Lucene search
Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-571-1.NASLHistoryJan 18, 2008 - 12:00 a.m.
Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libxfont, xorg-server vulnerabilities (USN-571-1)
2008-01-1800:00:00
Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429)
It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. (CVE-2007-5958)
It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges. (CVE-2008-0006).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-571-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(30019);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2007-5760", "CVE-2007-5958", "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429", "CVE-2008-0006");
script_xref(name:"USN", value:"571-1");
script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libxfont, xorg-server vulnerabilities (USN-571-1)");
script_summary(english:"Checks dpkg output for updated packages.");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Ubuntu host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"Multiple overflows were discovered in the XFree86-Misc, XInput-Misc,
TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate
function arguments. An authenticated attacker could send specially
crafted requests and gain root privileges. (CVE-2007-5760,
CVE-2007-6427, CVE-2007-6428, CVE-2007-6429)
It was discovered that the X.org server did not use user privileges
when attempting to open security policy files. Local attackers could
exploit this to probe for files in directories they would not normally
be able to access. (CVE-2007-5958)
It was discovered that the PCF font handling code did not correctly
validate the size of fonts. An authenticated attacker could load a
specially crafted font and gain additional privileges. (CVE-2008-0006).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://usn.ubuntu.com/571-1/"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_cwe_id(119, 189, 200, 362, 399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxfont-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxfont1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxfont1-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xdmx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xdmx-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xnest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xprint");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xprint-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xephyr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xvfb");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10");
script_set_attribute(attribute:"patch_publication_date", value:"2008/01/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/18");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Ubuntu Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(6\.06|6\.10|7\.04|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04 / 7.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
flag = 0;
if (ubuntu_check(osver:"6.06", pkgname:"libxfont-dev", pkgver:"1.0.0-0ubuntu3.4")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libxfont1", pkgver:"1:1.0.0-0ubuntu3.4")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libxfont1-dbg", pkgver:"1.0.0-0ubuntu3.4")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"xdmx", pkgver:"1.0.2-0ubuntu10.8")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"xdmx-tools", pkgver:"1.0.2-0ubuntu10.8")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"xnest", pkgver:"1.0.2-0ubuntu10.8")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"xserver-xorg-core", pkgver:"1:1.0.2-0ubuntu10.8")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"xserver-xorg-dev", pkgver:"1.0.2-0ubuntu10.8")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"xvfb", pkgver:"1.0.2-0ubuntu10.8")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"libxfont-dev", pkgver:"1.2.0-0ubuntu3.2")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"libxfont1", pkgver:"1:1.2.0-0ubuntu3.2")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"libxfont1-dbg", pkgver:"1.2.0-0ubuntu3.2")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"xdmx", pkgver:"1.1.1-0ubuntu12.3")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"xdmx-tools", pkgver:"1.1.1-0ubuntu12.3")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"xnest", pkgver:"1.1.1-0ubuntu12.3")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"xserver-xephyr", pkgver:"1.1.1-0ubuntu12.3")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"xserver-xorg-core", pkgver:"1:1.1.1-0ubuntu12.3")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"xserver-xorg-dev", pkgver:"1.1.1-0ubuntu12.3")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"xvfb", pkgver:"1.1.1-0ubuntu12.3")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"libxfont-dev", pkgver:"1.2.7-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"libxfont1", pkgver:"1:1.2.7-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"libxfont1-dbg", pkgver:"1.2.7-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"xdmx", pkgver:"1.2.0-3ubuntu8.1")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"xdmx-tools", pkgver:"1.2.0-3ubuntu8.1")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"xnest", pkgver:"1.2.0-3ubuntu8.1")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"xserver-xephyr", pkgver:"1.2.0-3ubuntu8.1")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"xserver-xorg-core", pkgver:"2:1.2.0-3ubuntu8.1")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"xserver-xorg-dev", pkgver:"1.2.0-3ubuntu8.1")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"xvfb", pkgver:"1.2.0-3ubuntu8.1")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"libxfont-dev", pkgver:"1.3.0-0ubuntu1.1")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"libxfont1", pkgver:"1:1.3.0-0ubuntu1.1")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"libxfont1-dbg", pkgver:"1.3.0-0ubuntu1.1")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xdmx", pkgver:"1.3.0.0.dfsg-12ubuntu8.1")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xdmx-tools", pkgver:"1.3.0.0.dfsg-12ubuntu8.1")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xnest", pkgver:"1.3.0.0.dfsg-12ubuntu8.1")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xprint", pkgver:"1.3.0.0.dfsg-12ubuntu8.1")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xprint-common", pkgver:"1.3.0.0.dfsg-12ubuntu8.1")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xserver-xephyr", pkgver:"1.3.0.0.dfsg-12ubuntu8.1")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xserver-xorg-core", pkgver:"2:1.3.0.0.dfsg-12ubuntu8.1")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xserver-xorg-core-dbg", pkgver:"1.3.0.0.dfsg-12ubuntu8.1")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xserver-xorg-dev", pkgver:"1.3.0.0.dfsg-12ubuntu8.1")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xvfb", pkgver:"1.3.0.0.dfsg-12ubuntu8.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxfont-dev / libxfont1 / libxfont1-dbg / xdmx / xdmx-tools / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | libxfont-dev | p-cpe:/a:canonical:ubuntu_linux:libxfont-dev |
| canonical | ubuntu_linux | libxfont1 | p-cpe:/a:canonical:ubuntu_linux:libxfont1 |
| canonical | ubuntu_linux | libxfont1-dbg | p-cpe:/a:canonical:ubuntu_linux:libxfont1-dbg |
| canonical | ubuntu_linux | xdmx | p-cpe:/a:canonical:ubuntu_linux:xdmx |
| canonical | ubuntu_linux | xdmx-tools | p-cpe:/a:canonical:ubuntu_linux:xdmx-tools |
| canonical | ubuntu_linux | xnest | p-cpe:/a:canonical:ubuntu_linux:xnest |
| canonical | ubuntu_linux | xprint | p-cpe:/a:canonical:ubuntu_linux:xprint |
| canonical | ubuntu_linux | xprint-common | p-cpe:/a:canonical:ubuntu_linux:xprint-common |
| canonical | ubuntu_linux | xserver-xephyr | p-cpe:/a:canonical:ubuntu_linux:xserver-xephyr |
| canonical | ubuntu_linux | xserver-xorg-core | p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5760
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5958
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6427
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6428
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6429
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0006
usn.ubuntu.com/571-1/
Related
nessus
nessus
Mandriva Linux Security Advisory : x11-server (MDVSA-2008:023)
2009-04-23 00:00:00
Solaris 10 (sparc) : 125719-57
2018-03-12 00:00:00
GLSA-200801-09 : X.Org X server and Xfont library: Multiple vulnerabilities
2008-01-21 00:00:00
openvas
openvas
FreeBSD Ports: xorg-server
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200801-09 (xorg-server libXfont)
2008-09-24 00:00:00
Fedora Update for xorg-x11-server FEDORA-2008-0760
2009-02-17 00:00:00
osv
osv
libxfont xfree86 xorg-server - several vulnerabilities
2008-01-21 00:00:00
gentoo
gentoo
X.Org X server and Xfont library: Multiple vulnerabilities
2008-01-20 00:00:00
debian
debian
[SECURITY] [DSA 1466-2] New xorg-server packages fix regression
2008-01-19 13:10:16
[SECURITY] [DSA 1466-3] New xfree86 packages fix regression
2008-01-21 18:53:21
[SECURITY] [DSA 1466-1] New xorg-server packages fix several vulnerabilities
2008-01-17 18:55:05
securityvulns
securityvulns
[USN-571-1] X.org vulnerabilities
2008-01-20 00:00:00
XFree86 / X.Org / NX multiple security vulnerabilities
2008-04-08 00:00:00
ubuntu
ubuntu
X.org vulnerabilities
2008-01-18 00:00:00
X.org regression
2008-01-19 00:00:00
freebsd
freebsd
xorg -- multiple vulnerabilities
2008-01-18 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: xorg-x11-server-1.3.0.0-15.fc7
2008-01-22 15:49:43
[SECURITY] Fedora 8 Update: xorg-x11-server-1.3.0.0-39.fc8
2008-01-22 15:32:21
[SECURITY] Fedora 7 Update: libXfont-1.2.9-3.fc7
2008-01-22 15:59:35
suse
suse
remote code execution in Xorg and XFree
2008-01-17 15:28:59
redhat
redhat
(RHSA-2008:0031) Important: xorg-x11-server security update
2008-01-17 00:00:00
(RHSA-2008:0030) Important: xorg-x11 security update
2008-01-17 00:00:00
(RHSA-2008:0029) Important: XFree86 security update
2008-01-18 00:00:00
oraclelinux
oraclelinux
Important: xorg-x11-server security update
2008-01-17 00:00:00
Important: XFree86 security update
2008-01-18 00:00:00
Important: xorg-x11 security update
2008-01-17 00:00:00
altlinux
altlinux
centos
centos
xorg security update
2008-01-18 23:23:09
xorg security update
2008-01-18 01:10:07
XFree86 security update
2008-01-18 15:04:04
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:24:16
Information Disclosure
2020-04-10 00:24:16
Arbitrary Code Execution
2020-04-10 00:24:16
prion
prion
Design/Logic Flaw
2008-01-18 23:00:00
Cross site request forgery (csrf)
2008-01-18 23:00:00
Design/Logic Flaw
2008-01-18 23:00:00
cve
cve
ubuntucve
ubuntucve
debiancve
debiancve
seebug
seebug
X.Org xorg-server <= 1.1.1-48.13 Probe for Files Exploit PoC
2008-02-21 00:00:00
X.Org xorg-server <= 1.1.1-48.13 - Probe for Files Exploit PoC
2014-07-01 00:00:00
X.Org X Server MIT-SHMεEVIζ©ε±ζ΄ζ°ζΊ’εΊζΌζ΄
2008-01-22 00:00:00
exploitpack
exploitpack
X.Org xorg-server 1.1.1-48.13 - Probe for Files (PoC)
2008-02-19 00:00:00
packetstorm
packetstorm
xorg-disclose.txt
2008-02-20 00:00:00
cert
cert
X.Org PCF font parser buffer overflow
2008-03-19 00:00:00
checkpoint_advisories
checkpoint_advisories
X.Org X Server PCF Font Parser Buffer Overflow (CVE-2008-0006)
2010-02-25 00:00:00
jvn
jvn
JVN#88935101: X.Org Foundation X server buffer overflow vulnerability
2008-06-10 00:00:00
exploitdb
exploitdb
X.Org xorg-server 1.1.1-48.13 - Probe for Files (PoC)
2008-02-19 00:00:00
Related for UBUNTU_USN-571-1.NASL