ID de Prueba:	1.3.6.1.4.1.25623.1.0.51336
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2004:821
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2004:821. XFree86[1] is a freely redistributable open-source implementation of the X Window System, which is a client/server interface between display hardware and the desktop environment. Xlib is one of the main libraries of XFree86 (libX11.so.6). The following issues are being addressed in this update: - Improper handling of font files (CVE-2004-0083[2], CVE-2004-0084[4] and CVE-2004-0106[6]) Greg MacManus from iDEFENSE Labs discovered[3][5] two vulnerabilities in the way the X server deals with font files. David Dawes from the XFree86 team did some further audit and found more similar problems[6]. All these vulnerabilities allow attackers who can authenticate against the X server, or locally start it, to execute arbitrary code as root. - Multiple integer overflows in font libraries (CVE-2003-0730)[7] blexim@hush.com of isen reported[8] multiple integer overflows in the XFree86 font libraries that allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:821 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0083 BugTraq ID: 9636 http://www.securityfocus.com/bid/9636 Bugtraq: 20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow (Google Search) http://marc.info/?l=bugtraq&m=107644835523678&w=2 Bugtraq: 20040211 XFree86 vulnerability exploit (Google Search) http://marc.info/?l=bugtraq&m=107653324115914&w=2 CERT/CC vulnerability note: VU#820006 http://www.kb.cert.org/vuls/id/820006 Conectiva Linux advisory: CLA-2004:821 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821 Debian Security Information: DSA-443 (Google Search) http://www.debian.org/security/2004/dsa-443 http://marc.info/?l=bugtraq&m=110979666528890&w=2 http://security.gentoo.org/glsa/glsa-200402-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:012 http://www.idefense.com/application/poi/display?id=72 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612 http://www.redhat.com/support/errata/RHSA-2004-059.html http://www.redhat.com/support/errata/RHSA-2004-060.html http://www.redhat.com/support/errata/RHSA-2004-061.html http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1 SuSE Security Announcement: SuSE-SA:2004:006 (Google Search) http://www.novell.com/linux/security/advisories/2004_06_xf86.html XForce ISS Database: xfree86-fontalias-bo(15130) https://exchange.xforce.ibmcloud.com/vulnerabilities/15130 Common Vulnerability Exposure (CVE) ID: CVE-2004-0084 BugTraq ID: 9652 http://www.securityfocus.com/bid/9652 Bugtraq: 20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II (Google Search) http://marc.info/?l=bugtraq&m=107662833512775&w=2 CERT/CC vulnerability note: VU#667502 http://www.kb.cert.org/vuls/id/667502 http://www.idefense.com/application/poi/display?id=73 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831 XForce ISS Database: xfree86-copyisolatin1lLowered-bo(15200) https://exchange.xforce.ibmcloud.com/vulnerabilities/15200 Common Vulnerability Exposure (CVE) ID: CVE-2004-0106 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832 XForce ISS Database: xfree86-multiple-font-improper-handling(15206) https://exchange.xforce.ibmcloud.com/vulnerabilities/15206 Common Vulnerability Exposure (CVE) ID: CVE-2003-0730 BugTraq ID: 8514 http://www.securityfocus.com/bid/8514 Bugtraq: 20030830 Multiple integer overflows in XFree86 (local/remote) (Google Search) http://marc.info/?l=bugtraq&m=106229335312429&w=2 Debian Security Information: DSA-380 (Google Search) http://www.debian.org/security/2003/dsa-380 http://www.mandriva.com/security/advisories?name=MDKSA-2003:089 NETBSD Security Advisory: NetBSD-SA2003-015 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc http://www.redhat.com/support/errata/RHSA-2003-286.html http://www.redhat.com/support/errata/RHSA-2003-287.html http://www.redhat.com/support/errata/RHSA-2003-288.html http://www.redhat.com/support/errata/RHSA-2003-289.html http://secunia.com/advisories/24168 http://secunia.com/advisories/24247 SGI Security Advisory: 20031101-01-U ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1 http://www.vupen.com/english/advisories/2007/0589
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.