Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.57875 |
Category: | Gentoo Local Security Checks |
Title: | Gentoo Security Advisory GLSA 200608-25 (xorg-x11,xorg-server,xtrans,xload,xinit,xterm,xf86dga,xdm,libX11) |
Summary: | NOSUMMARY |
Description: | Description: The remote host is missing updates announced in advisory GLSA 200608-25. X.org, libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm are vulnerable to local privilege escalations because of unchecked setuid() calls. Solution: All X.Org xdm users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-apps/xdm-1.0.4-r1' All X.Org xinit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-apps/xinit-1.0.2-r6' All X.Org xload users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-apps/xload-1.0.1-r1' All X.Org xf86dga users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-apps/xf86dga-1.0.1-r1' All X.Org users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-base/xorg-x11-6.9.0-r2' All X.Org X servers users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-base/xorg-server-1.1.0-r1' All X.Org X11 library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-libs/libx11-1.0.1-r1' All X.Org xtrans library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-libs/xtrans-1.0.1-r1' All xterm users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=x11-terms/xterm-215' All users of the X11R6 libraries for emulation of 32bit x86 on amd64 should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-emulation/emul-linux-x86-xlibs-7.0-r2' Please note that the fixed packages have been available for most architectures since June 30th but the GLSA release was held up waiting for the remaining architectures. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200608-25 http://bugs.gentoo.org/show_bug.cgi?id=135974 http://lists.freedesktop.org/archives/xorg/2006-June/016146.html CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2006-4447 BugTraq ID: 19742 http://www.securityfocus.com/bid/19742 BugTraq ID: 23697 http://www.securityfocus.com/bid/23697 CERT/CC vulnerability note: VU#300368 http://www.kb.cert.org/vuls/id/300368 Debian Security Information: DSA-1193 (Google Search) http://www.debian.org/security/2006/dsa-1193 http://security.gentoo.org/glsa/glsa-200608-25.xml http://security.gentoo.org/glsa/glsa-200704-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:160 http://mail.gnome.org/archives/beast/2006-December/msg00025.html http://lists.freedesktop.org/archives/xorg/2006-June/016146.html http://secunia.com/advisories/21650 http://secunia.com/advisories/21660 http://secunia.com/advisories/21693 http://secunia.com/advisories/22332 http://secunia.com/advisories/25032 http://secunia.com/advisories/25059 http://www.vupen.com/english/advisories/2006/3409 http://www.vupen.com/english/advisories/2007/0409 |
Copyright | Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |