Test ID:	1.3.6.1.4.1.25623.1.0.51336
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2004:821
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2004:821. XFree86[1] is a freely redistributable open-source implementation of the X Window System, which is a client/server interface between display hardware and the desktop environment. Xlib is one of the main libraries of XFree86 (libX11.so.6). The following issues are being addressed in this update: - Improper handling of font files (CVE-2004-0083[2], CVE-2004-0084[4] and CVE-2004-0106[6]) Greg MacManus from iDEFENSE Labs discovered[3][5] two vulnerabilities in the way the X server deals with font files. David Dawes from the XFree86 team did some further audit and found more similar problems[6]. All these vulnerabilities allow attackers who can authenticate against the X server, or locally start it, to execute arbitrary code as root. - Multiple integer overflows in font libraries (CVE-2003-0730)[7] blexim@hush.com of isen reported[8] multiple integer overflows in the XFree86 font libraries that allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:821 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0083 BugTraq ID: 9636 http://www.securityfocus.com/bid/9636 Bugtraq: 20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow (Google Search) http://marc.info/?l=bugtraq&m=107644835523678&w=2 Bugtraq: 20040211 XFree86 vulnerability exploit (Google Search) http://marc.info/?l=bugtraq&m=107653324115914&w=2 CERT/CC vulnerability note: VU#820006 http://www.kb.cert.org/vuls/id/820006 Conectiva Linux advisory: CLA-2004:821 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821 Debian Security Information: DSA-443 (Google Search) http://www.debian.org/security/2004/dsa-443 http://marc.info/?l=bugtraq&m=110979666528890&w=2 http://security.gentoo.org/glsa/glsa-200402-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:012 http://www.idefense.com/application/poi/display?id=72 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612 http://www.redhat.com/support/errata/RHSA-2004-059.html http://www.redhat.com/support/errata/RHSA-2004-060.html http://www.redhat.com/support/errata/RHSA-2004-061.html http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1 SuSE Security Announcement: SuSE-SA:2004:006 (Google Search) http://www.novell.com/linux/security/advisories/2004_06_xf86.html XForce ISS Database: xfree86-fontalias-bo(15130) https://exchange.xforce.ibmcloud.com/vulnerabilities/15130 Common Vulnerability Exposure (CVE) ID: CVE-2004-0084 BugTraq ID: 9652 http://www.securityfocus.com/bid/9652 Bugtraq: 20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II (Google Search) http://marc.info/?l=bugtraq&m=107662833512775&w=2 CERT/CC vulnerability note: VU#667502 http://www.kb.cert.org/vuls/id/667502 http://www.idefense.com/application/poi/display?id=73 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831 XForce ISS Database: xfree86-copyisolatin1lLowered-bo(15200) https://exchange.xforce.ibmcloud.com/vulnerabilities/15200 Common Vulnerability Exposure (CVE) ID: CVE-2004-0106 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832 XForce ISS Database: xfree86-multiple-font-improper-handling(15206) https://exchange.xforce.ibmcloud.com/vulnerabilities/15206 Common Vulnerability Exposure (CVE) ID: CVE-2003-0730 BugTraq ID: 8514 http://www.securityfocus.com/bid/8514 Bugtraq: 20030830 Multiple integer overflows in XFree86 (local/remote) (Google Search) http://marc.info/?l=bugtraq&m=106229335312429&w=2 Debian Security Information: DSA-380 (Google Search) http://www.debian.org/security/2003/dsa-380 http://www.mandriva.com/security/advisories?name=MDKSA-2003:089 NETBSD Security Advisory: NetBSD-SA2003-015 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc http://www.redhat.com/support/errata/RHSA-2003-286.html http://www.redhat.com/support/errata/RHSA-2003-287.html http://www.redhat.com/support/errata/RHSA-2003-288.html http://www.redhat.com/support/errata/RHSA-2003-289.html http://secunia.com/advisories/24168 http://secunia.com/advisories/24247 SGI Security Advisory: 20031101-01-U ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1 http://www.vupen.com/english/advisories/2007/0589
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.