Lucene search
SuseSUSE-SA:2008:003HistoryJan 17, 2008 - 3:28 p.m.
remote code execution in Xorg and XFree
2008-01-1715:28:59
lists.opensuse.org
35
0.54 Medium
EPSS
Percentile
97.3%
The X windows system is vulnerable to several kind of vulner- abilities that are caused due to insufficient input validation. The bugs range from crashing the X server to executing arbitrary code with the privilges of the X server process. For a successful attack the opponent needs shell access to the vulnerable system (local) or an already established connection to the X server. Thanks to US CERT and iDefense for reporting this vulnerabilities and to the Xorg-Security folks for fixing it. The Fixes are: - CVE-2007-5760: XFree86 Misc extension out of bounds array index - CVE-2007-5958: File existence disclosure - CVE-2007-6427: Xinput extension memory corruption - CVE-2007-6428: TOG-cup extension memory corruption - CVE-2007-6429: MIT-SHM and EVI extensions integer overflows - CVE-2008-0006: PCF Font parser buffer overflow
Solution
none
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| SUSE Linux Enterprise Server | 10.1 | s390x | xorg-x11-xvfb | <Β 6.9.0-50.54.5 | xorg-x11-Xvfb-6.9.0-50.54.5.s390x.rpm |
| openSUSE | 10.3 | i586 | xorg-x11-libs | <Β 7.2-103.4 | xorg-x11-libs-7.2-103.4.i586.rpm |
| openSUSE | 10.1 | x86_64 | xorg-x11-devel | <Β 6.9.0-50.54.5 | xorg-x11-devel-6.9.0-50.54.5.x86_64.rpm |
| openSUSE | 10.2 | ppc | xorg-x11-server | <Β 7.2-30.11 | xorg-x11-server-7.2-30.11.ppc.rpm |
| openSUSE | 10.1 | ppc | xorg-x11-devel | <Β 6.9.0-50.54.5 | xorg-x11-devel-6.9.0-50.54.5.ppc.rpm |
| openSUSE | 10.1 | x86_64 | xorg-x11-xvfb | <Β 6.9.0-50.54.5 | xorg-x11-Xvfb-6.9.0-50.54.5.x86_64.rpm |
| openSUSE | 10.2 | i586 | xorg-x11-server-sdk | <Β 7.2-30.11 | xorg-x11-server-sdk-7.2-30.11.i586.rpm |
| openSUSE | 10.3 | i586 | xorg-x11-server-extra | <Β 7.2-143.9 | xorg-x11-server-extra-7.2-143.9.i586.rpm |
| openSUSE | 10.3 | i586 | xorg-x11-server | <Β 7.2-143.9 | xorg-x11-server-7.2-143.9.i586.rpm |
| openSUSE | 10.2 | x86_64 | xorg-x11-server-sdk | <Β 7.2-30.11 | xorg-x11-server-sdk-7.2-30.11.x86_64.rpm |
Related
nessus
nessus
Solaris 10 (sparc) : 125719-58 (deprecated)
2007-10-12 00:00:00
Debian DSA-1466-1 : xorg-server - several vulnerabilities
2008-01-27 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: xorg-x11-server-1.3.0.0-39.fc8
2008-01-22 15:32:21
[SECURITY] Fedora 7 Update: xorg-x11-server-1.3.0.0-15.fc7
2008-01-22 15:49:43
[SECURITY] Fedora 7 Update: libXfont-1.2.9-3.fc7
2008-01-22 15:59:35
debian
debian
[SECURITY] [DSA 1466-3] New xfree86 packages fix regression
2008-01-21 18:53:21
[SECURITY] [DSA 1466-2] New xorg-server packages fix regression
2008-01-19 13:10:16
[SECURITY] [DSA 1466-1] New xorg-server packages fix several vulnerabilities
2008-01-17 18:55:05
securityvulns
securityvulns
XFree86 / X.Org / NX multiple security vulnerabilities
2008-04-08 00:00:00
[USN-571-1] X.org vulnerabilities
2008-01-20 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200804-05 (nx, nxnode)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200804-05 (nx, nxnode)
2008-09-24 00:00:00
Debian Security Advisory DSA 1466-2 (xorg-server, libxfont, xfree86)
2008-01-31 00:00:00
ubuntu
ubuntu
X.org regression
2008-01-19 00:00:00
X.org vulnerabilities
2008-01-18 00:00:00
freebsd
freebsd
xorg -- multiple vulnerabilities
2008-01-18 00:00:00
osv
osv
libxfont xfree86 xorg-server - several vulnerabilities
2008-01-21 00:00:00
gentoo
gentoo
X.Org X server and Xfont library: Multiple vulnerabilities
2008-01-20 00:00:00
oraclelinux
oraclelinux
Important: xorg-x11-server security update
2008-01-17 00:00:00
Important: xorg-x11 security update
2008-01-17 00:00:00
Important: XFree86 security update
2008-01-18 00:00:00
redhat
redhat
(RHSA-2008:0031) Important: xorg-x11-server security update
2008-01-17 00:00:00
(RHSA-2008:0030) Important: xorg-x11 security update
2008-01-17 00:00:00
(RHSA-2008:0029) Important: XFree86 security update
2008-01-18 00:00:00
centos
centos
xorg security update
2008-01-18 23:23:09
xorg security update
2008-01-18 01:10:07
XFree86 security update
2008-01-18 15:04:04
altlinux
altlinux
debiancve
debiancve
prion
prion
Design/Logic Flaw
2008-01-18 23:00:00
Cross site request forgery (csrf)
2008-01-18 23:00:00
Design/Logic Flaw
2008-01-18 23:00:00
cve
cve
ubuntucve
ubuntucve
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:24:16
Arbitrary Code Execution
2020-04-10 00:24:16
Information Disclosure
2020-04-10 00:24:16
packetstorm
packetstorm
xorg-disclose.txt
2008-02-20 00:00:00
seebug
seebug
X.Org xorg-server <= 1.1.1-48.13 - Probe for Files Exploit PoC
2014-07-01 00:00:00
X.Org xorg-server <= 1.1.1-48.13 Probe for Files Exploit PoC
2008-02-21 00:00:00
X.Org X Server MIT-SHMεEVIζ©ε±ζ΄ζ°ζΊ’εΊζΌζ΄
2008-01-22 00:00:00
exploitpack
exploitpack
X.Org xorg-server 1.1.1-48.13 - Probe for Files (PoC)
2008-02-19 00:00:00
checkpoint_advisories
checkpoint_advisories
X.Org X Server PCF Font Parser Buffer Overflow (CVE-2008-0006)
2010-02-25 00:00:00
cert
cert
X.Org PCF font parser buffer overflow
2008-03-19 00:00:00
jvn
jvn
JVN#88935101: X.Org Foundation X server buffer overflow vulnerability
2008-06-10 00:00:00
exploitdb
exploitdb
X.Org xorg-server 1.1.1-48.13 - Probe for Files (PoC)
2008-02-19 00:00:00