English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.60692
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2008:0029
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0029.

XFree86 is an implementation of the X Window System, which provides the
core functionality for the Linux graphical desktop.

Two integer overflow flaws were found in the XFree86 server's EVI and
MIT-SHM modules. A malicious authorized client could exploit these issues
to cause a denial of service (crash), or potentially execute arbitrary code
with root privileges on the XFree86 server. (CVE-2007-6429)

A heap based buffer overflow flaw was found in the way the XFree86 server
handled malformed font files. A malicious local user could exploit this
issue to potentially execute arbitrary code with the privileges of the
XFree86 server. (CVE-2008-0006)

A memory corruption flaw was found in the XFree86 server's XInput
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash), or potentially execute arbitrary code with
root privileges on the XFree86 server. (CVE-2007-6427)

An information disclosure flaw was found in the XFree86 server's TOG-CUP
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash), or potentially view arbitrary memory content
within the XFree86 server's address space. (CVE-2007-6428)

An integer and heap overflow flaw were found in the X.org font server, xfs.
A user with the ability to connect to the font server could have been able
to cause a denial of service (crash), or potentially execute arbitrary code
with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990)

A flaw was found in the XFree86 server's XC-SECURITY extension, that could
have allowed a local user to verify the existence of an arbitrary file,
even in directories that are not normally accessible to that user.
(CVE-2007-5958)

Users of XFree86 are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0029.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : Critical

CVSS Score:
9.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-4568
1018763
http://www.securitytracker.com/id?1018763
103114
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103114-1
200642
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200642-1
20071002 Multiple Vendor X Font Server Multiple Vulnerabilities
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602
20071003 rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
http://www.securityfocus.com/archive/1/481432/100/0/threaded
25898
http://www.securityfocus.com/bid/25898
27040
http://secunia.com/advisories/27040
27052
http://secunia.com/advisories/27052
27060
http://secunia.com/advisories/27060
27168
http://secunia.com/advisories/27168
27176
http://secunia.com/advisories/27176
27228
http://secunia.com/advisories/27228
27240
http://secunia.com/advisories/27240
27560
http://secunia.com/advisories/27560
28004
http://secunia.com/advisories/28004
28536
http://secunia.com/advisories/28536
28542
http://secunia.com/advisories/28542
28891
http://secunia.com/advisories/28891
29420
http://secunia.com/advisories/29420
ADV-2007-3337
http://www.vupen.com/english/advisories/2007/3337
ADV-2007-3338
http://www.vupen.com/english/advisories/2007/3338
ADV-2007-3467
http://www.vupen.com/english/advisories/2007/3467
ADV-2008-0495
http://www.vupen.com/english/advisories/2008/0495/references
ADV-2008-0924
http://www.vupen.com/english/advisories/2008/0924/references
APPLE-SA-2008-02-11
http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html
APPLE-SA-2008-03-18
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
DSA-1385
http://www.debian.org/security/2007/dsa-1385
FEDORA-2007-4263
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html
GLSA-200710-11
http://security.gentoo.org/glsa/glsa-200710-11.xml
MDKSA-2007:210
http://www.mandriva.com/security/advisories?name=MDKSA-2007:210
RHSA-2008:0029
http://www.redhat.com/support/errata/RHSA-2008-0029.html
RHSA-2008:0030
http://www.redhat.com/support/errata/RHSA-2008-0030.html
SUSE-SA:2007:054
http://www.novell.com/linux/security/advisories/2007_54_xorg.html
TA08-043B
http://www.us-cert.gov/cas/techalerts/TA08-043B.html
[xorg-announce] 20071002 [ANNOUNCE] X.Org security advisory: multiple vulnerabilities in X font server
http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html
http://bugs.freedesktop.org/show_bug.cgi?id=12298
http://bugs.gentoo.org/show_bug.cgi?id=194606
http://docs.info.apple.com/article.html?artnum=307430
http://docs.info.apple.com/article.html?artnum=307562
https://issues.rpath.com/browse/RPL-1756
oval:org.mitre.oval:def:10882
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10882
xfs-protocol-requests-bo(36919)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36919
Common Vulnerability Exposure (CVE) ID: CVE-2007-4990
BugTraq ID: 25898
Bugtraq: 20071003 rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search)
HPdes Security Advisory: HPSBUX02303
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01323725
HPdes Security Advisory: SSRT071468
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11599
http://secunia.com/advisories/28514
SuSE Security Announcement: SUSE-SA:2007:054 (Google Search)
http://www.vupen.com/english/advisories/2008/0149
XForce ISS Database: xfs-queryxbitmaps-queryxextents-bo(36920)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36920
Common Vulnerability Exposure (CVE) ID: CVE-2007-5958
BugTraq ID: 27336
http://www.securityfocus.com/bid/27336
BugTraq ID: 27356
http://www.securityfocus.com/bid/27356
Bugtraq: 20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search)
http://www.securityfocus.com/archive/1/487335/100/0/threaded
Debian Security Information: DSA-1466 (Google Search)
http://www.debian.org/security/2008/dsa-1466
https://www.exploit-db.com/exploits/5152
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html
http://security.gentoo.org/glsa/glsa-200801-09.xml
http://security.gentoo.org/glsa/glsa-200804-05.xml
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
HPdes Security Advisory: HPSBUX02381
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
HPdes Security Advisory: SSRT080083
http://www.mandriva.com/security/advisories?name=MDVSA-2008:021
http://www.mandriva.com/security/advisories?name=MDVSA-2008:022
http://www.mandriva.com/security/advisories?name=MDVSA-2008:023
http://www.mandriva.com/security/advisories?name=MDVSA-2008:025
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html
OpenBSD Security Advisory: [4.1] 20080208 012: SECURITY FIX: February 8, 2008
http://www.openbsd.org/errata41.html#012_xorg
OpenBSD Security Advisory: [4.2] 20080208 006: SECURITY FIX: February 8, 2008
http://www.openbsd.org/errata42.html#006_xorg
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10991
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5393
http://www.redhat.com/support/errata/RHSA-2008-0031.html
http://securitytracker.com/id?1019232
http://secunia.com/advisories/28273
http://secunia.com/advisories/28532
http://secunia.com/advisories/28535
http://secunia.com/advisories/28539
http://secunia.com/advisories/28540
http://secunia.com/advisories/28543
http://secunia.com/advisories/28550
http://secunia.com/advisories/28584
http://secunia.com/advisories/28592
http://secunia.com/advisories/28616
http://secunia.com/advisories/28718
http://secunia.com/advisories/28843
http://secunia.com/advisories/28885
http://secunia.com/advisories/28997
http://secunia.com/advisories/29622
http://secunia.com/advisories/29707
http://secunia.com/advisories/30161
http://secunia.com/advisories/32545
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103205-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-230901-1
SuSE Security Announcement: SUSE-SA:2008:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html
SuSE Security Announcement: SUSE-SR:2008:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
https://usn.ubuntu.com/571-1/
http://www.vupen.com/english/advisories/2008/0179
http://www.vupen.com/english/advisories/2008/0184
http://www.vupen.com/english/advisories/2008/0497/references
http://www.vupen.com/english/advisories/2008/3000
XForce ISS Database: xorg-xsp-information-disclosure(39769)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39769
Common Vulnerability Exposure (CVE) ID: CVE-2007-6427
BugTraq ID: 27351
http://www.securityfocus.com/bid/27351
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=643
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10372
http://secunia.com/advisories/28693
http://secunia.com/advisories/28838
http://secunia.com/advisories/28941
http://secunia.com/advisories/29139
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1
SuSE Security Announcement: SUSE-SR:2008:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
http://www.vupen.com/english/advisories/2008/0703
XForce ISS Database: xorg-xinput-code-execution(39759)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39759
Common Vulnerability Exposure (CVE) ID: CVE-2007-6428
BugTraq ID: 27355
http://www.securityfocus.com/bid/27355
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=644
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11754
XForce ISS Database: xorg-togcup-information-disclosure(39761)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39761
Common Vulnerability Exposure (CVE) ID: CVE-2007-6429
BugTraq ID: 27350
http://www.securityfocus.com/bid/27350
BugTraq ID: 27353
http://www.securityfocus.com/bid/27353
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=645
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11045
XForce ISS Database: xorg-evi-bo(39763)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39763
XForce ISS Database: xorg-mitshm-overflow(39764)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39764
Common Vulnerability Exposure (CVE) ID: CVE-2008-0006
BugTraq ID: 27352
http://www.securityfocus.com/bid/27352
CERT/CC vulnerability note: VU#203220
http://www.kb.cert.org/vuls/id/203220
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html
http://jvn.jp/en/jp/JVN88935101/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:024
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10021
http://www.redhat.com/support/errata/RHSA-2008-0064.html
http://secunia.com/advisories/28500
http://secunia.com/advisories/28544
http://secunia.com/advisories/28571
http://secunia.com/advisories/28621
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1
XForce ISS Database: xorg-pcffont-bo(39767)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39767
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.