Lucene search
SuseSUSE-SA:2005:056HistorySep 26, 2005 - 1:04 p.m.
remote command execution in XFree86-server,xorg-x11-server
2005-09-2613:04:19
lists.opensuse.org
11
0.025 Low
EPSS
Percentile
88.9%
The X server memory can be accessed my a malicious X client by exploiting a missing range check in the function XCreatePixmap(). This bug can probably be used to execute arbitrary code with the privileges of the X server (root).
Solution
There is no work-around known.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 9.0 | i586 | xfree86-server | < 4.3.0.1-60 | XFree86-server-4.3.0.1-60.i586.rpm |
| openSUSE | 9.0 | x86_64 | xfree86-server | < 4.3.0.1-60 | XFree86-server-4.3.0.1-60.x86_64.rpm |
| openSUSE | 9.2 | x86_64 | xorg-x11-server | < 6.8.1-15.9 | xorg-x11-server-6.8.1-15.9.x86_64.rpm |
| openSUSE | 9.1 | x86_64 | xfree86-server | < 4.3.99.902-43.50.3 | XFree86-server-4.3.99.902-43.50.3.x86_64.rpm |
| openSUSE | 9.2 | i586 | xorg-x11-server | < 6.8.1-15.9 | xorg-x11-server-6.8.1-15.9.i586.rpm |
| openSUSE | 9.1 | i586 | xfree86-server | < 4.3.99.902-43.50.3 | XFree86-server-4.3.99.902-43.50.3.i586.rpm |
| openSUSE | 9.3 | i586 | xorg-x11-server | < 6.8.2-30.4 | xorg-x11-server-6.8.2-30.4.i586.rpm |
| openSUSE | 9.3 | x86_64 | xorg-x11-server | < 6.8.2-30.4 | xorg-x11-server-6.8.2-30.4.x86_64.rpm |
Related
redhat
redhat
(RHSA-2005:396) xorg-x11 security update
2005-09-13 00:00:00
(RHSA-2005:501) XFree86 security update
2005-09-15 00:00:00
(RHSA-2005:329) XFree86 security update
2005-09-12 00:00:00
nessus
nessus
RHEL 2.1 : XFree86 (RHSA-2005:329)
2005-09-13 00:00:00
CentOS 3 : XFree86 (CESA-2005:501)
2006-07-03 00:00:00
Fedora Core 4 : xorg-x11-6.8.2-37.FC4.48.1 (2005-894)
2005-09-17 00:00:00
ubuntu
ubuntu
X server vulnerability
2005-09-12 00:00:00
centos
centos
XFree86 security update
2005-09-13 23:21:44
xorg security update
2005-09-13 18:53:55
XFree86 security update
2005-09-15 10:48:27
openvas
openvas
FreeBSD Ports: XFree86-Server
2008-09-04 00:00:00
SLES9: Security update for XFree86-server
2009-10-10 00:00:00
Gentoo Security Advisory GLSA 200509-07 (X.Org)
2008-09-24 00:00:00
gentoo
gentoo
X.Org: Heap overflow in pixmap allocation
2005-09-12 00:00:00
securityvulns
securityvulns
[Full-disclosure] [USN-182-1] X server vulnerability
2005-09-12 00:00:00
cert
cert
Multiple X servers fail to properly allocate memory for large pixmaps
2005-09-13 00:00:00
cve
cve
CVE-2005-2495
2005-09-15 20:03:00
freebsd
freebsd
X11 server -- pixmap allocation vulnerability
2005-09-12 00:00:00
slackware
slackware
X.Org pixmap overflow
2005-09-26 10:43:04
ubuntucve
ubuntucve
CVE-2005-2495
2005-09-15 00:00:00
debian
debian
[SECURITY] [DSA 816-1] New XFree86 packages fix arbitrary code execution
2005-09-22 08:57:47
[SECURITY] [DSA 816-1] New XFree86 packages fix arbitrary code execution
2005-09-22 08:57:47
osv
osv
xfree86 - integer overflow
2005-09-19 00:00:00