Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-571-2
HistoryJan 19, 2008 - 12:00 a.m.

X.org regression

2008-01-1900:00:00
ubuntu.com
54

7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.459 Medium

EPSS

Percentile

97.4%

JSON

Releases

  • Ubuntu 7.10
  • Ubuntu 7.04
  • Ubuntu 6.10
  • Ubuntu 6.06

Packages

  • xorg-server -

Details

USN-571-1 fixed vulnerabilities in X.org. The upstream fixes were
incomplete, and under certain situations, applications using the MIT-SHM
extension (e.g. Java, wxWidgets) would crash with BadAlloc X errors.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple overflows were discovered in the XFree86-Misc, XInput-Misc,
TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate
function arguments. An authenticated attacker could send specially
crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427,
CVE-2007-6428, CVE-2007-6429)

It was discovered that the X.org server did not use user privileges when
attempting to open security policy files. Local attackers could exploit
this to probe for files in directories they would not normally be able
to access. (CVE-2007-5958)

It was discovered that the PCF font handling code did not correctly
validate the size of fonts. An authenticated attacker could load a
specially crafted font and gain additional privileges. (CVE-2008-0006)

OSVersionArchitecturePackageVersionFilename
Ubuntu7.10noarchxserver-xorg-core<Β 2:1.3.0.0.dfsg-12ubuntu8.3UNKNOWN
Ubuntu7.10noarchxdmx<Β 2:1.3.0.0.dfsg-12ubuntu8.3UNKNOWN
Ubuntu7.10noarchxdmx-tools<Β 2:1.3.0.0.dfsg-12ubuntu8.3UNKNOWN
Ubuntu7.10noarchxnest<Β 2:1.3.0.0.dfsg-12ubuntu8.3UNKNOWN
Ubuntu7.10noarchxprint<Β 2:1.3.0.0.dfsg-12ubuntu8.3UNKNOWN
Ubuntu7.10noarchxserver-xephyr<Β 2:1.3.0.0.dfsg-12ubuntu8.3UNKNOWN
Ubuntu7.10noarchxserver-xorg-core-dbg<Β 2:1.3.0.0.dfsg-12ubuntu8.3UNKNOWN
Ubuntu7.10noarchxserver-xorg-dev<Β 2:1.3.0.0.dfsg-12ubuntu8.3UNKNOWN
Ubuntu7.10noarchxvfb<Β 2:1.3.0.0.dfsg-12ubuntu8.3UNKNOWN
Ubuntu7.04noarchxserver-xorg-core<Β 2:1.2.0-3ubuntu8.3UNKNOWN
Rows per page:
1-10 of 291

Related

suse 1
fedora 4
nessus 48
debian 3
securityvulns 6
openvas 44
osv 1
gentoo 1
ubuntu 1
freebsd 1
oraclelinux 4
centos 5
redhat 4
altlinux 2
ubuntucve 6
cve 6
debiancve 6
prion 6
veracode 6
packetstorm 1
seebug 3
exploitpack 1
checkpoint_advisories 1
cert 1
jvn 1
exploitdb 1
suse
suse
remote code execution in Xorg and XFree
2008-01-17 15:28:59
fedora
fedora
[SECURITY] Fedora 7 Update: xorg-x11-server-1.3.0.0-15.fc7
2008-01-22 15:49:43
[SECURITY] Fedora 8 Update: xorg-x11-server-1.3.0.0-39.fc8
2008-01-22 15:32:21
[SECURITY] Fedora 7 Update: libXfont-1.2.9-3.fc7
2008-01-22 15:59:35
nessus
nessus
Solaris 10 (sparc) : 125719-58 (deprecated)
2007-10-12 00:00:00
Debian DSA-1466-1 : xorg-server - several vulnerabilities
2008-01-27 00:00:00
FreeBSD : xorg -- multiple vulnerabilities (fe2b6597-c9a4-11dc-8da8-0008a18a9961)
2008-01-27 00:00:00
debian
debian
[SECURITY] [DSA 1466-3] New xfree86 packages fix regression
2008-01-21 18:53:21
[SECURITY] [DSA 1466-2] New xorg-server packages fix regression
2008-01-19 13:10:16
[SECURITY] [DSA 1466-1] New xorg-server packages fix several vulnerabilities
2008-01-17 18:55:05
securityvulns
securityvulns
XFree86 / X.Org / NX multiple security vulnerabilities
2008-04-08 00:00:00
[USN-571-1] X.org vulnerabilities
2008-01-20 00:00:00
iDefense Security Advisory 01.17.08: Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability
2008-01-20 00:00:00
openvas
openvas
FreeBSD Ports: xorg-server
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200801-09 (xorg-server libXfont)
2008-09-24 00:00:00
Fedora Update for xorg-x11-server FEDORA-2008-0760
2009-02-17 00:00:00
osv
osv
libxfont xfree86 xorg-server - several vulnerabilities
2008-01-21 00:00:00
gentoo
gentoo
X.Org X server and Xfont library: Multiple vulnerabilities
2008-01-20 00:00:00
ubuntu
ubuntu
X.org vulnerabilities
2008-01-18 00:00:00
freebsd
freebsd
xorg -- multiple vulnerabilities
2008-01-18 00:00:00
oraclelinux
oraclelinux
Important: xorg-x11-server security update
2008-01-17 00:00:00
Important: XFree86 security update
2008-01-18 00:00:00
Important: xorg-x11 security update
2008-01-17 00:00:00
centos
centos
xorg security update
2008-01-18 23:23:09
xorg security update
2008-01-18 01:10:07
XFree86 security update
2008-01-18 15:04:04
redhat
redhat
(RHSA-2008:0031) Important: xorg-x11-server security update
2008-01-17 00:00:00
(RHSA-2008:0030) Important: xorg-x11 security update
2008-01-17 00:00:00
(RHSA-2008:0029) Important: XFree86 security update
2008-01-18 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package xorg-server version 2:1.4.0.90-alt5
2008-01-17 00:00:00
Security fix for the ALT Linux 10 package xorg-server version 2:1.4.0.90-alt6
2008-01-18 00:00:00
ubuntucve
ubuntucve
CVE-2007-5760
2008-01-18 00:00:00
CVE-2007-6428
2008-01-18 00:00:00
CVE-2007-5958
2008-01-18 00:00:00
cve
cve
CVE-2007-5760
2008-01-18 23:00:00
CVE-2007-6428
2008-01-18 23:00:00
CVE-2007-5958
2008-01-18 23:00:00
debiancve
debiancve
CVE-2007-5760
2008-01-18 23:00:00
CVE-2007-5958
2008-01-18 23:00:00
CVE-2007-6428
2008-01-18 23:00:00
prion
prion
Design/Logic Flaw
2008-01-18 23:00:00
Cross site request forgery (csrf)
2008-01-18 23:00:00
Design/Logic Flaw
2008-01-18 23:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:24:16
Information Disclosure
2020-04-10 00:24:16
Arbitrary Code Execution
2020-04-10 00:24:16
packetstorm
packetstorm
xorg-disclose.txt
2008-02-20 00:00:00
seebug
seebug
X.Org xorg-server <= 1.1.1-48.13 - Probe for Files Exploit PoC
2014-07-01 00:00:00
X.Org xorg-server &lt;= 1.1.1-48.13 Probe for Files Exploit PoC
2008-02-21 00:00:00
X.Org X Server MIT-SHM及EVIζ‰©ε±•ζ•΄ζ•°ζΊ’ε‡ΊζΌζ΄ž
2008-01-22 00:00:00
exploitpack
exploitpack
X.Org xorg-server 1.1.1-48.13 - Probe for Files (PoC)
2008-02-19 00:00:00
checkpoint_advisories
checkpoint_advisories
X.Org X Server PCF Font Parser Buffer Overflow (CVE-2008-0006)
2010-02-25 00:00:00
cert
cert
X.Org PCF font parser buffer overflow
2008-03-19 00:00:00
jvn
jvn
JVN#88935101: X.Org Foundation X server buffer overflow vulnerability
2008-06-10 00:00:00
exploitdb
exploitdb
X.Org xorg-server 1.1.1-48.13 - Probe for Files (PoC)
2008-02-19 00:00:00

7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.459 Medium

EPSS

Percentile

97.4%

JSON
Related for USN-571-2
suse1fedora4nessus48debian3securityvulns6openvas44osv1gentoo1ubuntu1freebsd1oraclelinux4centos5redhat4altlinux2ubuntucve6cve6debiancve6prion6veracode6packetstorm1seebug3exploitpack1checkpoint_advisories1cert1jvn1exploitdb1