FreeBSD Local Security Checks : FreeBSD Ports: xorg-server

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56449

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: xorg-server

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: xorg-server

CVE-2006-0745
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0
inadvertently treats the address of the geteuid function as if it is
the return value of a call to geteuid, which allows local users to
bypass intended restrictions and (1) execute arbitrary code via the

- modulepath command line option or (2) overwrite arbitrary files via

- logfile.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-0745
BugTraq ID: 17169
http://www.securityfocus.com/bid/17169
Bugtraq: 20060320 Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 (Google Search)
http://www.securityfocus.com/archive/1/428230/100/0/threaded
Bugtraq: 20060320 [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 (Google Search)
http://www.securityfocus.com/archive/1/428183/100/0/threaded
http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:056
http://www.osvdb.org/24000
http://www.osvdb.org/24001
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697
http://securitytracker.com/id?1015793
http://secunia.com/advisories/19256
http://secunia.com/advisories/19307
http://secunia.com/advisories/19311
http://secunia.com/advisories/19316
http://secunia.com/advisories/19676
http://securityreason.com/securityalert/606
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1
SuSE Security Announcement: SUSE-SA:2006:016 (Google Search)
http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html
http://www.vupen.com/english/advisories/2006/1017
http://www.vupen.com/english/advisories/2006/1028
XForce ISS Database: xorg-geteuid-privilege-escalation(25341)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25341

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56449
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: xorg-server
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: xorg-server CVE-2006-0745 X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the - modulepath command line option or (2) overwrite arbitrary files via - logfile. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0745 BugTraq ID: 17169 http://www.securityfocus.com/bid/17169 Bugtraq: 20060320 Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 (Google Search) http://www.securityfocus.com/archive/1/428230/100/0/threaded Bugtraq: 20060320 [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 (Google Search) http://www.securityfocus.com/archive/1/428183/100/0/threaded http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00026.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:056 http://www.osvdb.org/24000 http://www.osvdb.org/24001 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1697 http://securitytracker.com/id?1015793 http://secunia.com/advisories/19256 http://secunia.com/advisories/19307 http://secunia.com/advisories/19311 http://secunia.com/advisories/19316 http://secunia.com/advisories/19676 http://securityreason.com/securityalert/606 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102252-1 SuSE Security Announcement: SUSE-SA:2006:016 (Google Search) http://www.novell.com/linux/security/advisories/2006_16_xorgx11server.html http://www.vupen.com/english/advisories/2006/1017 http://www.vupen.com/english/advisories/2006/1028 XForce ISS Database: xorg-geteuid-privilege-escalation(25341) https://exchange.xforce.ibmcloud.com/vulnerabilities/25341
Copyright	Copyright (C) 2008 E-Soft Inc.