Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-571-2.NASL
HistoryJan 21, 2008 - 12:00 a.m.

Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : xorg-server regression (USN-571-2)

2008-01-2100:00:00
Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

USN-571-1 fixed vulnerabilities in X.org. The upstream fixes were incomplete, and under certain situations, applications using the MIT-SHM extension (e.g. Java, wxWidgets) would crash with BadAlloc X errors. This update fixes the problem.

We apologize for the inconvenience.

Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429)

It was discovered that the X.org server did not use user privileges when attempting to open security policy files.
Local attackers could exploit this to probe for files in directories they would not normally be able to access.
(CVE-2007-5958)

It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges. (CVE-2008-0006).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-571-2. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(30042);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2007-5760", "CVE-2007-5958", "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429", "CVE-2008-0006");
  script_xref(name:"USN", value:"571-2");

  script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : xorg-server regression (USN-571-2)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"USN-571-1 fixed vulnerabilities in X.org. The upstream fixes were
incomplete, and under certain situations, applications using the
MIT-SHM extension (e.g. Java, wxWidgets) would crash with BadAlloc X
errors. This update fixes the problem.

We apologize for the inconvenience.

Multiple overflows were discovered in the XFree86-Misc, XInput-Misc,
TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate
function arguments. An authenticated attacker could send specially
crafted requests and gain root privileges. (CVE-2007-5760,
CVE-2007-6427, CVE-2007-6428, CVE-2007-6429)

It was discovered that the X.org server did not use user
privileges when attempting to open security policy files.
Local attackers could exploit this to probe for files in
directories they would not normally be able to access.
(CVE-2007-5958)

It was discovered that the PCF font handling code did not
correctly validate the size of fonts. An authenticated
attacker could load a specially crafted font and gain
additional privileges. (CVE-2008-0006).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/571-2/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_cwe_id(119, 189, 200, 362, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xdmx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xdmx-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xnest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xprint");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xprint-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xephyr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:xvfb");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/01/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(6\.06|6\.10|7\.04|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04 / 7.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"xdmx", pkgver:"1.0.2-0ubuntu10.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"xdmx-tools", pkgver:"1.0.2-0ubuntu10.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"xnest", pkgver:"1.0.2-0ubuntu10.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"xserver-xorg-core", pkgver:"1:1.0.2-0ubuntu10.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"xserver-xorg-dev", pkgver:"1.0.2-0ubuntu10.10")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"xvfb", pkgver:"1.0.2-0ubuntu10.10")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"xdmx", pkgver:"1.1.1-0ubuntu12.5")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"xdmx-tools", pkgver:"1.1.1-0ubuntu12.5")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"xnest", pkgver:"1.1.1-0ubuntu12.5")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"xserver-xephyr", pkgver:"1.1.1-0ubuntu12.5")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"xserver-xorg-core", pkgver:"1:1.1.1-0ubuntu12.5")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"xserver-xorg-dev", pkgver:"1.1.1-0ubuntu12.5")) flag++;
if (ubuntu_check(osver:"6.10", pkgname:"xvfb", pkgver:"1.1.1-0ubuntu12.5")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"xdmx", pkgver:"1.2.0-3ubuntu8.3")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"xdmx-tools", pkgver:"1.2.0-3ubuntu8.3")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"xnest", pkgver:"1.2.0-3ubuntu8.3")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"xserver-xephyr", pkgver:"1.2.0-3ubuntu8.3")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"xserver-xorg-core", pkgver:"2:1.2.0-3ubuntu8.3")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"xserver-xorg-dev", pkgver:"1.2.0-3ubuntu8.3")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"xvfb", pkgver:"1.2.0-3ubuntu8.3")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xdmx", pkgver:"1.3.0.0.dfsg-12ubuntu8.3")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xdmx-tools", pkgver:"1.3.0.0.dfsg-12ubuntu8.3")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xnest", pkgver:"1.3.0.0.dfsg-12ubuntu8.3")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xprint", pkgver:"1.3.0.0.dfsg-12ubuntu8.3")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xprint-common", pkgver:"1.3.0.0.dfsg-12ubuntu8.3")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xserver-xephyr", pkgver:"1.3.0.0.dfsg-12ubuntu8.3")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xserver-xorg-core", pkgver:"2:1.3.0.0.dfsg-12ubuntu8.3")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xserver-xorg-core-dbg", pkgver:"1.3.0.0.dfsg-12ubuntu8.3")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xserver-xorg-dev", pkgver:"1.3.0.0.dfsg-12ubuntu8.3")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"xvfb", pkgver:"1.3.0.0.dfsg-12ubuntu8.3")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xdmx / xdmx-tools / xnest / xprint / xprint-common / xserver-xephyr / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxxdmxp-cpe:/a:canonical:ubuntu_linux:xdmx
canonicalubuntu_linuxxdmx-toolsp-cpe:/a:canonical:ubuntu_linux:xdmx-tools
canonicalubuntu_linuxxnestp-cpe:/a:canonical:ubuntu_linux:xnest
canonicalubuntu_linuxxprintp-cpe:/a:canonical:ubuntu_linux:xprint
canonicalubuntu_linuxxprint-commonp-cpe:/a:canonical:ubuntu_linux:xprint-common
canonicalubuntu_linuxxserver-xephyrp-cpe:/a:canonical:ubuntu_linux:xserver-xephyr
canonicalubuntu_linuxxserver-xorg-corep-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core
canonicalubuntu_linuxxserver-xorg-core-dbgp-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core-dbg
canonicalubuntu_linuxxserver-xorg-devp-cpe:/a:canonical:ubuntu_linux:xserver-xorg-dev
canonicalubuntu_linuxxvfbp-cpe:/a:canonical:ubuntu_linux:xvfb
Rows per page:
1-10 of 141

Related

fedora 4
suse 1
nessus 47
debian 3
securityvulns 6
ubuntu 2
openvas 55
freebsd 1
osv 1
gentoo 1
oraclelinux 4
redhat 4
centos 5
altlinux 2
prion 6
debiancve 6
cve 6
ubuntucve 6
veracode 6
seebug 3
exploitpack 1
packetstorm 1
checkpoint_advisories 1
cert 1
jvn 1
fedora
fedora
[SECURITY] Fedora 7 Update: xorg-x11-server-1.3.0.0-15.fc7
2008-01-22 15:49:43
[SECURITY] Fedora 8 Update: xorg-x11-server-1.3.0.0-39.fc8
2008-01-22 15:32:21
[SECURITY] Fedora 7 Update: libXfont-1.2.9-3.fc7
2008-01-22 15:59:35
suse
suse
remote code execution in Xorg and XFree
2008-01-17 15:28:59
nessus
nessus
Solaris 10 (sparc) : 125719-58 (deprecated)
2007-10-12 00:00:00
Debian DSA-1466-1 : xorg-server - several vulnerabilities
2008-01-27 00:00:00
FreeBSD : xorg -- multiple vulnerabilities (fe2b6597-c9a4-11dc-8da8-0008a18a9961)
2008-01-27 00:00:00
debian
debian
[SECURITY] [DSA 1466-3] New xfree86 packages fix regression
2008-01-21 18:53:21
[SECURITY] [DSA 1466-2] New xorg-server packages fix regression
2008-01-19 13:10:16
[SECURITY] [DSA 1466-1] New xorg-server packages fix several vulnerabilities
2008-01-17 18:55:05
securityvulns
securityvulns
XFree86 / X.Org / NX multiple security vulnerabilities
2008-04-08 00:00:00
[USN-571-1] X.org vulnerabilities
2008-01-20 00:00:00
iDefense Security Advisory 01.17.08: Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability
2008-01-20 00:00:00
ubuntu
ubuntu
X.org regression
2008-01-19 00:00:00
X.org vulnerabilities
2008-01-18 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200804-05 (nx, nxnode)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200804-05 (nx, nxnode)
2008-09-24 00:00:00
Debian Security Advisory DSA 1466-2 (xorg-server, libxfont, xfree86)
2008-01-31 00:00:00
freebsd
freebsd
xorg -- multiple vulnerabilities
2008-01-18 00:00:00
osv
osv
libxfont xfree86 xorg-server - several vulnerabilities
2008-01-21 00:00:00
gentoo
gentoo
X.Org X server and Xfont library: Multiple vulnerabilities
2008-01-20 00:00:00
oraclelinux
oraclelinux
Important: xorg-x11-server security update
2008-01-17 00:00:00
Important: xorg-x11 security update
2008-01-17 00:00:00
Important: XFree86 security update
2008-01-18 00:00:00
redhat
redhat
(RHSA-2008:0031) Important: xorg-x11-server security update
2008-01-17 00:00:00
(RHSA-2008:0030) Important: xorg-x11 security update
2008-01-17 00:00:00
(RHSA-2008:0029) Important: XFree86 security update
2008-01-18 00:00:00
centos
centos
xorg security update
2008-01-18 23:23:09
xorg security update
2008-01-18 01:10:07
XFree86 security update
2008-01-18 15:04:04
altlinux
altlinux
Security fix for the ALT Linux 10 package xorg-server version 2:1.4.0.90-alt5
2008-01-17 00:00:00
Security fix for the ALT Linux 10 package xorg-server version 2:1.4.0.90-alt6
2008-01-18 00:00:00
prion
prion
Design/Logic Flaw
2008-01-18 23:00:00
Cross site request forgery (csrf)
2008-01-18 23:00:00
Design/Logic Flaw
2008-01-18 23:00:00
debiancve
debiancve
CVE-2007-5760
2008-01-18 23:00:00
CVE-2007-6428
2008-01-18 23:00:00
CVE-2007-5958
2008-01-18 23:00:00
cve
cve
CVE-2007-5760
2008-01-18 23:00:00
CVE-2007-6428
2008-01-18 23:00:00
CVE-2007-5958
2008-01-18 23:00:00
ubuntucve
ubuntucve
CVE-2007-5760
2008-01-18 00:00:00
CVE-2007-6428
2008-01-18 00:00:00
CVE-2007-5958
2008-01-18 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:24:16
Arbitrary Code Execution
2020-04-10 00:24:16
Information Disclosure
2020-04-10 00:24:16
seebug
seebug
X.Org xorg-server &lt;= 1.1.1-48.13 Probe for Files Exploit PoC
2008-02-21 00:00:00
X.Org xorg-server <= 1.1.1-48.13 - Probe for Files Exploit PoC
2014-07-01 00:00:00
X.Org X Server MIT-SHM及EVIζ‰©ε±•ζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄ž
2008-01-22 00:00:00
exploitpack
exploitpack
X.Org xorg-server 1.1.1-48.13 - Probe for Files (PoC)
2008-02-19 00:00:00
packetstorm
packetstorm
xorg-disclose.txt
2008-02-20 00:00:00
checkpoint_advisories
checkpoint_advisories
X.Org X Server PCF Font Parser Buffer Overflow (CVE-2008-0006)
2010-02-25 00:00:00
cert
cert
X.Org PCF font parser buffer overflow
2008-03-19 00:00:00
jvn
jvn
JVN#88935101: X.Org Foundation X server buffer overflow vulnerability
2008-06-10 00:00:00
JSON
Related for UBUNTU_USN-571-2.NASL
fedora4suse1nessus47debian3securityvulns6ubuntu2openvas55freebsd1osv1gentoo1oraclelinux4redhat4centos5altlinux2prion6debiancve6cve6ubuntucve6veracode6seebug3exploitpack1packetstorm1checkpoint_advisories1cert1jvn1