Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2003:289

The remote host is missing updates announced in
advisory RHSA-2003:289.

XFree86 is an implementation of the X Window System providing the core
graphical user interface and video drivers. XDM is the X display manager.

Multiple integer overflows in the transfer and enumeration of font
libraries in XFree86 allow local or remote attackers to cause a denial of
service or execute arbitrary code via heap-based and stack-based buffer
overflow attacks. The Common Vulnerabilities and Exposures project
( has assigned the name CVE-2003-0730 to this issue.

The risk to users from this vulnerability is limited because only clients
can be affected by these bugs, however in some (non-default)
configurations, both xfs and the X Server can act as clients
to remote font servers.

XDM does not verify whether the pam_setcred function call succeeds, which
may allow attackers to gain root privileges by triggering error conditions
within PAM modules, as demonstrated in certain configurations of the
pam_krb5 module. The Common Vulnerabilities and Exposures project
( has assigned the name CVE-2003-0690 to this issue.

Users are advised to upgrade to these updated XFree86 4.1.0 packages, which
contain backported security patches and are not vulnerable to these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2003-0690
Bugtraq: 20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities (Google Search)
Conectiva Linux advisory: CLA-2003:747
Debian Security Information: DSA-388 (Google Search)
Debian Security Information: DSA-443 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2003-0730
BugTraq ID: 8514
Bugtraq: 20030830 Multiple integer overflows in XFree86 (local/remote) (Google Search)
Conectiva Linux advisory: CLA-2004:821
Debian Security Information: DSA-380 (Google Search)
NETBSD Security Advisory: NetBSD-SA2003-015
SGI Security Advisory: 20031101-01-U
CopyrightCopyright (c) 2005 E-Soft Inc.

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.