Lucene search
Copyright (C) 2008 E-Soft Inc.OPENVAS:136141256231053704HistoryJan 17, 2008 - 12:00 a.m.
Debian Security Advisory DSA 561-1 (xfree86)
2008-01-1700:00:00
Copyright (C) 2008 E-Soft Inc.
plugins.openvas.org
2
6.4 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.348 Low
EPSS
Percentile
97.1%
The remote host is missing an update to xfree86
announced via advisory DSA 561-1.
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.53704");
script_version("2023-07-19T05:05:15+0000");
script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
script_tag(name:"creation_date", value:"2008-01-17 22:45:44 +0100 (Thu, 17 Jan 2008)");
script_cve_id("CVE-2004-0687", "CVE-2004-0688");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Debian Security Advisory DSA 561-1 (xfree86)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB3\.0");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20561-1");
script_tag(name:"insight", value:"Chris Evans discovered several stack and integer overflows in the
libXpm library which is provided by X.Org, XFree86 and LessTif.
For the stable distribution (woody) this problem has been fixed in
version 4.1.0-16woody4.
For the unstable distribution (sid) this problem has been fixed in
version 4.3.0.dfsg.1-8.");
script_tag(name:"solution", value:"We recommend that you upgrade your libxpm packages.");
script_tag(name:"summary", value:"The remote host is missing an update to xfree86
announced via advisory DSA 561-1.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
res = "";
report = "";
if((res = isdpkgvuln(pkg:"x-window-system", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-100dpi-transcoded", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-100dpi", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-75dpi-transcoded", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-75dpi", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-base-transcoded", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-base", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-cyrillic", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-pex", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-scalable", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfree86-common", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlib6g-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlib6g", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xspecs", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"lbxproxy", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libdps-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libdps1", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libdps1-dbg", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libxaw6", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libxaw6-dbg", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libxaw6-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libxaw7", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libxaw7-dbg", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libxaw7-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"proxymngr", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"twm", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"x-window-system-core", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xbase-clients", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xdm", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfs", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfwp", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibmesa-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibmesa3", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibmesa3-dbg", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibosmesa-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibosmesa3", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibosmesa3-dbg", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibs", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibs-dbg", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibs-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibs-pic", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xmh", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xnest", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xprt", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xserver-common", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xserver-xfree86", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xterm", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xutils", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xvfb", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
Related
openvas
openvas
xpm -- image decoding vulnerabilities
2008-09-04 00:00:00
Debian Security Advisory DSA 561-1 (xfree86)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200409-34 (X)
2008-09-24 00:00:00
osv
osv
xfree86 - integer and stack overflows
2004-10-11 00:00:00
lesstif1-1 - integer and stack overflows
2004-10-07 00:00:00
nessus
nessus
freebsd
freebsd
xpm -- image decoding vulnerabilities
2004-09-15 00:00:00
linux_base -- vulnerabilities in Red Hat 7.1 libraries
2004-09-27 00:00:00
ubuntu
ubuntu
libxpm4 vulnerability
2004-11-18 00:00:00
cert
cert
libXpm library contains multiple integer overflow vulnerabilities
2004-09-30 00:00:00
libXpm image library vulnerable to buffer overflow
2004-09-30 00:00:00
gentoo
gentoo
X.org, XFree86: Integer and stack overflows in libXpm
2004-09-27 00:00:00
LessTif: Integer and stack overflows in libXpm
2004-10-09 00:00:00
OpenMotif: Multiple vulnerabilities in libXpm
2005-02-07 00:00:00
debian
debian
[SECURITY] [DSA 560-1] New lesstif packages fix several vulnerabilities
2004-10-07 13:32:27
[SECURITY] [DSA 561-1] New libxpm packages fix several vulnerabilities
2004-10-11 07:42:09
[SECURITY] [DSA 560-1] New lesstif packages fix several vulnerabilities
2004-10-07 13:32:27
redhat
redhat
(RHSA-2004:479) XFree86 security update
2004-10-06 00:00:00
(RHSA-2005:004) lesstif security update
2005-01-12 00:00:00
(RHSA-2004:537) openmotif security update
2004-12-02 00:00:00
ubuntucve
ubuntucve
cve
cve
debiancve
debiancve
CVE-2004-0783
2004-10-20 04:00:00
CVE-2004-0782
2004-10-20 04:00:00
packetstorm
packetstorm
Solaris 10 dtprintinfo / libXm / libXpm Security Issues
2023-01-20 00:00:00
zdt
zdt
Solaris 10 dtprintinfo / libXm / libXpm Security Issues Vulnerability
2023-01-22 00:00:00
securityvulns
securityvulns
suse
suse
remote command execution in XFree86-libs, xshared
2004-09-17 13:37:17
6.4 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.348 Low
EPSS
Percentile
97.1%
Related for OPENVAS:136141256231053704