Fedora Update for xorg-x11-server FEDORA-2010-14754
2010-12-02T00:00:00
ID OPENVAS:862620 Type openvas Reporter Copyright (c) 2010 Greenbone Networks GmbH Modified 2017-12-25T00:00:00
Description
Check for the Version of xorg-x11-server
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for xorg-x11-server FEDORA-2010-14754
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_affected = "xorg-x11-server on Fedora 14";
tag_insight = "X.Org X11 X server";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048214.html");
script_id(862620);
script_version("$Revision: 8243 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $");
script_tag(name:"creation_date", value:"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)");
script_tag(name:"cvss_base", value:"4.6");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_xref(name: "FEDORA", value: "2010-14754");
script_cve_id("CVE-2009-1573");
script_name("Fedora Update for xorg-x11-server FEDORA-2010-14754");
script_tag(name: "summary" , value: "Check for the Version of xorg-x11-server");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "FC14")
{
if ((res = isrpmvuln(pkg:"xorg-x11-server", rpm:"xorg-x11-server~1.9.0~9.fc14", rls:"FC14")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:862620", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for xorg-x11-server FEDORA-2010-14754", "description": "Check for the Version of xorg-x11-server", "published": "2010-12-02T00:00:00", "modified": "2017-12-25T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=862620", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["2010-14754", "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048214.html"], "cvelist": ["CVE-2009-1573"], "lastseen": "2018-01-02T10:54:52", "viewCount": 0, "enchantments": {"score": {"value": 6.3, "vector": "NONE", "modified": "2018-01-02T10:54:52", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-1573"]}, {"type": "openvas", "idList": ["OPENVAS:840432", "OPENVAS:1361412562310840432", "OPENVAS:1361412562310862620"]}, {"type": "nessus", "idList": ["UBUNTU_USN-939-1.NASL", "FEDORA_2010-14754.NASL"]}, {"type": "ubuntu", "idList": ["USN-939-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23899"]}], "modified": "2018-01-02T10:54:52", "rev": 2}, "vulnersScore": 6.3}, "pluginID": "862620", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xorg-x11-server FEDORA-2010-14754\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xorg-x11-server on Fedora 14\";\ntag_insight = \"X.Org X11 X server\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048214.html\");\n script_id(862620);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-14754\");\n script_cve_id(\"CVE-2009-1573\");\n script_name(\"Fedora Update for xorg-x11-server FEDORA-2010-14754\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xorg-x11-server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~1.9.0~9.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "naslFamily": "Fedora Local Security Checks"}
{"cve": [{"lastseen": "2020-10-03T11:54:13", "description": "xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.", "edition": 3, "cvss3": {}, "published": "2009-05-06T17:30:00", "title": "CVE-2009-1573", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1573"], "modified": "2017-08-17T01:30:00", "cpe": ["cpe:/a:branden_robinson:xvfb-run:1.6.1", "cpe:/o:ubuntu:linux:*", "cpe:/o:debian:debian_linux:*", "cpe:/o:redhat:fedora:10"], "id": "CVE-2009-1573", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1573", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*", "cpe:2.3:a:branden_robinson:xvfb-run:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:ubuntu:linux:*:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:fedora:10:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-26T11:06:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1573"], "description": "Check for the Version of xorg-x11-server", "modified": "2018-01-25T00:00:00", "published": "2010-12-02T00:00:00", "id": "OPENVAS:1361412562310862620", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862620", "type": "openvas", "title": "Fedora Update for xorg-x11-server FEDORA-2010-14754", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xorg-x11-server FEDORA-2010-14754\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xorg-x11-server on Fedora 14\";\ntag_insight = \"X.Org X11 X server\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048214.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862620\");\n script_version(\"$Revision: 8528 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 08:57:36 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-14754\");\n script_cve_id(\"CVE-2009-1573\");\n script_name(\"Fedora Update for xorg-x11-server FEDORA-2010-14754\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xorg-x11-server\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~1.9.0~9.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:04:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1166", "CVE-2009-1573"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-939-1", "modified": "2018-01-09T00:00:00", "published": "2010-05-28T00:00:00", "id": "OPENVAS:1361412562310840432", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840432", "type": "openvas", "title": "Ubuntu Update for xorg-server vulnerabilities USN-939-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_939_1.nasl 8338 2018-01-09 08:00:38Z teissa $\n#\n# Ubuntu Update for xorg-server vulnerabilities USN-939-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Loïc Minier discovered that xvfb-run did not correctly keep the\n X.org session cookie private. A local attacker could gain access\n to any local sessions started by xvfb-run. Ubuntu 9.10 was not\n affected. (CVE-2009-1573)\n\n It was discovered that the X.org server did not correctly handle\n certain calculations. A remote attacker could exploit this to\n crash the X.org session or possibly run arbitrary code with root\n privileges. (CVE-2010-1166)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-939-1\";\ntag_affected = \"xorg-server vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-939-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840432\");\n script_version(\"$Revision: 8338 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 09:00:38 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"939-1\");\n script_cve_id(\"CVE-2009-1573\", \"CVE-2010-1166\");\n script_name(\"Ubuntu Update for xorg-server vulnerabilities USN-939-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xnest\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xephyr\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core-dbg\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-dev\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xvfb\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xdmx-tools\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xdmx\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xfbdev\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-common\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xnest\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core-dbg\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-dev\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xvfb\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xdmx-tools\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xdmx\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xephyr\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xfbdev\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-common\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xnest\", ver:\"1.4.1~git20080131-1ubuntu9.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xephyr\", ver:\"1.4.1~git20080131-1ubuntu9.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core-dbg\", ver:\"1.4.1~git20080131-1ubuntu9.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core\", ver:\"1.4.1~git20080131-1ubuntu9.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-dev\", ver:\"1.4.1~git20080131-1ubuntu9.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xvfb\", ver:\"1.4.1~git20080131-1ubuntu9.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:18:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1166", "CVE-2009-1573"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-939-1", "modified": "2017-12-01T00:00:00", "published": "2010-05-28T00:00:00", "id": "OPENVAS:840432", "href": "http://plugins.openvas.org/nasl.php?oid=840432", "type": "openvas", "title": "Ubuntu Update for xorg-server vulnerabilities USN-939-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_939_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for xorg-server vulnerabilities USN-939-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Loïc Minier discovered that xvfb-run did not correctly keep the\n X.org session cookie private. A local attacker could gain access\n to any local sessions started by xvfb-run. Ubuntu 9.10 was not\n affected. (CVE-2009-1573)\n\n It was discovered that the X.org server did not correctly handle\n certain calculations. A remote attacker could exploit this to\n crash the X.org session or possibly run arbitrary code with root\n privileges. (CVE-2010-1166)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-939-1\";\ntag_affected = \"xorg-server vulnerabilities on Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-939-1/\");\n script_id(840432);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-28 10:00:59 +0200 (Fri, 28 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"939-1\");\n script_cve_id(\"CVE-2009-1573\", \"CVE-2010-1166\");\n script_name(\"Ubuntu Update for xorg-server vulnerabilities USN-939-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xnest\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xephyr\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core-dbg\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-dev\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xvfb\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xdmx-tools\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xdmx\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xfbdev\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-common\", ver:\"1.6.4-2ubuntu4.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xnest\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core-dbg\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-dev\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xvfb\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xdmx-tools\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xdmx\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xephyr\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xfbdev\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-common\", ver:\"1.6.0-0ubuntu14.2\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"xnest\", ver:\"1.4.1~git20080131-1ubuntu9.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xephyr\", ver:\"1.4.1~git20080131-1ubuntu9.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core-dbg\", ver:\"1.4.1~git20080131-1ubuntu9.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-core\", ver:\"1.4.1~git20080131-1ubuntu9.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xserver-xorg-dev\", ver:\"1.4.1~git20080131-1ubuntu9.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"xvfb\", ver:\"1.4.1~git20080131-1ubuntu9.3\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-12T10:08:02", "description": " - Refuse to believe tiny (or negative) sizes from PanelID.\n (#632805)\n\n - Call mktemp correctly (#632879)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-09-24T00:00:00", "title": "Fedora 14 : xorg-x11-server-1.9.0-9.fc14 (2010-14754)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1573"], "modified": "2010-09-24T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:xorg-x11-server"], "id": "FEDORA_2010-14754.NASL", "href": "https://www.tenable.com/plugins/nessus/49664", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-14754.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49664);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1573\");\n script_bugtraq_id(34828);\n script_xref(name:\"FEDORA\", value:\"2010-14754\");\n\n script_name(english:\"Fedora 14 : xorg-x11-server-1.9.0-9.fc14 (2010-14754)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Refuse to believe tiny (or negative) sizes from PanelID.\n (#632805)\n\n - Call mktemp correctly (#632879)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=499234\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/048214.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6816b597\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xorg-x11-server package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xorg-x11-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"xorg-x11-server-1.9.0-9.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xorg-x11-server\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:57:30", "description": "Loic Minier discovered that xvfb-run did not correctly keep the X.org\nsession cookie private. A local attacker could gain access to any\nlocal sessions started by xvfb-run. Ubuntu 9.10 was not affected.\n(CVE-2009-1573)\n\nIt was discovered that the X.org server did not correctly handle\ncertain calculations. A remote attacker could exploit this to crash\nthe X.org session or possibly run arbitrary code with root privileges.\n(CVE-2010-1166).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-05-19T00:00:00", "title": "Ubuntu 8.04 LTS / 9.04 / 9.10 : xorg-server vulnerabilities (USN-939-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1166", "CVE-2009-1573"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:xserver-xephyr", "p-cpe:/a:canonical:ubuntu_linux:xserver-xfbdev", "p-cpe:/a:canonical:ubuntu_linux:xdmx-tools", "p-cpe:/a:canonical:ubuntu_linux:xnest", "p-cpe:/a:canonical:ubuntu_linux:xserver-common", "p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core-dbg", "p-cpe:/a:canonical:ubuntu_linux:xvfb", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-dev", "p-cpe:/a:canonical:ubuntu_linux:xdmx", "p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core", "cpe:/o:canonical:ubuntu_linux:9.04"], "id": "UBUNTU_USN-939-1.NASL", "href": "https://www.tenable.com/plugins/nessus/46672", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-939-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46672);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2009-1573\", \"CVE-2010-1166\");\n script_bugtraq_id(34828, 39758);\n script_xref(name:\"USN\", value:\"939-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 9.04 / 9.10 : xorg-server vulnerabilities (USN-939-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Loic Minier discovered that xvfb-run did not correctly keep the X.org\nsession cookie private. A local attacker could gain access to any\nlocal sessions started by xvfb-run. Ubuntu 9.10 was not affected.\n(CVE-2009-1573)\n\nIt was discovered that the X.org server did not correctly handle\ncertain calculations. A remote attacker could exploit this to crash\nthe X.org session or possibly run arbitrary code with root privileges.\n(CVE-2010-1166).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/939-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xdmx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xdmx-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xnest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xserver-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xserver-xephyr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xserver-xfbdev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xvfb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xnest\", pkgver:\"1.4.1~git20080131-1ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xserver-xephyr\", pkgver:\"1.4.1~git20080131-1ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xserver-xorg-core\", pkgver:\"2:1.4.1~git20080131-1ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xserver-xorg-core-dbg\", pkgver:\"1.4.1~git20080131-1ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xserver-xorg-dev\", pkgver:\"1.4.1~git20080131-1ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"xvfb\", pkgver:\"2:1.4.1~git20080131-1ubuntu9.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xdmx\", pkgver:\"1.6.0-0ubuntu14.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xdmx-tools\", pkgver:\"1.6.0-0ubuntu14.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xnest\", pkgver:\"1.6.0-0ubuntu14.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xserver-common\", pkgver:\"1.6.0-0ubuntu14.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xserver-xephyr\", pkgver:\"1.6.0-0ubuntu14.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xserver-xfbdev\", pkgver:\"1.6.0-0ubuntu14.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xserver-xorg-core\", pkgver:\"2:1.6.0-0ubuntu14.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xserver-xorg-core-dbg\", pkgver:\"1.6.0-0ubuntu14.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xserver-xorg-dev\", pkgver:\"1.6.0-0ubuntu14.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"xvfb\", pkgver:\"2:1.6.0-0ubuntu14.2\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xdmx\", pkgver:\"1.6.4-2ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xdmx-tools\", pkgver:\"1.6.4-2ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xnest\", pkgver:\"1.6.4-2ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xserver-common\", pkgver:\"1.6.4-2ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xserver-xephyr\", pkgver:\"1.6.4-2ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xserver-xfbdev\", pkgver:\"1.6.4-2ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xserver-xorg-core\", pkgver:\"2:1.6.4-2ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xserver-xorg-core-dbg\", pkgver:\"1.6.4-2ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xserver-xorg-dev\", pkgver:\"1.6.4-2ubuntu4.3\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"xvfb\", pkgver:\"1.6.4-2ubuntu4.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xdmx / xdmx-tools / xnest / xserver-common / xserver-xephyr / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1573"], "description": "X.Org X11 X server ", "modified": "2010-09-23T12:53:51", "published": "2010-09-23T12:53:51", "id": "FEDORA:E2004111124", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: xorg-x11-server-1.9.0-9.fc14", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:27:07", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1166", "CVE-2009-1573"], "description": "Lo\u00efc Minier discovered that xvfb-run did not correctly keep the \nX.org session cookie private. A local attacker could gain access \nto any local sessions started by xvfb-run. Ubuntu 9.10 was not \naffected. (CVE-2009-1573)\n\nIt was discovered that the X.org server did not correctly handle \ncertain calculations. A remote attacker could exploit this to \ncrash the X.org session or possibly run arbitrary code with root \nprivileges. (CVE-2010-1166)", "edition": 5, "modified": "2010-05-18T00:00:00", "published": "2010-05-18T00:00:00", "id": "USN-939-1", "href": "https://ubuntu.com/security/notices/USN-939-1", "title": "X.org vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "cvelist": ["CVE-2010-1166", "CVE-2009-1573"], "description": "===========================================================\r\nUbuntu Security Notice USN-939-1 May 18, 2010\r\nxorg-server vulnerabilities\r\nCVE-2009-1573, CVE-2010-1166\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 8.04 LTS\r\nUbuntu 9.04\r\nUbuntu 9.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 8.04 LTS:\r\n xserver-xorg-core 2:1.4.1~git20080131-1ubuntu9.3\r\n xvfb 2:1.4.1~git20080131-1ubuntu9.3\r\n\r\nUbuntu 9.04:\r\n xserver-xorg-core 2:1.6.0-0ubuntu14.2\r\n xvfb 2:1.6.0-0ubuntu14.2\r\n\r\nUbuntu 9.10:\r\n xserver-xorg-core 2:1.6.4-2ubuntu4.3\r\n\r\nAfter a standard system update you need to restart your session to make\r\nall the necessary changes.\r\n\r\nDetails follow:\r\n\r\nLoïc Minier discovered that xvfb-run did not correctly keep the\r\nX.org session cookie private. A local attacker could gain access\r\nto any local sessions started by xvfb-run. Ubuntu 9.10 was not\r\naffected. (CVE-2009-1573)\r\n\r\nIt was discovered that the X.org server did not correctly handle\r\ncertain calculations. A remote attacker could exploit this to\r\ncrash the X.org session or possibly run arbitrary code with root\r\nprivileges. (CVE-2010-1166)\r\n\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.4.1~git20080131-1ubuntu9.3.diff.gz\r\n Size/MD5: 734709 a8c74577a700f9f8040665f46c23e6d8\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.4.1~git20080131-1ubuntu9.3.dsc\r\n Size/MD5: 2602 7718d9ad31ee3b8b5be752f742d3e3d1\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.4.1~git20080131.orig.tar.gz\r\n Size/MD5: 8351532 37e6ba2cfa89e0018b35e0d0746ee00f\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.4.1~git20080131-1ubuntu9.3_amd64.deb\r\n Size/MD5: 1884058 654ebf3f7eccc027389f45584b9d6e5c\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xephyr_1.4.1~git20080131-1ubuntu9.3_amd64.deb\r\n Size/MD5: 2041248 a40aa9395c1cba47191a378766665a4f\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core-dbg_1.4.1~git20080131-1ubuntu9.3_amd64.deb\r\n Size/MD5: 13005506 afb591260e8ca2e56c7dfb91279b71eb\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.4.1~git20080131-1ubuntu9.3_amd64.deb\r\n Size/MD5: 4424128 d526f656d3f04b55ad1ab54250d550b1\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.4.1~git20080131-1ubuntu9.3_amd64.deb\r\n Size/MD5: 695144 b3f461bca57e8a9151ea229d092635ee\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.4.1~git20080131-1ubuntu9.3_amd64.deb\r\n Size/MD5: 1997448 f21104c631089ea56d0998e7fad7f584\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.4.1~git20080131-1ubuntu9.3_i386.deb\r\n Size/MD5: 1771800 9ddc215f29ddcaa231e606e9b6c7a66b\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xephyr_1.4.1~git20080131-1ubuntu9.3_i386.deb\r\n Size/MD5: 1921396 1731b1cc355611a81331e11df3678936\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core-dbg_1.4.1~git20080131-1ubuntu9.3_i386.deb\r\n Size/MD5: 12666256 ef0bde87e20dd2f26069afe5de06b035\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.4.1~git20080131-1ubuntu9.3_i386.deb\r\n Size/MD5: 4097872 e107062bfc89f0f3e37cc9780aeb2a56\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.4.1~git20080131-1ubuntu9.3_i386.deb\r\n Size/MD5: 705218 1860b3138480bb46780c2286e4afc1bd\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.4.1~git20080131-1ubuntu9.3_i386.deb\r\n Size/MD5: 1883870 cf956c52cdd02230ae8744ec3b361c3a\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xnest_1.4.1~git20080131-1ubuntu9.3_lpia.deb\r\n Size/MD5: 1751398 fa6e480b0442fd18847243671bd91af5\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xephyr_1.4.1~git20080131-1ubuntu9.3_lpia.deb\r\n Size/MD5: 1900694 313cea193b79a01c2b9592256575c590\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-core-dbg_1.4.1~git20080131-1ubuntu9.3_lpia.deb\r\n Size/MD5: 12689680 c13d0579462e5b5670ce844f431e495a\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-core_1.4.1~git20080131-1ubuntu9.3_lpia.deb\r\n Size/MD5: 4062862 0c093940678bbbad41bdbcb18ab3d011\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-dev_1.4.1~git20080131-1ubuntu9.3_lpia.deb\r\n Size/MD5: 695136 db246451517711afe8b7f771c29db5f8\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xvfb_1.4.1~git20080131-1ubuntu9.3_lpia.deb\r\n Size/MD5: 1863406 cda78b5ae08ebfbbebfddeb743c29f00\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xnest_1.4.1~git20080131-1ubuntu9.3_powerpc.deb\r\n Size/MD5: 1851038 874ca0d405ac9132c4c300fd580c2d5b\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xephyr_1.4.1~git20080131-1ubuntu9.3_powerpc.deb\r\n Size/MD5: 2001730 91455b231910049fd5fcf6ca8d33a850\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-core-dbg_1.4.1~git20080131-1ubuntu9.3_powerpc.deb\r\n Size/MD5: 13274040 9368fc62c7f0cc50e48cb9674560f17a\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-core_1.4.1~git20080131-1ubuntu9.3_powerpc.deb\r\n Size/MD5: 4516374 f0127ac6feb505cb40a05611831d4cbc\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-dev_1.4.1~git20080131-1ubuntu9.3_powerpc.deb\r\n Size/MD5: 695168 3971b6932f08e2daa66ec1454a5aea1a\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xvfb_1.4.1~git20080131-1ubuntu9.3_powerpc.deb\r\n Size/MD5: 1962906 1a2018a2149bb89ddc69dbe047ab2d25\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xnest_1.4.1~git20080131-1ubuntu9.3_sparc.deb\r\n Size/MD5: 1771286 22fba626b71d09e44214dd449866011f\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xephyr_1.4.1~git20080131-1ubuntu9.3_sparc.deb\r\n Size/MD5: 1913674 3b35db9506426ebfb71414e056e22473\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-core-dbg_1.4.1~git20080131-1ubuntu9.3_sparc.deb\r\n Size/MD5: 12637974 4ac05220c08d1f4e54d5be1deda91822\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-core_1.4.1~git20080131-1ubuntu9.3_sparc.deb\r\n Size/MD5: 4166220 dcf95738f59cd93daf1f6ddb4b14ad94\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-dev_1.4.1~git20080131-1ubuntu9.3_sparc.deb\r\n Size/MD5: 695508 c862e70557e5c2fdb8263b70b33184f2\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xvfb_1.4.1~git20080131-1ubuntu9.3_sparc.deb\r\n Size/MD5: 1877366 5a4711a34425170d91990f4d509a36b7\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.6.0-0ubuntu14.2.diff.gz\r\n Size/MD5: 115208 69e04a09b467bb3d3cd9e314ba26993b\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.6.0-0ubuntu14.2.dsc\r\n Size/MD5: 3152 0b861bd6318e201022295571b849b6b7\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.6.0.orig.tar.gz\r\n Size/MD5: 6265827 83f9610a5902c6582777fc5265cfff54\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-common_1.6.0-0ubuntu14.2_all.deb\r\n Size/MD5: 69822 760f1e8ad68c983e5bce6a77469218f0\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.6.0-0ubuntu14.2_amd64.deb\r\n Size/MD5: 1463746 c5c87ee3207a717af4402ac29dfc2e34\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core-dbg_1.6.0-0ubuntu14.2_amd64.deb\r\n Size/MD5: 6496594 cc74270f9b08a1fdb0a6e8c92f2fa73f\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.6.0-0ubuntu14.2_amd64.deb\r\n Size/MD5: 2320642 94992370c5cfb6e751ec6503483ca2ad\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.6.0-0ubuntu14.2_amd64.deb\r\n Size/MD5: 992248 a536a41e647c354f5627888082b9645b\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.6.0-0ubuntu14.2_amd64.deb\r\n Size/MD5: 1574640 f06f179f2829d8ac07b6a765da49d461\r\n http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.6.0-0ubuntu14.2_amd64.deb\r\n Size/MD5: 824416 29ae211f2bdb462b2f99e0dd10b3bba2\r\n http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.6.0-0ubuntu14.2_amd64.deb\r\n Size/MD5: 1553310 f569a2555a6bae4f12aa0b50412c092b\r\n http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xserver-xephyr_1.6.0-0ubuntu14.2_amd64.deb\r\n Size/MD5: 1663240 e27bc29894d5c1bad787486b1b5185ba\r\n http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xserver-xfbdev_1.6.0-0ubuntu14.2_amd64.deb\r\n Size/MD5: 1606374 dce7a64ff4ac30f9736a1926eb277516\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.6.0-0ubuntu14.2_i386.deb\r\n Size/MD5: 1402014 fd05a910f5e81e8ba1411ef4c14ede5f\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core-dbg_1.6.0-0ubuntu14.2_i386.deb\r\n Size/MD5: 6271534 0d6f56ed1933b615fcb9127ccd3b0ad3\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.6.0-0ubuntu14.2_i386.deb\r\n Size/MD5: 2178506 dc2b51882390ff74a7f7b2c02a4e0527\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.6.0-0ubuntu14.2_i386.deb\r\n Size/MD5: 992248 4b2d27f92e32a52b297f585b73ff5b2b\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.6.0-0ubuntu14.2_i386.deb\r\n Size/MD5: 1511502 3c49c255d06dea46d5cb56370a924367\r\n http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.6.0-0ubuntu14.2_i386.deb\r\n Size/MD5: 810690 b2c6ee29bcb261c0f934c14706849fd0\r\n http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.6.0-0ubuntu14.2_i386.deb\r\n Size/MD5: 1493936 1b8f72305ef14bed8496f82460589d8f\r\n http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xserver-xephyr_1.6.0-0ubuntu14.2_i386.deb\r\n Size/MD5: 1588124 25c8a5c62454000441ae24f53f230ce9\r\n http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xserver-xfbdev_1.6.0-0ubuntu14.2_i386.deb\r\n Size/MD5: 1536610 589406ea77e55d31a1df039ab2dec540\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xnest_1.6.0-0ubuntu14.2_lpia.deb\r\n Size/MD5: 1389084 1b9aa6dc848ba6b26d1ea270b2cdeea2\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-core-dbg_1.6.0-0ubuntu14.2_lpia.deb\r\n Size/MD5: 6310796 d2a34fde6ea32cf85da324a3110dd6a2\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-core_1.6.0-0ubuntu14.2_lpia.deb\r\n Size/MD5: 2165378 ff99fb03803a8255ec960299684a1ca1\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-dev_1.6.0-0ubuntu14.2_lpia.deb\r\n Size/MD5: 992264 ac2081ce2c24524b03b21b0a30f1dc3e\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xvfb_1.6.0-0ubuntu14.2_lpia.deb\r\n Size/MD5: 1500002 e6baf7cacce646892164c1bf9773a520\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xdmx-tools_1.6.0-0ubuntu14.2_lpia.deb\r\n Size/MD5: 810284 e7895f6267af2f48c1098a6af066bca4\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xdmx_1.6.0-0ubuntu14.2_lpia.deb\r\n Size/MD5: 1490582 48c15275c1663cd3e78074a6e93d9dbc\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xserver-xephyr_1.6.0-0ubuntu14.2_lpia.deb\r\n Size/MD5: 1575448 ee3af0e234cb4844d5f9d56023608e0b\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xserver-xfbdev_1.6.0-0ubuntu14.2_lpia.deb\r\n Size/MD5: 1524950 a2e3fbf8e303a5f5b52b2d2654d50aa3\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xnest_1.6.0-0ubuntu14.2_powerpc.deb\r\n Size/MD5: 1448218 c339df83e6c3133cec29a7b8783625a9\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-core-dbg_1.6.0-0ubuntu14.2_powerpc.deb\r\n Size/MD5: 6550196 8f83d30765afac5420def5b3f2e7d46f\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-core_1.6.0-0ubuntu14.2_powerpc.deb\r\n Size/MD5: 2317058 630f25d9a243ad431159d72fe16cdfd8\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-dev_1.6.0-0ubuntu14.2_powerpc.deb\r\n Size/MD5: 992328 b10a7dea06937c32a700b8c657d209cd\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xvfb_1.6.0-0ubuntu14.2_powerpc.deb\r\n Size/MD5: 1557894 37bae02c2d03a1d53aa5233f818928b3\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xdmx-tools_1.6.0-0ubuntu14.2_powerpc.deb\r\n Size/MD5: 833308 7f8aa2931159dcae6f91ed200a13d673\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xdmx_1.6.0-0ubuntu14.2_powerpc.deb\r\n Size/MD5: 1540960 6e4bb7b459e4514ec8d8fcc2d06fe598\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xserver-xephyr_1.6.0-0ubuntu14.2_powerpc.deb\r\n Size/MD5: 1639676 3b8652e744fe05109c424a08ac220472\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xserver-xfbdev_1.6.0-0ubuntu14.2_powerpc.deb\r\n Size/MD5: 1585520 f96d81e595a55d8b21f2a7b26b19f48d\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xnest_1.6.0-0ubuntu14.2_sparc.deb\r\n Size/MD5: 1385718 93e50f53e2d470da13d3f154e10f50cc\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-core-dbg_1.6.0-0ubuntu14.2_sparc.deb\r\n Size/MD5: 6197352 5a818034d5c75657626cdecf5c2c6180\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-core_1.6.0-0ubuntu14.2_sparc.deb\r\n Size/MD5: 2153064 196cef1384cc76ec6690aa8c3529ca3b\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-dev_1.6.0-0ubuntu14.2_sparc.deb\r\n Size/MD5: 992616 5bca05fb62299a9d5ce2a3519f95f10d\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xvfb_1.6.0-0ubuntu14.2_sparc.deb\r\n Size/MD5: 1488264 df00bbc202218d0299908d42aa63cf20\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xdmx-tools_1.6.0-0ubuntu14.2_sparc.deb\r\n Size/MD5: 813120 814cf2749e28fae6d33ba95ee40ffe21\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xdmx_1.6.0-0ubuntu14.2_sparc.deb\r\n Size/MD5: 1469358 a5842815a7722bf24df9fae551efc4db\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xserver-xephyr_1.6.0-0ubuntu14.2_sparc.deb\r\n Size/MD5: 1564228 758fb70b5fd52e64448685c3305449f1\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xserver-xfbdev_1.6.0-0ubuntu14.2_sparc.deb\r\n Size/MD5: 1511720 a69b024848b6bab7c36f364a21838f56\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.6.4-2ubuntu4.3.diff.gz\r\n Size/MD5: 128245 ce0c5053213718efaba6a8a9fd624b94\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.6.4-2ubuntu4.3.dsc\r\n Size/MD5: 3109 ca00d7721282ae3c67478c44cd53adb9\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.6.4.orig.tar.gz\r\n Size/MD5: 6173072 b03a1c9712eb316c9d6811f944f0743a\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-common_1.6.4-2ubuntu4.3_all.deb\r\n Size/MD5: 75092 d20abc1f90ae9ba2b77c789184263f23\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.6.4-2ubuntu4.3_amd64.deb\r\n Size/MD5: 1491672 4ce86e408667e08e508abcc6608a1fe3\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xephyr_1.6.4-2ubuntu4.3_amd64.deb\r\n Size/MD5: 1696044 aa915244716aaae6e39d45f284aedcc2\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core-dbg_1.6.4-2ubuntu4.3_amd64.deb\r\n Size/MD5: 6470518 b7526a1aa804ca9a356da71d4e3e4a23\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.6.4-2ubuntu4.3_amd64.deb\r\n Size/MD5: 2357472 60614301ce678fd26b50292912fc2d1a\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.6.4-2ubuntu4.3_amd64.deb\r\n Size/MD5: 1016384 1bfd58a051c775c71752efab6e509cf6\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.6.4-2ubuntu4.3_amd64.deb\r\n Size/MD5: 1605856 4297f4f094533fdb21ad83424b4913be\r\n http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.6.4-2ubuntu4.3_amd64.deb\r\n Size/MD5: 848588 dda88501fd512d3eb16ad1b84b863e00\r\n http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.6.4-2ubuntu4.3_amd64.deb\r\n Size/MD5: 1585798 da2019dc152733812e9bdfb66c35bedf\r\n http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xserver-xfbdev_1.6.4-2ubuntu4.3_amd64.deb\r\n Size/MD5: 1635974 02985a60c09aed16e1d3e183efe8d82b\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.6.4-2ubuntu4.3_i386.deb\r\n Size/MD5: 1437204 7560ba166336198927a199129b863ae9\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xephyr_1.6.4-2ubuntu4.3_i386.deb\r\n Size/MD5: 1627448 1b04db4974223f9f9b379ddd55df5c90\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core-dbg_1.6.4-2ubuntu4.3_i386.deb\r\n Size/MD5: 6384770 3aba1f7ed77d671db7151d4def75d8ee\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.6.4-2ubuntu4.3_i386.deb\r\n Size/MD5: 2215062 27c1696d1ccac16361b9609cb1d1d253\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.6.4-2ubuntu4.3_i386.deb\r\n Size/MD5: 1016450 c87842ddb517db93079acf296ff0bec5\r\n http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.6.4-2ubuntu4.3_i386.deb\r\n Size/MD5: 1549934 27c40ee55f4110d33dd17108c80e9e38\r\n http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.6.4-2ubuntu4.3_i386.deb\r\n Size/MD5: 835350 caef6f7b0197520a3d86212c84aae2f0\r\n http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.6.4-2ubuntu4.3_i386.deb\r\n Size/MD5: 1530154 c44245cf43278a8b7f57ecf77ea4e064\r\n http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xserver-xfbdev_1.6.4-2ubuntu4.3_i386.deb\r\n Size/MD5: 1574330 60a2381b76381d2d4b0014903df26a6d\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xnest_1.6.4-2ubuntu4.3_lpia.deb\r\n Size/MD5: 1425262 a22d3779cc171d6986d87cc3e9bd3f62\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xephyr_1.6.4-2ubuntu4.3_lpia.deb\r\n Size/MD5: 1616822 93cc7a028d03d70a8a4a6fb586026213\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-core-dbg_1.6.4-2ubuntu4.3_lpia.deb\r\n Size/MD5: 6418688 2911be3efc13823844e1086982a5ec20\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-core_1.6.4-2ubuntu4.3_lpia.deb\r\n Size/MD5: 2200082 a1829ee4acf991b8634b0e67371d625a\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-dev_1.6.4-2ubuntu4.3_lpia.deb\r\n Size/MD5: 1016394 6b312ad58c62e7a45506c630fcc5290b\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xvfb_1.6.4-2ubuntu4.3_lpia.deb\r\n Size/MD5: 1538676 1b69bc0851769f2db8c17c8889f90bce\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xdmx-tools_1.6.4-2ubuntu4.3_lpia.deb\r\n Size/MD5: 835220 0ca9bc627fd51714c11d225f13b0b496\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xdmx_1.6.4-2ubuntu4.3_lpia.deb\r\n Size/MD5: 1529200 fd5fd3cbbc273703094f51ecc0bee21b\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xserver-xfbdev_1.6.4-2ubuntu4.3_lpia.deb\r\n Size/MD5: 1563328 4923ae3d290f0569cc33c672ab976280\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xnest_1.6.4-2ubuntu4.3_powerpc.deb\r\n Size/MD5: 1465160 ae78bdf3bd865c3d9e7d7bee28e7eab9\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xephyr_1.6.4-2ubuntu4.3_powerpc.deb\r\n Size/MD5: 1662854 0892e3850a6e7c9882c106c15f9c913f\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-core-dbg_1.6.4-2ubuntu4.3_powerpc.deb\r\n Size/MD5: 6638026 c03bf07b725c73cf03712095c38ad928\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-core_1.6.4-2ubuntu4.3_powerpc.deb\r\n Size/MD5: 2295024 7b7b20dcc14b7e974eb3561941d88400\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-dev_1.6.4-2ubuntu4.3_powerpc.deb\r\n Size/MD5: 1016502 09646a033fa77960f44eadc8e51a9148\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xvfb_1.6.4-2ubuntu4.3_powerpc.deb\r\n Size/MD5: 1580340 3ee007d1ea567229a12eb502266f9982\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xdmx-tools_1.6.4-2ubuntu4.3_powerpc.deb\r\n Size/MD5: 844678 cb1865184ae02f17a5c3e4bfd777ee8f\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xdmx_1.6.4-2ubuntu4.3_powerpc.deb\r\n Size/MD5: 1567674 8804c4961eb15a96ee4f4338df6ebd5b\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xserver-xfbdev_1.6.4-2ubuntu4.3_powerpc.deb\r\n Size/MD5: 1607274 c5600153044004d0cbd402a4c1d4f81a\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xnest_1.6.4-2ubuntu4.3_sparc.deb\r\n Size/MD5: 1408310 f189ad0f858484365550978cc2c86a9a\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xephyr_1.6.4-2ubuntu4.3_sparc.deb\r\n Size/MD5: 1591620 5b9ca55b813f198b56af7219b4b6da58\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-core-dbg_1.6.4-2ubuntu4.3_sparc.deb\r\n Size/MD5: 6323176 38ffd676c894c39994a6925fd794006f\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-core_1.6.4-2ubuntu4.3_sparc.deb\r\n Size/MD5: 2182776 c813ff168ce7d661c2623c86307f52f9\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xserver-xorg-dev_1.6.4-2ubuntu4.3_sparc.deb\r\n Size/MD5: 1016798 44c81fbc50eafac03c7114f2db5f033c\r\n http://ports.ubuntu.com/pool/main/x/xorg-server/xvfb_1.6.4-2ubuntu4.3_sparc.deb\r\n Size/MD5: 1516712 1bb12e448345de2296f8e4ab2f85db28\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xdmx-tools_1.6.4-2ubuntu4.3_sparc.deb\r\n Size/MD5: 837762 9008801ac28bfa55bafc4ff077ed1de5\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xdmx_1.6.4-2ubuntu4.3_sparc.deb\r\n Size/MD5: 1500734 a23879d63c4a922e00b88c9e7154a6e6\r\n http://ports.ubuntu.com/pool/universe/x/xorg-server/xserver-xfbdev_1.6.4-2ubuntu4.3_sparc.deb\r\n Size/MD5: 1540062 9f4ba329373dea57f9fb77b9a5b86f4e\r\n", "edition": 1, "modified": "2010-05-21T00:00:00", "published": "2010-05-21T00:00:00", "id": "SECURITYVULNS:DOC:23899", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23899", "title": "[Suspected Spam][USN-939-1] X.org vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}