Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1232-2
HistoryOct 19, 2011 - 12:00 a.m.

X.Org X server regression

2011-10-1900:00:00
ubuntu.com
38

8 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.2%

JSON

Releases

  • Ubuntu 10.04

Packages

  • xorg-server - X.Org X server

Details

USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was
found on Ubuntu 10.04 LTS that affected GLX support.

This update temporarily disables the fix for CVE-2010-4818 that introduced
the regression.

We apologize for the inconvenience.

Original advisory details:

It was discovered that the X server incorrectly handled certain malformed
input. An authorized attacker could exploit this to cause the X server to
crash, leading to a denial or service, or possibly execute arbitrary code
with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10.
(CVE-2010-4818)

It was discovered that the X server incorrectly handled certain malformed
input. An authorized attacker could exploit this to cause the X server to
crash, leading to a denial or service, or possibly read arbitrary data from
the X server process. This issue only affected Ubuntu 10.04 LTS.
(CVE-2010-4819)

Vladz discovered that the X server incorrectly handled lock files. A local
attacker could use this flaw to determine if a file existed or not.
(CVE-2011-4028)

Vladz discovered that the X server incorrectly handled setting lock file
permissions. A local attacker could use this flaw to gain read permissions
on arbitrary files and view sensitive information. (CVE-2011-4029)

OSVersionArchitecturePackageVersionFilename
Ubuntu10.04noarchxserver-xorg-core< 2:1.7.6-2ubuntu7.9UNKNOWN
Ubuntu10.04noarchxdmx< 2:1.7.6-2ubuntu7.9UNKNOWN
Ubuntu10.04noarchxdmx-tools< 2:1.7.6-2ubuntu7.9UNKNOWN
Ubuntu10.04noarchxnest< 2:1.7.6-2ubuntu7.9UNKNOWN
Ubuntu10.04noarchxserver-xephyr< 2:1.7.6-2ubuntu7.9UNKNOWN
Ubuntu10.04noarchxserver-xfbdev< 2:1.7.6-2ubuntu7.9UNKNOWN
Ubuntu10.04noarchxserver-xorg-core-dbg< 2:1.7.6-2ubuntu7.9UNKNOWN
Ubuntu10.04noarchxserver-xorg-dev< 2:1.7.6-2ubuntu7.9UNKNOWN
Ubuntu10.04noarchxvfb< 2:1.7.6-2ubuntu7.9UNKNOWN

Related

securityvulns 2
openvas 40
nessus 33
ubuntu 2
centos 3
redhat 4
amazon 2
veracode 4
suse 2
gentoo 1
oraclelinux 4
freebsd 1
cve 4
ubuntucve 6
prion 4
debiancve 4
packetstorm 1
exploitpack 1
seebug 1
exploitdb 1
fedora 3
securityvulns
securityvulns
X.Org multiple security vulnerabilities
2011-10-20 00:00:00
[USN-1232-1] X.Org X server vulnerabilities
2011-10-20 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1232-3)
2011-10-21 00:00:00
Ubuntu Update for xorg-server USN-1232-2
2011-10-21 00:00:00
Ubuntu: Security Advisory (USN-1232-1)
2011-10-21 00:00:00
nessus
nessus
Ubuntu 10.04 LTS / 10.10 : xorg-server vulnerability (USN-1232-3)
2011-10-21 00:00:00
Ubuntu 10.04 LTS : xorg-server regression (USN-1232-2)
2011-10-20 00:00:00
Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : xorg-server vulnerabilities (USN-1232-1)
2011-10-19 00:00:00
ubuntu
ubuntu
X.Org X server vulnerabilities
2011-10-18 00:00:00
X.Org X server vulnerability
2011-10-20 00:00:00
centos
centos
xorg security update
2011-10-06 22:11:34
xorg security update
2011-11-09 20:44:47
xorg security update
2012-07-10 17:26:54
redhat
redhat
(RHSA-2011:1359) Moderate: xorg-x11-server security update
2011-10-06 00:00:00
(RHSA-2011:1360) Moderate: xorg-x11 security update
2011-10-06 00:00:00
(RHSA-2012:0939) Low: xorg-x11-server security and bug fix update
2012-06-20 00:00:00
amazon
amazon
Medium: xorg-x11-server
2011-10-31 18:25:00
Low: xorg-x11-server
2012-07-05 16:24:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:42:01
Denial Of Service (DoS)
2020-04-10 01:07:03
Denial Of Service (DoS)
2020-04-10 01:07:03
suse
suse
xorg-x11-server (important)
2012-02-09 19:10:34
Security update for xorg-x11-server (important)
2011-12-02 08:08:16
gentoo
gentoo
X.Org X Server: Multiple vulnerabilities
2011-10-22 00:00:00
oraclelinux
oraclelinux
xorg-x11-server security and bug fix update
2012-06-27 00:00:00
xorg-x11-server security update
2011-10-06 00:00:00
xorg-x11 security update
2011-10-06 00:00:00
freebsd
freebsd
Xorg server -- two vulnerabilities in X server lock handling code
2011-10-18 00:00:00
cve
cve
CVE-2010-4818
2012-09-05 23:55:00
CVE-2010-4819
2012-09-05 23:55:00
CVE-2011-4029
2012-07-03 19:55:00
ubuntucve
ubuntucve
CVE-2010-4818
2011-10-03 00:00:00
CVE-2010-4819
2011-10-03 00:00:00
CVE-2011-4028
2011-10-18 00:00:00
prion
prion
Design/Logic Flaw
2012-09-05 23:55:00
Design/Logic Flaw
2012-09-05 23:55:00
Design/Logic Flaw
2012-07-03 19:55:00
debiancve
debiancve
CVE-2010-4819
2012-09-05 23:55:00
CVE-2010-4818
2012-09-05 23:55:00
CVE-2011-4029
2012-07-03 19:55:00
packetstorm
packetstorm
Xorg Permission Change
2011-10-27 00:00:00
exploitpack
exploitpack
X.Org xorg 1.4 1.11.2 - File Permission Change
2011-10-28 00:00:00
seebug
seebug
Xorg 1.4 to 1.11.2 File Permission Change PoC
2014-07-01 00:00:00
exploitdb
exploitdb
X.Org xorg 1.4 &lt; 1.11.2 - File Permission Change
2011-10-28 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: nx-libs-3.5.0.29-1.fc20
2015-03-26 21:29:40
[SECURITY] Fedora 21 Update: nx-libs-3.5.0.29-1.fc21
2015-03-26 21:51:39
[SECURITY] Fedora 22 Update: nx-libs-3.5.0.29-1.fc22
2015-03-21 04:53:26

8 High

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.2%

JSON
Related for USN-1232-2
securityvulns2openvas40nessus33ubuntu2centos3redhat4amazon2veracode4suse2gentoo1oraclelinux4freebsd1cve4ubuntucve6prion4debiancve4packetstorm1exploitpack1seebug1exploitdb1fedora3