a local, authenticated user to\nattempt to raise privileges; or a remote attacker who can control the\nfont server to attempt to execute code with the privileges of the X\nserver.\n\nCVE-2014-0209 \nInteger overflow of allocations in font metadata file parsing could\nallow a local user who is already authenticated to the X server to\noverwrite other memory in the heap.\n\nCVE-2014-0210 \nlibxfont does not validate length fields when parsing xfs protocol\nreplies allowing to write past the bounds of allocated memory when\nstoring the returned data from the font server.\n\nCVE-2014-0211 \nInteger overflows calculating memory needs for xfs replies could\nresult in allocating too little memory and then writing the returned\ndata from the font server past the end of the allocated buffer.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702927);\n script_version(\"$Revision: 6715 $\");\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n script_name(\"Debian Security Advisory DSA 2927-1 (libxfont - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-13 11:57:40 +0200 (Thu, 13 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-05-13 00:00:00 +0200 (Tue, 13 May 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2927.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libxfont-dev\", ver:\"1:1.4.1-5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxfont1\", ver:\"1:1.4.1-5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxfont1-dbg\", ver:\"1:1.4.1-5\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxfont-dev\", ver:\"1:1.4.5-4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxfont1\", ver:\"1:1.4.5-4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxfont1-dbg\", ver:\"1:1.4.5-4\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxfont-dev\", ver:\"1:1.4.5-4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxfont1\", ver:\"1:1.4.5-4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxfont1-dbg\", ver:\"1:1.4.5-4\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxfont-dev\", ver:\"1:1.4.5-4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxfont1\", ver:\"1:1.4.5-4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxfont1-dbg\", ver:\"1:1.4.5-4\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxfont-dev\", ver:\"1:1.4.5-4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxfont1\", ver:\"1:1.4.5-4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxfont1-dbg\", ver:\"1:1.4.5-4\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-11-19T00:00:00", "id": "OPENVAS:1361412562310871295", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871295", "type": "openvas", "title": "RedHat Update for libXfont RHSA-2014:1870-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libXfont RHSA-2014:1870-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871295\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-19 06:34:48 +0100 (Wed, 19 Nov 2014)\");\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for libXfont RHSA-2014:1870-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libXfont'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The libXfont packages provide the X.Org libXfont runtime library. X.Org is\nan open source implementation of the X Window System.\n\nA use-after-free flaw was found in the way libXfont processed certain font\nfiles when attempting to add a new directory to the font path. A malicious,\nlocal user could exploit this issue to potentially execute arbitrary code\nwith the privileges of the X.Org server. (CVE-2014-0209)\n\nMultiple out-of-bounds write flaws were found in the way libXfont parsed\nreplies received from an X.org font server. A malicious X.org server could\ncause an X client to crash or, possibly, execute arbitrary code with the\nprivileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211)\n\nRed Hat would like to thank the X.org project for reporting these issues.\nUpstream acknowledges Ilja van Sprundel as the original reporter.\n\nUsers of libXfont should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. All running X.Org server instances\nmust be restarted for the update to take effect.\");\n script_tag(name:\"affected\", value:\"libXfont on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:1870-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-November/msg00035.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libXfont\", rpm:\"libXfont~1.4.7~2.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libXfont-debuginfo\", rpm:\"libXfont-debuginfo~1.4.7~2.el7_0\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libXfont\", rpm:\"libXfont~1.4.5~4.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libXfont-debuginfo\", rpm:\"libXfont-debuginfo~1.4.5~4.el6_6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "Oracle Linux Local Security Checks ELSA-2014-1893", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123241", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123241", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-1893", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-1893.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123241\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:01:10 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-1893\");\n script_tag(name:\"insight\", value:\"ELSA-2014-1893 - libXfont security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-1893\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-1893.html\");\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"libXfont\", rpm:\"libXfont~1.2.2~1.0.6.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libXfont-devel\", rpm:\"libXfont-devel~1.2.2~1.0.6.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "Check the version of libXfont", "modified": "2019-03-08T00:00:00", "published": "2014-11-19T00:00:00", "id": "OPENVAS:1361412562310882086", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882086", "type": "openvas", "title": "CentOS Update for libXfont CESA-2014:1870 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for libXfont CESA-2014:1870 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882086\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-11-19 06:35:25 +0100 (Wed, 19 Nov 2014)\");\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Update for libXfont CESA-2014:1870 centos6\");\n\n script_tag(name:\"summary\", value:\"Check the version of libXfont\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The libXfont packages provide the X.Org\nlibXfont runtime library. X.Org is an open source implementation of the X Window\nSystem.\n\nA use-after-free flaw was found in the way libXfont processed certain font\nfiles when attempting to add a new directory to the font path. A malicious,\nlocal user could exploit this issue to potentially execute arbitrary code\nwith the privileges of the X.Org server. (CVE-2014-0209)\n\nMultiple out-of-bounds write flaws were found in the way libXfont parsed\nreplies received from an X.org font server. A malicious X.org server could\ncause an X client to crash or, possibly, execute arbitrary code with the\nprivileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211)\n\nRed Hat would like to thank the X.org project for reporting these issues.\nUpstream acknowledges Ilja van Sprundel as the original reporter.\n\nUsers of libXfont should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. All running X.Org server instances\nmust be restarted for the update to take effect.\");\n script_tag(name:\"affected\", value:\"libXfont on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:1870\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-November/020768.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libXfont\", rpm:\"libXfont~1.4.5~4.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libXfont-devel\", rpm:\"libXfont-devel~1.4.5~4.el6_6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "Ilja van Sprundel of IOActive discovered several security issues in the\nX.Org libXfont library, which may allow a local, authenticated user to\nattempt to raise privileges, or a remote attacker who can control the\nfont server to attempt to execute code with the privileges of the X\nserver.\n\nCVE-2014-0209\nInteger overflow of allocations in font metadata file parsing could\nallow a local user who is already authenticated to the X server to\noverwrite other memory in the heap.\n\nCVE-2014-0210\nlibxfont does not validate length fields when parsing xfs protocol\nreplies allowing to write past the bounds of allocated memory when\nstoring the returned data from the font server.\n\nCVE-2014-0211\nInteger overflows calculating memory needs for xfs replies could\nresult in allocating too little memory and then writing the returned\ndata from the font server past the end of the allocated buffer.", "modified": "2019-03-19T00:00:00", "published": "2014-05-13T00:00:00", "id": "OPENVAS:1361412562310702927", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702927", "type": "openvas", "title": "Debian Security Advisory DSA 2927-1 (libxfont - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2927.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 2927-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702927\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n script_name(\"Debian Security Advisory DSA 2927-1 (libxfont - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-13 00:00:00 +0200 (Tue, 13 May 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2927.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"libxfont on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:1.4.1-5.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1:1.4.5-4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:1.4.7-2.\n\nWe recommend that you upgrade your libxfont packages.\");\n script_tag(name:\"summary\", value:\"Ilja van Sprundel of IOActive discovered several security issues in the\nX.Org libXfont library, which may allow a local, authenticated user to\nattempt to raise privileges, or a remote attacker who can control the\nfont server to attempt to execute code with the privileges of the X\nserver.\n\nCVE-2014-0209\nInteger overflow of allocations in font metadata file parsing could\nallow a local user who is already authenticated to the X server to\noverwrite other memory in the heap.\n\nCVE-2014-0210\nlibxfont does not validate length fields when parsing xfs protocol\nreplies allowing to write past the bounds of allocated memory when\nstoring the returned data from the font server.\n\nCVE-2014-0211\nInteger overflows calculating memory needs for xfs replies could\nresult in allocating too little memory and then writing the returned\ndata from the font server past the end of the allocated buffer.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libxfont-dev\", ver:\"1:1.4.1-5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxfont1\", ver:\"1:1.4.1-5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxfont1-dbg\", ver:\"1:1.4.1-5\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxfont-dev\", ver:\"1:1.4.5-4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxfont1\", ver:\"1:1.4.5-4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libxfont1-dbg\", ver:\"1:1.4.5-4\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:00:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120495", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120495", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-404)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120495\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:27:44 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-404)\");\n script_tag(name:\"insight\", value:\"Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.\");\n script_tag(name:\"solution\", value:\"Run yum update libXfont to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-404.html\");\n script_cve_id(\"CVE-2014-0211\", \"CVE-2014-0210\", \"CVE-2014-0209\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"libXfont\", rpm:\"libXfont~1.4.5~3.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libXfont-devel\", rpm:\"libXfont-devel~1.4.5~3.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libXfont-debuginfo\", rpm:\"libXfont-debuginfo~1.4.5~3.9.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "Gentoo Linux Local Security Checks GLSA 201406-11", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121214", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121214", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201406-11", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201406-11.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121214\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:21 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201406-11\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in libXfont. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201406-11\");\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201406-11\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"x11-libs/libXfont\", unaffected: make_list(\"ge 1.4.8\"), vulnerable: make_list(\"lt 1.4.8\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-03-18T02:47:18", "description": "A use-after-free flaw was found in the way libXfont processed certain\nfont files when attempting to add a new directory to the font path. A\nmalicious, local user could exploit this issue to potentially execute\narbitrary code with the privileges of the X.Org server.\n(CVE-2014-0209)\n\nMultiple out-of-bounds write flaws were found in the way libXfont\nparsed replies received from an X.org font server. A malicious X.org\nserver could cause an X client to crash or, possibly, execute\narbitrary code with the privileges of the X.Org server.\n(CVE-2014-0210, CVE-2014-0211)\n\nAll running X.Org server instances must be restarted for the update to\ntake effect.", "edition": 13, "published": "2014-11-25T00:00:00", "title": "Scientific Linux Security Update : libXfont on SL5.x i386/x86_64 (20141124)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "modified": "2014-11-25T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:libXfont", "p-cpe:/a:fermilab:scientific_linux:libXfont-debuginfo", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:libXfont-devel"], "id": "SL_20141124_LIBXFONT_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/79427", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79427);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n\n script_name(english:\"Scientific Linux Security Update : libXfont on SL5.x i386/x86_64 (20141124)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A use-after-free flaw was found in the way libXfont processed certain\nfont files when attempting to add a new directory to the font path. A\nmalicious, local user could exploit this issue to potentially execute\narbitrary code with the privileges of the X.Org server.\n(CVE-2014-0209)\n\nMultiple out-of-bounds write flaws were found in the way libXfont\nparsed replies received from an X.org font server. A malicious X.org\nserver could cause an X client to crash or, possibly, execute\narbitrary code with the privileges of the X.Org server.\n(CVE-2014-0210, CVE-2014-0211)\n\nAll running X.Org server instances must be restarted for the update to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1411&L=scientific-linux-errata&T=0&P=4070\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?90dcc7f1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libXfont, libXfont-debuginfo and / or\nlibXfont-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libXfont\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libXfont-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:libXfont-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"libXfont-1.2.2-1.0.6.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libXfont-debuginfo-1.2.2-1.0.6.el5_11\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"libXfont-devel-1.2.2-1.0.6.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libXfont / libXfont-debuginfo / libXfont-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-25T09:15:38", "description": "Updated libXfont packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe libXfont packages provide the X.Org libXfont runtime library.\nX.Org is an open source implementation of the X Window System.\n\nA use-after-free flaw was found in the way libXfont processed certain\nfont files when attempting to add a new directory to the font path. A\nmalicious, local user could exploit this issue to potentially execute\narbitrary code with the privileges of the X.Org server.\n(CVE-2014-0209)\n\nMultiple out-of-bounds write flaws were found in the way libXfont\nparsed replies received from an X.org font server. A malicious X.org\nserver could cause an X client to crash or, possibly, execute\narbitrary code with the privileges of the X.Org server.\n(CVE-2014-0210, CVE-2014-0211)\n\nRed Hat would like to thank the X.org project for reporting these\nissues. Upstream acknowledges Ilja van Sprundel as the original\nreporter.\n\nUsers of libXfont should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running X.Org\nserver instances must be restarted for the update to take effect.", "edition": 24, "published": "2014-11-19T00:00:00", "title": "RHEL 6 / 7 : libXfont (RHSA-2014:1870)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "modified": "2014-11-19T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:libXfont-devel", "p-cpe:/a:redhat:enterprise_linux:libXfont", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:libXfont-debuginfo"], "id": "REDHAT-RHSA-2014-1870.NASL", "href": "https://www.tenable.com/plugins/nessus/79327", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1870. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79327);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n script_xref(name:\"RHSA\", value:\"2014:1870\");\n\n script_name(english:\"RHEL 6 / 7 : libXfont (RHSA-2014:1870)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libXfont packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe libXfont packages provide the X.Org libXfont runtime library.\nX.Org is an open source implementation of the X Window System.\n\nA use-after-free flaw was found in the way libXfont processed certain\nfont files when attempting to add a new directory to the font path. A\nmalicious, local user could exploit this issue to potentially execute\narbitrary code with the privileges of the X.Org server.\n(CVE-2014-0209)\n\nMultiple out-of-bounds write flaws were found in the way libXfont\nparsed replies received from an X.org font server. A malicious X.org\nserver could cause an X client to crash or, possibly, execute\narbitrary code with the privileges of the X.Org server.\n(CVE-2014-0210, CVE-2014-0211)\n\nRed Hat would like to thank the X.org project for reporting these\nissues. Upstream acknowledges Ilja van Sprundel as the original\nreporter.\n\nUsers of libXfont should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running X.Org\nserver instances must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:1870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0209\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libXfont, libXfont-debuginfo and / or\nlibXfont-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libXfont\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libXfont-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libXfont-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:1870\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"libXfont-1.4.5-4.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libXfont-debuginfo-1.4.5-4.el6_6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libXfont-devel-1.4.5-4.el6_6\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"libXfont-1.4.7-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libXfont-debuginfo-1.4.7-2.el7_0\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"libXfont-devel-1.4.7-2.el7_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libXfont / libXfont-debuginfo / libXfont-devel\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-25T08:56:15", "description": "From Red Hat Security Advisory 2014:1870 :\n\nUpdated libXfont packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe libXfont packages provide the X.Org libXfont runtime library.\nX.Org is an open source implementation of the X Window System.\n\nA use-after-free flaw was found in the way libXfont processed certain\nfont files when attempting to add a new directory to the font path. A\nmalicious, local user could exploit this issue to potentially execute\narbitrary code with the privileges of the X.Org server.\n(CVE-2014-0209)\n\nMultiple out-of-bounds write flaws were found in the way libXfont\nparsed replies received from an X.org font server. A malicious X.org\nserver could cause an X client to crash or, possibly, execute\narbitrary code with the privileges of the X.Org server.\n(CVE-2014-0210, CVE-2014-0211)\n\nRed Hat would like to thank the X.org project for reporting these\nissues. Upstream acknowledges Ilja van Sprundel as the original\nreporter.\n\nUsers of libXfont should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running X.Org\nserver instances must be restarted for the update to take effect.", "edition": 20, "published": "2014-11-21T00:00:00", "title": "Oracle Linux 6 / 7 : libXfont (ELSA-2014-1870)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "modified": "2014-11-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:libXfont-devel", "p-cpe:/a:oracle:linux:libXfont", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2014-1870.NASL", "href": "https://www.tenable.com/plugins/nessus/79371", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:1870 and \n# Oracle Linux Security Advisory ELSA-2014-1870 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79371);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/24\");\n\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n script_bugtraq_id(67382);\n script_xref(name:\"RHSA\", value:\"2014:1870\");\n\n script_name(english:\"Oracle Linux 6 / 7 : libXfont (ELSA-2014-1870)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:1870 :\n\nUpdated libXfont packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe libXfont packages provide the X.Org libXfont runtime library.\nX.Org is an open source implementation of the X Window System.\n\nA use-after-free flaw was found in the way libXfont processed certain\nfont files when attempting to add a new directory to the font path. A\nmalicious, local user could exploit this issue to potentially execute\narbitrary code with the privileges of the X.Org server.\n(CVE-2014-0209)\n\nMultiple out-of-bounds write flaws were found in the way libXfont\nparsed replies received from an X.org font server. A malicious X.org\nserver could cause an X client to crash or, possibly, execute\narbitrary code with the privileges of the X.Org server.\n(CVE-2014-0210, CVE-2014-0211)\n\nRed Hat would like to thank the X.org project for reporting these\nissues. Upstream acknowledges Ilja van Sprundel as the original\nreporter.\n\nUsers of libXfont should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running X.Org\nserver instances must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-November/004651.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-November/004652.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxfont packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libXfont\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libXfont-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"libXfont-1.4.5-4.el6_6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libXfont-devel-1.4.5-4.el6_6\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libXfont-1.4.7-2.el7_0\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"libXfont-devel-1.4.7-2.el7_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libXfont / libXfont-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T05:49:27", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Multiple integer overflows in the (1) FontFileAddEntry\n and (2) lexAlias functions in X.Org libXfont before\n 1.4.8 and 1.4.9x before 1.4.99.901 might allow local\n users to gain privileges by adding a directory with a\n large fonts.dir or fonts.alias file to the font path,\n which triggers a heap-based buffer overflow, related to\n metadata. (CVE-2014-0209)\n\n - Multiple buffer overflows in X.Org libXfont before 1.4.8\n and 1.4.9x before 1.4.99.901 allow remote font servers\n to execute arbitrary code via a crafted xfs protocol\n reply to the (1) _fs_recv_conn_setup, (2)\n fs_read_open_font, (3) fs_read_query_info, (4)\n fs_read_extent_info, (5) fs_read_glyphs, (6)\n fs_read_list, or (7) fs_read_list_info function.\n (CVE-2014-0210)\n\n - Multiple integer overflows in the (1) fs_get_reply, (2)\n fs_alloc_glyphs, and (3) fs_read_extent_info functions\n in X.Org libXfont before 1.4.8 and 1.4.9x before\n 1.4.99.901 allow remote font servers to execute\n arbitrary code via a crafted xfs reply, which triggers a\n buffer overflow. (CVE-2014-0211)", "edition": 23, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : xorg (multiple_vulnerabilities_in_x_org2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.1", "p-cpe:/a:oracle:solaris:xorg"], "id": "SOLARIS11_XORG_20141107_2.NASL", "href": "https://www.tenable.com/plugins/nessus/80823", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80823);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : xorg (multiple_vulnerabilities_in_x_org2)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Multiple integer overflows in the (1) FontFileAddEntry\n and (2) lexAlias functions in X.Org libXfont before\n 1.4.8 and 1.4.9x before 1.4.99.901 might allow local\n users to gain privileges by adding a directory with a\n large fonts.dir or fonts.alias file to the font path,\n which triggers a heap-based buffer overflow, related to\n metadata. (CVE-2014-0209)\n\n - Multiple buffer overflows in X.Org libXfont before 1.4.8\n and 1.4.9x before 1.4.99.901 allow remote font servers\n to execute arbitrary code via a crafted xfs protocol\n reply to the (1) _fs_recv_conn_setup, (2)\n fs_read_open_font, (3) fs_read_query_info, (4)\n fs_read_extent_info, (5) fs_read_glyphs, (6)\n fs_read_list, or (7) fs_read_list_info function.\n (CVE-2014-0210)\n\n - Multiple integer overflows in the (1) fs_get_reply, (2)\n fs_alloc_glyphs, and (3) fs_read_extent_info functions\n in X.Org libXfont before 1.4.8 and 1.4.9x before\n 1.4.99.901 allow remote font servers to execute\n arbitrary code via a crafted xfs reply, which triggers a\n buffer overflow. (CVE-2014-0211)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-xorg\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f5fab6fd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.1.21.4.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:xorg\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^xorg$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.1.21.0.4.1\", sru:\"SRU 11.1.21.4.1\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : xorg\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"xorg\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:48:33", "description": "Ilja van Sprundel of IOActive discovered several security issues in\nthe X.Org libXfont library, which may allow a local, authenticated\nuser to attempt to raise privileges; or a remote attacker who can\ncontrol the font server to attempt to execute code with the privileges\nof the X server.\n\n - CVE-2014-0209\n Integer overflow of allocations in font metadata file\n parsing could allow a local user who is already\n authenticated to the X server to overwrite other memory\n in the heap.\n\n - CVE-2014-0210\n libxfont does not validate length fields when parsing\n xfs protocol replies allowing to write past the bounds\n of allocated memory when storing the returned data from\n the font server.\n\n - CVE-2014-0211\n Integer overflows calculating memory needs for xfs\n replies could result in allocating too little memory and\n then writing the returned data from the font server past\n the end of the allocated buffer.", "edition": 15, "published": "2014-05-14T00:00:00", "title": "Debian DSA-2927-1 : libxfont - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "modified": "2014-05-14T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:libxfont"], "id": "DEBIAN_DSA-2927.NASL", "href": "https://www.tenable.com/plugins/nessus/73997", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2927. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73997);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n script_xref(name:\"DSA\", value:\"2927\");\n\n script_name(english:\"Debian DSA-2927-1 : libxfont - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ilja van Sprundel of IOActive discovered several security issues in\nthe X.Org libXfont library, which may allow a local, authenticated\nuser to attempt to raise privileges; or a remote attacker who can\ncontrol the font server to attempt to execute code with the privileges\nof the X server.\n\n - CVE-2014-0209\n Integer overflow of allocations in font metadata file\n parsing could allow a local user who is already\n authenticated to the X server to overwrite other memory\n in the heap.\n\n - CVE-2014-0210\n libxfont does not validate length fields when parsing\n xfs protocol replies allowing to write past the bounds\n of allocated memory when storing the returned data from\n the font server.\n\n - CVE-2014-0211\n Integer overflows calculating memory needs for xfs\n replies could result in allocating too little memory and\n then writing the returned data from the font server past\n the end of the allocated buffer.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0210\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-0211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/libxfont\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libxfont\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-2927\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libxfont packages.\n\nFor the oldstable distribution (squeeze), these problems have been\nfixed in version 1:1.4.1-5.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1:1.4.5-4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libxfont\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libxfont-dev\", reference:\"1:1.4.1-5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxfont1\", reference:\"1:1.4.1-5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxfont1-dbg\", reference:\"1:1.4.1-5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libxfont1-udeb\", reference:\"1:1.4.1-5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxfont-dev\", reference:\"1:1.4.5-4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxfont1\", reference:\"1:1.4.5-4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxfont1-dbg\", reference:\"1:1.4.5-4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libxfont1-udeb\", reference:\"1:1.4.5-4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:18:54", "description": "Multiple integer overflows in the (1) fs_get_reply, (2)\nfs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org\nlibXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font\nservers to execute arbitrary code via a crafted xfs reply, which\ntriggers a buffer overflow.\n\nMultiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x\nbefore 1.4.99.901 allow remote font servers to execute arbitrary code\nvia a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2)\nfs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info,\n(5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info\nfunction.\n\nMultiple integer overflows in the (1) FontFileAddEntry and (2)\nlexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before\n1.4.99.901 might allow local users to gain privileges by adding a\ndirectory with a large fonts.dir or fonts.alias file to the font path,\nwhich triggers a heap-based buffer overflow, related to metadata.", "edition": 23, "published": "2014-10-12T00:00:00", "title": "Amazon Linux AMI : libXfont (ALAS-2014-404)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libXfont-devel", "p-cpe:/a:amazon:linux:libXfont-debuginfo", "p-cpe:/a:amazon:linux:libXfont", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-404.NASL", "href": "https://www.tenable.com/plugins/nessus/78347", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-404.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78347);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n script_xref(name:\"ALAS\", value:\"2014-404\");\n\n script_name(english:\"Amazon Linux AMI : libXfont (ALAS-2014-404)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple integer overflows in the (1) fs_get_reply, (2)\nfs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org\nlibXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font\nservers to execute arbitrary code via a crafted xfs reply, which\ntriggers a buffer overflow.\n\nMultiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x\nbefore 1.4.99.901 allow remote font servers to execute arbitrary code\nvia a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2)\nfs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info,\n(5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info\nfunction.\n\nMultiple integer overflows in the (1) FontFileAddEntry and (2)\nlexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before\n1.4.99.901 might allow local users to gain privileges by adding a\ndirectory with a large fonts.dir or fonts.alias file to the font path,\nwhich triggers a heap-based buffer overflow, related to metadata.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-404.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update libXfont' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libXfont\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libXfont-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libXfont-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"libXfont-1.4.5-3.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libXfont-debuginfo-1.4.5-3.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"libXfont-devel-1.4.5-3.9.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libXfont / libXfont-debuginfo / libXfont-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:29:52", "description": "Updated libXfont packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe libXfont packages provide the X.Org libXfont runtime library.\nX.Org is an open source implementation of the X Window System.\n\nA use-after-free flaw was found in the way libXfont processed certain\nfont files when attempting to add a new directory to the font path. A\nmalicious, local user could exploit this issue to potentially execute\narbitrary code with the privileges of the X.Org server.\n(CVE-2014-0209)\n\nMultiple out-of-bounds write flaws were found in the way libXfont\nparsed replies received from an X.org font server. A malicious X.org\nserver could cause an X client to crash or, possibly, execute\narbitrary code with the privileges of the X.Org server.\n(CVE-2014-0210, CVE-2014-0211)\n\nRed Hat would like to thank the X.org project for reporting these\nissues. Upstream acknowledges Ilja van Sprundel as the original\nreporter.\n\nUsers of libXfont should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running X.Org\nserver instances must be restarted for the update to take effect.", "edition": 24, "published": "2014-11-19T00:00:00", "title": "CentOS 6 / 7 : libXfont (CESA-2014:1870)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "modified": "2014-11-19T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:libXfont", "p-cpe:/a:centos:centos:libXfont-devel"], "id": "CENTOS_RHSA-2014-1870.NASL", "href": "https://www.tenable.com/plugins/nessus/79313", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:1870 and \n# CentOS Errata and Security Advisory 2014:1870 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79313);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n script_bugtraq_id(67382);\n script_xref(name:\"RHSA\", value:\"2014:1870\");\n\n script_name(english:\"CentOS 6 / 7 : libXfont (CESA-2014:1870)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libXfont packages that fix three security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe libXfont packages provide the X.Org libXfont runtime library.\nX.Org is an open source implementation of the X Window System.\n\nA use-after-free flaw was found in the way libXfont processed certain\nfont files when attempting to add a new directory to the font path. A\nmalicious, local user could exploit this issue to potentially execute\narbitrary code with the privileges of the X.Org server.\n(CVE-2014-0209)\n\nMultiple out-of-bounds write flaws were found in the way libXfont\nparsed replies received from an X.org font server. A malicious X.org\nserver could cause an X client to crash or, possibly, execute\narbitrary code with the privileges of the X.Org server.\n(CVE-2014-0210, CVE-2014-0211)\n\nRed Hat would like to thank the X.org project for reporting these\nissues. Upstream acknowledges Ilja van Sprundel as the original\nreporter.\n\nUsers of libXfont should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running X.Org\nserver instances must be restarted for the update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-November/020768.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e2f8ffd4\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-November/020769.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8702880b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxfont packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0210\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libXfont\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libXfont-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"libXfont-1.4.5-4.el6_6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"libXfont-devel-1.4.5-4.el6_6\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libXfont-1.4.7-2.el7_0\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libXfont-devel-1.4.7-2.el7_0\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libXfont / libXfont-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:13:00", "description": " - libXfont 1.4.8 (rhbz#1100441)\n\n - Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211\n (rhbz#1097397)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2014-07-23T00:00:00", "title": "Fedora 19 : libXfont-1.4.8-1.fc19 (2014-8223)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "modified": "2014-07-23T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:libXfont"], "id": "FEDORA_2014-8223.NASL", "href": "https://www.tenable.com/plugins/nessus/76693", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-8223.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76693);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n script_bugtraq_id(67382);\n script_xref(name:\"FEDORA\", value:\"2014-8223\");\n\n script_name(english:\"Fedora 19 : libXfont-1.4.8-1.fc19 (2014-8223)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - libXfont 1.4.8 (rhbz#1100441)\n\n - Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211\n (rhbz#1097397)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1096593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1096597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1096601\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135702.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7251792d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libXfont package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libXfont\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"libXfont-1.4.8-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libXfont\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:12:59", "description": " - libXfont 1.4.8 (rhbz#1100441)\n\n - Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211\n (rhbz#1097397)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2014-07-16T00:00:00", "title": "Fedora 20 : libXfont-1.4.8-1.fc20 (2014-8208)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "modified": "2014-07-16T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:libXfont"], "id": "FEDORA_2014-8208.NASL", "href": "https://www.tenable.com/plugins/nessus/76514", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-8208.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76514);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n script_bugtraq_id(67382);\n script_xref(name:\"FEDORA\", value:\"2014-8208\");\n\n script_name(english:\"Fedora 20 : libXfont-1.4.8-1.fc20 (2014-8208)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - libXfont 1.4.8 (rhbz#1100441)\n\n - Fixes: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211\n (rhbz#1097397)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1096593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1096597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1096601\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135401.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?62e87a90\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libXfont package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libXfont\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"libXfont-1.4.8-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libXfont\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-05T11:12:17", "description": "libxfont was updated to fix multiple vulnerabilities :\n\n - Integer overflow of allocations in font metadata file\n parsing (CVE-2014-0209).\n\n - Unvalidated length fields when parsing xfs protocol\n replies (CVE-2014-0210).\n\n - Integer overflows calculating memory needs for xfs\n replies (CVE-2014-0211).\n\nThese vulnerabilities could be used by a local, authenticated user to\nraise privileges or by a remote attacker with control of the font\nserver to execute code with the privileges of the X server.", "edition": 17, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libXfont (openSUSE-SU-2014:0711-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libXfont-devel", "p-cpe:/a:novell:opensuse:libXfont-debugsource", "p-cpe:/a:novell:opensuse:libXfont1-32bit", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:libXfont1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libXfont1-debuginfo", "p-cpe:/a:novell:opensuse:libXfont-devel-32bit", "p-cpe:/a:novell:opensuse:libXfont1", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-391.NASL", "href": "https://www.tenable.com/plugins/nessus/75371", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-391.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75371);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2014-0209\", \"CVE-2014-0210\", \"CVE-2014-0211\");\n script_bugtraq_id(67382);\n\n script_name(english:\"openSUSE Security Update : libXfont (openSUSE-SU-2014:0711-1)\");\n script_summary(english:\"Check for the openSUSE-2014-391 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libxfont was updated to fix multiple vulnerabilities :\n\n - Integer overflow of allocations in font metadata file\n parsing (CVE-2014-0209).\n\n - Unvalidated length fields when parsing xfs protocol\n replies (CVE-2014-0210).\n\n - Integer overflows calculating memory needs for xfs\n replies (CVE-2014-0211).\n\nThese vulnerabilities could be used by a local, authenticated user to\nraise privileges or by a remote attacker with control of the font\nserver to execute code with the privileges of the X server.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=857544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-05/msg00073.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libXfont packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libXfont-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libXfont-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libXfont-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libXfont1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libXfont1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libXfont1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libXfont1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libXfont-debugsource-1.4.5-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libXfont-devel-1.4.5-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libXfont1-1.4.5-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"libXfont1-debuginfo-1.4.5-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libXfont-devel-32bit-1.4.5-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libXfont1-32bit-1.4.5-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", cpu:\"x86_64\", reference:\"libXfont1-debuginfo-32bit-1.4.5-4.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libXfont-debugsource-1.4.6-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libXfont-devel-1.4.6-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libXfont1-1.4.6-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libXfont1-debuginfo-1.4.6-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libXfont-devel-32bit-1.4.6-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libXfont1-32bit-1.4.6-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libXfont1-debuginfo-32bit-1.4.6-2.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libXfont\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:03", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "### Background\n\nlibXfont is an X11 font rasterisation library. \n\n### Description\n\nMultiple vulnerabilities have been discovered in libXfont. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker could use a specially crafted file to gain privileges, cause a Denial of Service condition or possibly execute arbitrary code with the privileges of the process. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll libXfont users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/libXfont-1.4.8\"", "edition": 1, "modified": "2014-06-14T00:00:00", "published": "2014-06-14T00:00:00", "id": "GLSA-201406-11", "href": "https://security.gentoo.org/glsa/201406-11", "type": "gentoo", "title": "libXfont: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2020-11-10T12:34:35", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "**Issue Overview:**\n\nMultiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.\n\nMultiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.\n\nMultiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.\n\n \n**Affected Packages:** \n\n\nlibXfont\n\n \n**Issue Correction:** \nRun _yum update libXfont_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n libXfont-1.4.5-3.9.amzn1.i686 \n libXfont-devel-1.4.5-3.9.amzn1.i686 \n libXfont-debuginfo-1.4.5-3.9.amzn1.i686 \n \n src: \n libXfont-1.4.5-3.9.amzn1.src \n \n x86_64: \n libXfont-1.4.5-3.9.amzn1.x86_64 \n libXfont-debuginfo-1.4.5-3.9.amzn1.x86_64 \n libXfont-devel-1.4.5-3.9.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-09-17T21:44:00", "published": "2014-09-17T21:44:00", "id": "ALAS-2014-404", "href": "https://alas.aws.amazon.com/ALAS-2014-404.html", "title": "Medium: libXfont", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "\r\n\r\n[ANNOUNCE] X_Org Security Advisory: Multiple issues in libXfont.eml\r\n\u0422\u0435\u043c\u0430:\r\n[ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont\r\n\u041e\u0442:\r\nAlan Coopersmith &lt;alan.coopersmith@oracle.com&gt;\r\n\u0414\u0430\u0442\u0430:\r\n13.05.2014 19:08\r\n\u041a\u043e\u043c\u0443:\r\nxorg-announce@lists.x.org\r\n\u041a\u043e\u043f\u0438\u044f:\r\nxorg@lists.x.org, xorg-devel@lists.x.org\r\n\r\nX.Org Security Advisory: May 13, 2014\r\nX Font Service Protocol &amp; Font metadata file handling issues in libXfont\r\n========================================================================\r\n\r\nDescription:\r\n============\r\n\r\nIlja van Sprundel, a security researcher with IOActive, has discovered\r\nseveral issues in the way the libXfont library handles the responses \r\nit receives from xfs servers, and has worked with X.Org&#39;s security team \r\nto analyze, confirm, and fix these issues.\r\n\r\nMost of these issues stem from libXfont trusting the font server to send\r\nvalid protocol data, and not verifying that the values will not overflow \r\nor cause other damage. This code is commonly called from the X server \r\nwhen an X Font Server is active in the font path, so may be running in a \r\nsetuid-root process depending on the X server in use. Exploits of this\r\npath could be used by a local, authenticated user to attempt to raise\r\nprivileges; or by a remote attacker who can control the font server to\r\nattempt to execute code with the privileges of the X server. &#40;CVE-2014-XXXA\r\nis the exception, as it does not involve communication with a font server,\r\nas explained below.&#41;\r\n\r\nThe vulnerabilities are:\r\n\r\n- CVE-2014-0209: integer overflow of allocations in font metadata file parsing\r\n\r\n When a local user who is already authenticated to the X server adds\r\n a new directory to the font path, the X server calls libXfont to open\r\n the fonts.dir and fonts.alias files in that directory and add entries\r\n to the font tables for every line in it. A large file &#40;~2-4 gb&#41; could\r\n cause the allocations to overflow, and allow the remaining data read \r\n from the file to overwrite other memory in the heap.\r\n\r\n Affected functions: FontFileAddEntry&#40;&#41;, lexAlias&#40;&#41;\r\n\r\n- CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies\r\n\r\n When parsing replies received from the font server, these calls do not\r\n check that the lengths and/or indexes returned by the font server are\r\n within the size of the reply or the bounds of the memory allocated to\r\n store the data, so could write past the bounds of allocated memory when\r\n storing the returned data.\r\n\r\n Affected functions: _fs_recv_conn_setup&#40;&#41;, fs_read_open_font&#40;&#41;,\r\n fs_read_query_info&#40;&#41;, fs_read_extent_info&#40;&#41;, fs_read_glyphs&#40;&#41;,\r\n fs_read_list&#40;&#41;, fs_read_list_info&#40;&#41;\r\n\r\n- CVE-2014-0211: integer overflows calculating memory needs for xfs replies\r\n\r\n These calls do not check that their calculations for how much memory\r\n is needed to handle the returned data have not overflowed, so can\r\n result in allocating too little memory and then writing the returned\r\n data past the end of the allocated buffer.\r\n\r\n Affected functions: fs_get_reply&#40;&#41;, fs_alloc_glyphs&#40;&#41;,\r\n fs_read_extent_info&#40;&#41;\r\n\r\n\r\nAffected Versions\r\n=================\r\n\r\nX.Org believes all prior versions of this library contain these flaws,\r\ndating back to its introduction in X11R5.\r\n\r\n\r\nFixes\r\n=====\r\n\r\nFixes are available in the patches for these libXfont git commits:\r\n\t2f5e57317339c526e6eaee1010b0e2ab8089c42e\r\n\t05c8020a49416dd8b7510cbba45ce4f3fc81a7dc\r\n\t891e084b26837162b12f841060086a105edde86d\r\n\tcbb64aef35960b2882be721f4b8fbaa0fb649d12\r\n\t0f1a5d372c143f91a602bdf10c917d7eabaee09b\r\n\t491291cabf78efdeec8f18b09e14726a9030cc8f\r\n\tc578408c1fd4db09e4e3173f8a9e65c81cc187c1\r\n\ta42f707f8a62973f5e8bbcd08afb10a79e9cee33\r\n\ta3f21421537620fc4e1f844a594a4bcd9f7e2bd8\r\n\t520683652564c2a4e42328ae23eef9bb63271565\r\n\t5fa73ac18474be3032ee7af9c6e29deab163ea39\r\n\td338f81df1e188eb16e1d6aeea7f4800f89c1218\r\n\r\nWhich are available now from:\r\n git://anongit.freedesktop.org/git/xorg/lib/libXfont\r\n http://cgit.freedesktop.org/xorg/lib/libXfont/\r\n\r\nFixes will also be included in these module releases from X.Org:\r\n libXfont 1.4.8\r\n libXfont 1.4.99.901 &#40;1.5.0 RC 1&#41;\r\n\r\nThanks\r\n======\r\n\r\nX.Org thanks Ilja van Sprundel of IOActive for reporting these issues to our\r\nsecurity team and assisting them in understanding them and evaluating our\r\nfixes, and Alan Coopersmith of Oracle for coordinating the X.Org response and\r\ndeveloping the fixes for these issues.\r\n\r\n-- -Alan Coopersmith- alan.coopersmith@oracle.com X.Org Security Response Team - xorg-security@lists.x.org\r\n\r\n\r\n\r\n_______________________________________________\r\nxorg-announce mailing list\r\nxorg-announce@lists.x.org\r\nhttp://lists.x.org/mailman/listinfo/xorg-announce\r\n\r\n", "edition": 1, "modified": "2014-05-15T00:00:00", "published": "2014-05-15T00:00:00", "id": "SECURITYVULNS:DOC:30744", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30744", "title": "[oss-security] Fwd: [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "DoS, memory corruptions.", "edition": 1, "modified": "2014-05-15T00:00:00", "published": "2014-05-15T00:00:00", "id": "SECURITYVULNS:VULN:13772", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13772", "title": "libXfont multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2211-1\r\nMay 14, 2014\r\n\r\nlibxfont vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 13.10\r\n- Ubuntu 12.10\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in libXfont.\r\n\r\nSoftware Description:\r\n- libxfont: X11 font rasterisation library\r\n\r\nDetails:\r\n\r\nIlja van Sprundel discovered that libXfont incorrectly handled font\r\nmetadata file parsing. A local attacker could use this issue to cause\r\nlibXfont to crash, or possibly execute arbitrary code in order to gain\r\nprivileges. &#40;CVE-2014-0209&#41;\r\n\r\nIlja van Sprundel discovered that libXfont incorrectly handled X Font\r\nServer replies. A malicious font server could return specially-crafted data\r\nthat could cause libXfont to crash, or possibly execute arbitrary code.\r\nThis issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10\r\nand Ubuntu 13.10. &#40;CVE-2014-0210, CVE-2014-0211&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.04 LTS:\r\n libxfont1 1:1.4.7-1ubuntu0.1\r\n\r\nUbuntu 13.10:\r\n libxfont1 1:1.4.6-1ubuntu0.2\r\n\r\nUbuntu 12.10:\r\n libxfont1 1:1.4.5-2ubuntu0.12.10.2\r\n\r\nUbuntu 12.04 LTS:\r\n libxfont1 1:1.4.4-1ubuntu0.2\r\n\r\nUbuntu 10.04 LTS:\r\n libxfont1 1:1.4.1-1ubuntu0.3\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2211-1\r\n CVE-2014-0209, CVE-2014-0210, CVE-2014-0211\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/libxfont/1:1.4.7-1ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/libxfont/1:1.4.6-1ubuntu0.2\r\n https://launchpad.net/ubuntu/+source/libxfont/1:1.4.5-2ubuntu0.12.10.2\r\n https://launchpad.net/ubuntu/+source/libxfont/1:1.4.4-1ubuntu0.2\r\n https://launchpad.net/ubuntu/+source/libxfont/1:1.4.1-1ubuntu0.3\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2014-05-15T00:00:00", "published": "2014-05-15T00:00:00", "id": "SECURITYVULNS:DOC:30726", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30726", "title": "[USN-2211-1] libXfont vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-2482", "CVE-2012-3544", "CVE-2014-4224", "CVE-2014-4208", "CVE-2014-4213", "CVE-2014-4262", "CVE-2014-4242", "CVE-2014-2490", "CVE-2014-4226", "CVE-2014-4251", "CVE-2014-4263", "CVE-2014-4238", "CVE-2014-2481", "CVE-2013-3774", "CVE-2014-2480", "CVE-2014-4250", "CVE-2014-4260", "CVE-2014-2479", "CVE-2014-4218", "CVE-2014-4254", "CVE-2014-4258", "CVE-2014-4221", "CVE-2014-4255", "CVE-2014-4253", "CVE-2014-4268", "CVE-2014-4203", "CVE-2014-4265", "CVE-2014-4231", "CVE-2014-4201", "CVE-2014-4233", "CVE-2013-5855", "CVE-2014-4210", "CVE-2014-4229", "CVE-2014-0224", "CVE-2014-4267", "CVE-2014-4266", "CVE-2014-2486", "CVE-2014-4270", "CVE-2014-0098", "CVE-2014-4214", "CVE-2014-2485", "CVE-2014-4222", "CVE-2013-1741", "CVE-2014-4257", "CVE-2014-4244", "CVE-2014-2494", "CVE-2014-2487", "CVE-2014-4205", "CVE-2014-4261", "CVE-2014-0436", "CVE-2014-2493", "CVE-2014-4206", "CVE-2014-2488", "CVE-2014-4215", "CVE-2014-4209", "CVE-2014-4245", "CVE-2014-0114", "CVE-2014-0211", "CVE-2013-4286", "CVE-2014-4234", "CVE-2014-2489", "CVE-2014-4269", "CVE-2014-4216", "CVE-2014-4230", "CVE-2013-3751", "CVE-2014-4264", "CVE-2014-2477", "CVE-2014-4220", "CVE-2014-4237", "CVE-2014-4204", "CVE-2014-4243", "CVE-2014-4217", "CVE-2014-4239", "CVE-2014-4248", "CVE-2014-4211", "CVE-2014-2496", "CVE-2014-2483", "CVE-2014-4235", "CVE-2014-0033", "CVE-2014-4225", "CVE-2014-4241", "CVE-2014-4246", "CVE-2014-4207", "CVE-2014-4232", "CVE-2014-4256", "CVE-2014-4227", "CVE-2014-4247", "CVE-2014-4252", "CVE-2014-2492", "CVE-2014-4228", "CVE-2014-4202", "CVE-2014-4212", "CVE-2014-2484", "CVE-2014-4236", "CVE-2014-4240", "CVE-2014-4219", "CVE-2014-2456", "CVE-2014-4249", "CVE-2013-1620", "CVE-2014-4223", "CVE-2014-4271", "CVE-2014-2491", "CVE-2014-2495"], "description": "Over 100 vulnerabilities in different applications are fixed in quarterly update.", "edition": 1, "modified": "2014-07-21T00:00:00", "published": "2014-07-21T00:00:00", "id": "SECURITYVULNS:VULN:13868", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13868", "title": "Oracle / Sun / PeopleSoft / MySQL applications security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:34", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "[1.2.2-1.0.6]\n- CVE-2014-0209: integer overflow of allocations in font metadata file parsing (bug 1163602, bug 1163601)\n- CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies (bug 1163602, bug 1163601)\n- CVE-2014-0211: integer overflows calculating memory needs for xfs replies (bug 1163602, bug 1163601)", "edition": 4, "modified": "2014-11-24T00:00:00", "published": "2014-11-24T00:00:00", "id": "ELSA-2014-1893", "href": "http://linux.oracle.com/errata/ELSA-2014-1893.html", "title": "libXfont security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:57", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "[1.4.5-4]\n- CVE-2014-0209: integer overflow of allocations in font metadata file parsing (bug 1163602, bug 1163601)\n- CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies (bug 1163602, bug 1163601)\n- CVE-2014-0211: integer overflows calculating memory needs for xfs replies (bug 1163602, bug 1163601)", "edition": 4, "modified": "2014-11-18T00:00:00", "published": "2014-11-18T00:00:00", "id": "ELSA-2014-1870", "href": "http://linux.oracle.com/errata/ELSA-2014-1870.html", "title": "libXfont security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:20:27", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2927-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nMay 13, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : libxfont\nCVE ID : CVE-2014-0209 CVE-2014-0210 CVE-2014-0211\n\nIlja van Sprundel of IOActive discovered several security issues in the\nX.Org libXfont library, which may allow a local, authenticated user to\nattempt to raise privileges; or a remote attacker who can control the\nfont server to attempt to execute code with the privileges of the X\nserver.\n\nCVE-2014-0209\n\n Integer overflow of allocations in font metadata file parsing could\n allow a local user who is already authenticated to the X server to\n overwrite other memory in the heap.\n\nCVE-2014-0210\n\n libxfont does not validate length fields when parsing xfs protocol\n replies allowing to write past the bounds of allocated memory when\n storing the returned data from the font server.\n\nCVE-2014-0211\n\n Integer overflows calculating memory needs for xfs replies could\n result in allocating too little memory and then writing the returned\n data from the font server past the end of the allocated buffer.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:1.4.1-5.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1:1.4.5-4.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:1.4.7-2.\n\nWe recommend that you upgrade your libxfont packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 4, "modified": "2014-05-13T21:51:45", "published": "2014-05-13T21:51:45", "id": "DEBIAN:DSA-2927-1:0278C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00108.html", "title": "[SECURITY] [DSA 2927-1] libxfont security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:41", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211"], "description": "The libXfont packages provide the X.Org libXfont runtime library. X.Org is\nan open source implementation of the X Window System.\n\nA use-after-free flaw was found in the way libXfont processed certain font\nfiles when attempting to add a new directory to the font path. A malicious,\nlocal user could exploit this issue to potentially execute arbitrary code\nwith the privileges of the X.Org server. (CVE-2014-0209)\n\nMultiple out-of-bounds write flaws were found in the way libXfont parsed\nreplies received from an X.org font server. A malicious X.org server could\ncause an X client to crash or, possibly, execute arbitrary code with the\nprivileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211)\n\nRed Hat would like to thank the X.org project for reporting these issues.\nUpstream acknowledges Ilja van Sprundel as the original reporter.\n\nUsers of libXfont should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. All running X.Org server instances\nmust be restarted for the update to take effect.\n", "modified": "2017-09-08T12:14:04", "published": "2014-11-24T05:00:00", "id": "RHSA-2014:1893", "href": "https://access.redhat.com/errata/RHSA-2014:1893", "type": "redhat", "title": "(RHSA-2014:1893) Important: libXfont security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:58", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211"], "description": "The libXfont packages provide the X.Org libXfont runtime library. X.Org is\nan open source implementation of the X Window System.\n\nA use-after-free flaw was found in the way libXfont processed certain font\nfiles when attempting to add a new directory to the font path. A malicious,\nlocal user could exploit this issue to potentially execute arbitrary code\nwith the privileges of the X.Org server. (CVE-2014-0209)\n\nMultiple out-of-bounds write flaws were found in the way libXfont parsed\nreplies received from an X.org font server. A malicious X.org server could\ncause an X client to crash or, possibly, execute arbitrary code with the\nprivileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211)\n\nRed Hat would like to thank the X.org project for reporting these issues.\nUpstream acknowledges Ilja van Sprundel as the original reporter.\n\nUsers of libXfont should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. All running X.Org server instances\nmust be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:21", "published": "2014-11-18T05:00:00", "id": "RHSA-2014:1870", "href": "https://access.redhat.com/errata/RHSA-2014:1870", "type": "redhat", "title": "(RHSA-2014:1870) Important: libXfont security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:27:45", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "**CentOS Errata and Security Advisory** CESA-2014:1893\n\n\nThe libXfont packages provide the X.Org libXfont runtime library. X.Org is\nan open source implementation of the X Window System.\n\nA use-after-free flaw was found in the way libXfont processed certain font\nfiles when attempting to add a new directory to the font path. A malicious,\nlocal user could exploit this issue to potentially execute arbitrary code\nwith the privileges of the X.Org server. (CVE-2014-0209)\n\nMultiple out-of-bounds write flaws were found in the way libXfont parsed\nreplies received from an X.org font server. A malicious X.org server could\ncause an X client to crash or, possibly, execute arbitrary code with the\nprivileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211)\n\nRed Hat would like to thank the X.org project for reporting these issues.\nUpstream acknowledges Ilja van Sprundel as the original reporter.\n\nUsers of libXfont should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. All running X.Org server instances\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-November/032820.html\n\n**Affected packages:**\nlibXfont\nlibXfont-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1893.html", "edition": 3, "modified": "2014-11-25T11:10:27", "published": "2014-11-25T11:10:27", "href": "http://lists.centos.org/pipermail/centos-announce/2014-November/032820.html", "id": "CESA-2014:1893", "title": "libXfont security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:27:20", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "**CentOS Errata and Security Advisory** CESA-2014:1870\n\n\nThe libXfont packages provide the X.Org libXfont runtime library. X.Org is\nan open source implementation of the X Window System.\n\nA use-after-free flaw was found in the way libXfont processed certain font\nfiles when attempting to add a new directory to the font path. A malicious,\nlocal user could exploit this issue to potentially execute arbitrary code\nwith the privileges of the X.Org server. (CVE-2014-0209)\n\nMultiple out-of-bounds write flaws were found in the way libXfont parsed\nreplies received from an X.org font server. A malicious X.org server could\ncause an X client to crash or, possibly, execute arbitrary code with the\nprivileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211)\n\nRed Hat would like to thank the X.org project for reporting these issues.\nUpstream acknowledges Ilja van Sprundel as the original reporter.\n\nUsers of libXfont should upgrade to these updated packages, which contain a\nbackported patch to resolve this issue. All running X.Org server instances\nmust be restarted for the update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-November/032806.html\nhttp://lists.centos.org/pipermail/centos-announce/2014-November/032807.html\n\n**Affected packages:**\nlibXfont\nlibXfont-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1870.html", "edition": 3, "modified": "2014-11-18T18:33:30", "published": "2014-11-18T14:18:34", "href": "http://lists.centos.org/pipermail/centos-announce/2014-November/032806.html", "id": "CESA-2014:1870", "title": "libXfont security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:34:21", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "Ilja van Sprundel discovered that libXfont incorrectly handled font \nmetadata file parsing. A local attacker could use this issue to cause \nlibXfont to crash, or possibly execute arbitrary code in order to gain \nprivileges. (CVE-2014-0209)\n\nIlja van Sprundel discovered that libXfont incorrectly handled X Font \nServer replies. A malicious font server could return specially-crafted data \nthat could cause libXfont to crash, or possibly execute arbitrary code. \nThis issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10 \nand Ubuntu 13.10. (CVE-2014-0210, CVE-2014-0211)", "edition": 5, "modified": "2014-05-14T00:00:00", "published": "2014-05-14T00:00:00", "id": "USN-2211-1", "href": "https://ubuntu.com/security/notices/USN-2211-1", "title": "libXfont vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:27", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0211", "CVE-2014-0209", "CVE-2014-0210"], "description": "\nAlan Coopersmith reports:\n\nIlja van Sprundel, a security researcher with IOActive, has\n\t discovered several issues in the way the libXfont library\n\t handles the responses it receives from xfs servers, and has\n\t worked with X.Org's security team to analyze, confirm, and fix\n\t these issues.\nMost of these issues stem from libXfont trusting the font server\n\t to send valid protocol data, and not verifying that the values\n\t will not overflow or cause other damage. This code is commonly\n\t called from the X server when an X Font Server is active in the\n\t font path, so may be running in a setuid-root process depending\n\t on the X server in use. Exploits of this path could be used by\n\t a local, authenticated user to attempt to raise privileges; or\n\t by a remote attacker who can control the font server to attempt\n\t to execute code with the privileges of the X server.\n\n", "edition": 4, "modified": "2015-07-15T00:00:00", "published": "2014-05-13T00:00:00", "id": "B060EE50-DABA-11E3-99F2-BCAEC565249C", "href": "https://vuxml.freebsd.org/freebsd/b060ee50-daba-11e3-99f2-bcaec565249c.html", "title": "libXfont -- X Font Service Protocol and Font metadata file handling issues", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6462", "CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211"], "description": "X.Org X11 libXfont runtime library ", "modified": "2014-07-16T02:01:16", "published": "2014-07-16T02:01:16", "id": "FEDORA:2F66C2216A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: libXfont-1.4.8-1.fc20", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6462", "CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211"], "description": "X.Org X11 libXfont runtime library ", "modified": "2014-07-23T03:01:35", "published": "2014-07-23T03:01:35", "id": "FEDORA:0E1E921DFE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: libXfont-1.4.8-1.fc19", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895", "CVE-2011-4028", "CVE-2013-4396", "CVE-2013-6462", "CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211", "CVE-2014-8092", "CVE-2014-8093", "CVE-2014-8095", "CVE-2014-8096", "CVE-2014-8097", "CVE-2014-8098", "CVE-2014-8099", "CVE-2014-8100", "CVE-2014-8101", "CVE-2014-8102", "CVE-2015-0255"], "description": "NX is a software suite which implements very efficient compression of the X11 protocol. This increases performance when using X applications over a network, especially a slow one. This package provides the core nx-X11 libraries customized for nxagent/x2goagent. ", "modified": "2015-03-26T21:51:39", "published": "2015-03-26T21:51:39", "id": "FEDORA:A13DB60C7030", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: nx-libs-3.5.0.29-1.fc21", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895", "CVE-2011-4028", "CVE-2013-4396", "CVE-2013-6462", "CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211", "CVE-2014-8092", "CVE-2014-8093", "CVE-2014-8095", "CVE-2014-8096", "CVE-2014-8097", "CVE-2014-8098", "CVE-2014-8099", "CVE-2014-8100", "CVE-2014-8101", "CVE-2014-8102", "CVE-2015-0255"], "description": "NX is a software suite which implements very efficient compression of the X11 protocol. This increases performance when using X applications over a network, especially a slow one. This package provides the core nx-X11 libraries customized for nxagent/x2goagent. ", "modified": "2015-03-26T21:29:40", "published": "2015-03-26T21:29:40", "id": "FEDORA:A5A9D608A4BC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: nx-libs-3.5.0.29-1.fc20", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2895", "CVE-2011-4028", "CVE-2013-4396", "CVE-2013-6462", "CVE-2014-0209", "CVE-2014-0210", "CVE-2014-0211", "CVE-2014-8092", "CVE-2014-8093", "CVE-2014-8095", "CVE-2014-8096", "CVE-2014-8097", "CVE-2014-8098", "CVE-2014-8099", "CVE-2014-8100", "CVE-2014-8101", "CVE-2014-8102", "CVE-2015-0255"], "description": "NX is a software suite which implements very efficient compression of the X11 protocol. This increases performance when using X applications over a network, especially a slow one. This package provides the core nx-X11 libraries customized for nxagent/x2goagent. ", "modified": "2015-03-21T04:53:26", "published": "2015-03-21T04:53:26", "id": "FEDORA:593706093B2E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: nx-libs-3.5.0.29-1.fc22", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oracle": [{"lastseen": "2019-05-29T18:20:55", "bulletinFamily": "software", "cvelist": ["CVE-2014-2482", "CVE-2012-3544", "CVE-2014-4224", "CVE-2014-4208", "CVE-2014-4213", "CVE-2014-4262", "CVE-2014-4242", "CVE-2014-2490", "CVE-2014-4226", "CVE-2014-4251", "CVE-2014-4263", "CVE-2014-4238", "CVE-2014-2481", "CVE-2013-3774", "CVE-2014-2480", "CVE-2014-4250", "CVE-2014-4260", "CVE-2014-2479", "CVE-2014-4218", "CVE-2014-4254", "CVE-2014-4258", "CVE-2014-4221", "CVE-2013-6449", "CVE-2014-4255", "CVE-2014-4253", "CVE-2014-4268", "CVE-2013-2172", "CVE-2014-4203", "CVE-2014-4265", "CVE-2014-4231", "CVE-2014-4201", "CVE-2014-4233", "CVE-2013-5855", "CVE-2014-4210", "CVE-2014-4229", "CVE-2013-5605", "CVE-2014-0224", "CVE-2014-4267", "CVE-2014-4266", "CVE-2014-2486", "CVE-2014-4270", "CVE-2014-0098", "CVE-2014-4214", "CVE-2014-2485", "CVE-2014-4222", "CVE-2013-1741", "CVE-2014-4257", "CVE-2014-4244", "CVE-2014-2494", "CVE-2014-2487", "CVE-2014-4205", "CVE-2014-4261", "CVE-2014-0436", "CVE-2013-1740", "CVE-2014-2493", "CVE-2014-4206", "CVE-2014-0099", "CVE-2013-6438", "CVE-2014-3470", "CVE-2014-2488", "CVE-2013-1739", "CVE-2014-4215", "CVE-2014-0119", "CVE-2014-1492", "CVE-2014-4209", "CVE-2013-6450", "CVE-2014-4245", "CVE-2013-5606", "CVE-2014-0114", "CVE-2014-0211", "CVE-2013-4322", "CVE-2014-0050", "CVE-2013-2461", "CVE-2014-1490", "CVE-2010-5298", "CVE-2014-0160", "CVE-2013-4286", "CVE-2014-0209", "CVE-2014-0210", "CVE-2014-4234", "CVE-2014-2489", "CVE-2014-0195", "CVE-2014-4269", "CVE-2014-0198", "CVE-2014-4216", "CVE-2014-4230", "CVE-2013-3751", "CVE-2014-4264", "CVE-2014-2477", "CVE-2014-4220", "CVE-2014-4237", "CVE-2014-4204", "CVE-2014-0096", "CVE-2014-4243", "CVE-2014-4217", "CVE-2014-4239", "CVE-2014-4248", "CVE-2014-0075", "CVE-2014-4211", "CVE-2014-2496", "CVE-2014-2483", "CVE-2014-4235", "CVE-2014-0033", "CVE-2014-4225", "CVE-2014-4241", "CVE-2014-4246", "CVE-2014-4207", "CVE-2014-4232", "CVE-2014-4256", "CVE-2014-1491", "CVE-2014-4227", "CVE-2014-4247", "CVE-2014-4252", "CVE-2014-2492", "CVE-2014-4228", "CVE-2014-4202", "CVE-2014-4212", "CVE-2014-2484", "CVE-2014-4236", "CVE-2014-4240", "CVE-2014-4219", "CVE-2014-2456", "CVE-2014-4249", "CVE-2013-1620", "CVE-2014-4223", "CVE-2014-4271", "CVE-2014-0221", "CVE-2014-2491", "CVE-2014-2495"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are generally cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.** This Critical Patch Update contains 113 new security fixes across the product families listed below.\n\nPlease note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\nPlease note that on April 18, 2014, Oracle released a [Security Alert for CVE-2014-0160 OpenSSL \"Heartbleed\"](<http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html>). This Critical Patch Update includes an update to MySQL Enterprise Server 5.6 and this update includes a fix for vulnerability CVE-2014-0160. Customers of other Oracle products are strongly advised to apply the [fixes ](<http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html>) that were announced in the Security Alert for CVE-2014-0160.\n", "modified": "2014-07-24T00:00:00", "published": "2014-07-15T00:00:00", "id": "ORACLE:CPUJUL2014-1972956", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - July 2014", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}