ID de Prueba:	1.3.6.1.4.1.25623.1.0.51081
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:060
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:060. XFree86 is an implementation of the X Window System, providing the core graphical user interface and video drivers. iDefense discovered two buffer overflows in the parsing of the 'font.alias' file. A local attacker could exploit this vulnerability by creating a carefully-crafted file and gaining root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0083 and CVE-2004-0084 to these issues. Additionally David Dawes discovered additional flaws in reading font files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0106 to these issues. All users of XFree86 are advised to upgrade to these erratum packages, which contain a backported fix and are not vulnerable to these issues. Red Hat would like to thank David Dawes from XFree86 for the patches and notification of these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-060.html http://www.idefense.com/application/poi/display?id=72 http://www.idefense.com/application/poi/display?id=73 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0083 BugTraq ID: 9636 http://www.securityfocus.com/bid/9636 Bugtraq: 20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow (Google Search) http://marc.info/?l=bugtraq&m=107644835523678&w=2 Bugtraq: 20040211 XFree86 vulnerability exploit (Google Search) http://marc.info/?l=bugtraq&m=107653324115914&w=2 CERT/CC vulnerability note: VU#820006 http://www.kb.cert.org/vuls/id/820006 Conectiva Linux advisory: CLA-2004:821 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821 Debian Security Information: DSA-443 (Google Search) http://www.debian.org/security/2004/dsa-443 http://marc.info/?l=bugtraq&m=110979666528890&w=2 http://security.gentoo.org/glsa/glsa-200402-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:012 http://www.idefense.com/application/poi/display?id=72 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612 http://www.redhat.com/support/errata/RHSA-2004-059.html http://www.redhat.com/support/errata/RHSA-2004-060.html http://www.redhat.com/support/errata/RHSA-2004-061.html http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1 SuSE Security Announcement: SuSE-SA:2004:006 (Google Search) http://www.novell.com/linux/security/advisories/2004_06_xf86.html XForce ISS Database: xfree86-fontalias-bo(15130) https://exchange.xforce.ibmcloud.com/vulnerabilities/15130 Common Vulnerability Exposure (CVE) ID: CVE-2004-0084 BugTraq ID: 9652 http://www.securityfocus.com/bid/9652 Bugtraq: 20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II (Google Search) http://marc.info/?l=bugtraq&m=107662833512775&w=2 CERT/CC vulnerability note: VU#667502 http://www.kb.cert.org/vuls/id/667502 http://www.idefense.com/application/poi/display?id=73 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831 XForce ISS Database: xfree86-copyisolatin1lLowered-bo(15200) https://exchange.xforce.ibmcloud.com/vulnerabilities/15200 Common Vulnerability Exposure (CVE) ID: CVE-2004-0106 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832 XForce ISS Database: xfree86-multiple-font-improper-handling(15206) https://exchange.xforce.ibmcloud.com/vulnerabilities/15206
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.