English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.120017
Categoría:Amazon Linux Local Security Checks
Título:Amazon Linux: Security Advisory (ALAS-2014-452)
Resumen:The remote host is missing an update for the 'libX11, libXcursor, libXfixes, libXi, libXrandr, libXrender, libXres, libXt, libXv, libXvMC, libXxf86dga, libXxf86vm, libdmx, xorg-x11-proto-devel' package(s) announced via the ALAS-2014-452 advisory.
Descripción:Summary:
The remote host is missing an update for the 'libX11, libXcursor, libXfixes, libXi, libXrandr, libXrender, libXres, libXt, libXv, libXvMC, libXxf86dga, libXxf86vm, libdmx, xorg-x11-proto-devel' package(s) announced via the ALAS-2014-452 advisory.

Vulnerability Insight:
Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws to potentially escalate their privileges on the system. (CVE-2013-1981, CVE-2013-1982, CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987, CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-2003, CVE-2013-2062, CVE-2013-2064)

Multiple array index errors, leading to heap-based buffer out-of-bounds write flaws, were found in the way various X11 client libraries handled data returned from an X11 server. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-1997, CVE-2013-1998, CVE-2013-1999, CVE-2013-2000, CVE-2013-2001, CVE-2013-2002, CVE-2013-2066)

A buffer overflow flaw was found in the way the XListInputDevices() function of X.Org X11's libXi runtime library handled signed numbers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-1995)

A flaw was found in the way the X.Org X11 libXt runtime library used uninitialized pointers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-2005)

Two stack-based buffer overflow flaws were found in the way libX11, the Core X11 protocol client library, processed certain user-specified files. A malicious X11 server could possibly use this flaw to crash an X11 client via a specially crafted file. (CVE-2013-2004)

Affected Software/OS:
'libX11, libXcursor, libXfixes, libXi, libXrandr, libXrender, libXres, libXt, libXv, libXvMC, libXxf86dga, libXxf86vm, libdmx, xorg-x11-proto-devel' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-1981
BugTraq ID: 60120
http://www.securityfocus.com/bid/60120
Debian Security Information: DSA-2693 (Google Search)
http://www.debian.org/security/2013/dsa-2693
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106781.html
http://www.openwall.com/lists/oss-security/2013/05/23/3
http://www.ubuntu.com/usn/USN-1854-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1982
Debian Security Information: DSA-2682 (Google Search)
http://www.debian.org/security/2013/dsa-2682
SuSE Security Announcement: openSUSE-SU-2013:1009 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00139.html
http://www.ubuntu.com/usn/USN-1857-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1983
Debian Security Information: DSA-2676 (Google Search)
http://www.debian.org/security/2013/dsa-2676
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106794.html
SuSE Security Announcement: openSUSE-SU-2013:1014 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00144.html
http://www.ubuntu.com/usn/USN-1858-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1984
Debian Security Information: DSA-2683 (Google Search)
http://www.debian.org/security/2013/dsa-2683
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106913.html
SuSE Security Announcement: openSUSE-SU-2013:1033 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00161.html
http://www.ubuntu.com/usn/USN-1859-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1985
Debian Security Information: DSA-2691 (Google Search)
http://www.debian.org/security/2013/dsa-2691
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106845.html
SuSE Security Announcement: openSUSE-SU-2013:1026 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00154.html
http://www.ubuntu.com/usn/USN-1860-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1986
Debian Security Information: DSA-2684 (Google Search)
http://www.debian.org/security/2013/dsa-2684
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106857.html
SuSE Security Announcement: openSUSE-SU-2013:1028 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00156.html
http://www.ubuntu.com/usn/USN-1862-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1987
BugTraq ID: 60132
http://www.securityfocus.com/bid/60132
Debian Security Information: DSA-2677 (Google Search)
http://www.debian.org/security/2013/dsa-2677
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106862.html
SuSE Security Announcement: openSUSE-SU-2013:1011 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00141.html
http://www.ubuntu.com/usn/USN-1863-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1988
Debian Security Information: DSA-2688 (Google Search)
http://www.debian.org/security/2013/dsa-2688
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106880.html
SuSE Security Announcement: openSUSE-SU-2013:1027 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00155.html
http://www.ubuntu.com/usn/USN-1864-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1989
Debian Security Information: DSA-2674 (Google Search)
http://www.debian.org/security/2013/dsa-2674
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106889.html
SuSE Security Announcement: openSUSE-SU-2013:1010 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00140.html
http://www.ubuntu.com/usn/USN-1867-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1990
Debian Security Information: DSA-2675 (Google Search)
http://www.debian.org/security/2013/dsa-2675
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106766.html
SuSE Security Announcement: openSUSE-SU-2013:1025 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00153.html
http://www.ubuntu.com/usn/USN-1868-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1991
Debian Security Information: DSA-2690 (Google Search)
http://www.debian.org/security/2013/dsa-2690
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106870.html
http://www.ubuntu.com/usn/USN-1869-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1995
BugTraq ID: 60124
http://www.securityfocus.com/bid/60124
Common Vulnerability Exposure (CVE) ID: CVE-2013-1997
Common Vulnerability Exposure (CVE) ID: CVE-2013-1998
BugTraq ID: 60127
http://www.securityfocus.com/bid/60127
Common Vulnerability Exposure (CVE) ID: CVE-2013-1999
Common Vulnerability Exposure (CVE) ID: CVE-2013-2000
Common Vulnerability Exposure (CVE) ID: CVE-2013-2001
Debian Security Information: DSA-2692 (Google Search)
http://www.debian.org/security/2013/dsa-2692
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106872.html
SuSE Security Announcement: openSUSE-SU-2013:1041 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00165.html
http://www.ubuntu.com/usn/USN-1870-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2002
BugTraq ID: 60137
http://www.securityfocus.com/bid/60137
Debian Security Information: DSA-2680 (Google Search)
http://www.debian.org/security/2013/dsa-2680
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106785.html
SuSE Security Announcement: openSUSE-SU-2013:1008 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00138.html
http://www.ubuntu.com/usn/USN-1865-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2003
BugTraq ID: 60121
http://www.securityfocus.com/bid/60121
Debian Security Information: DSA-2681 (Google Search)
http://www.debian.org/security/2013/dsa-2681
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106791.html
http://www.ubuntu.com/usn/USN-1856-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2004
Common Vulnerability Exposure (CVE) ID: CVE-2013-2005
BugTraq ID: 60133
http://www.securityfocus.com/bid/60133
Common Vulnerability Exposure (CVE) ID: CVE-2013-2062
Debian Security Information: DSA-2685 (Google Search)
http://www.debian.org/security/2013/dsa-2685
SuSE Security Announcement: openSUSE-SU-2013:1046 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00170.html
http://www.ubuntu.com/usn/USN-1861-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2064
BugTraq ID: 60148
http://www.securityfocus.com/bid/60148
Debian Security Information: DSA-2686 (Google Search)
http://www.debian.org/security/2013/dsa-2686
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106752.html
SuSE Security Announcement: openSUSE-SU-2013:1007 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-06/msg00137.html
http://www.ubuntu.com/usn/USN-1855-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2066
CopyrightCopyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.