Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57875
Category:Gentoo Local Security Checks
Title:Gentoo Security Advisory GLSA 200608-25 (xorg-x11,xorg-server,xtrans,xload,xinit,xterm,xf86dga,xdm,libX11)
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory GLSA 200608-25.

X.org, libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm are vulnerable
to local privilege escalations because of unchecked setuid() calls.

Solution:
All X.Org xdm users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=x11-apps/xdm-1.0.4-r1'

All X.Org xinit users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=x11-apps/xinit-1.0.2-r6'

All X.Org xload users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=x11-apps/xload-1.0.1-r1'

All X.Org xf86dga users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=x11-apps/xf86dga-1.0.1-r1'

All X.Org users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=x11-base/xorg-x11-6.9.0-r2'

All X.Org X servers users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=x11-base/xorg-server-1.1.0-r1'

All X.Org X11 library users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=x11-libs/libx11-1.0.1-r1'

All X.Org xtrans library users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=x11-libs/xtrans-1.0.1-r1'

All xterm users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=x11-terms/xterm-215'

All users of the X11R6 libraries for emulation of 32bit x86 on amd64
should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose
'>=app-emulation/emul-linux-x86-xlibs-7.0-r2'

Please note that the fixed packages have been available for most
architectures since June 30th but the GLSA release was held up waiting for
the remaining architectures.

http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200608-25
http://bugs.gentoo.org/show_bug.cgi?id=135974
http://lists.freedesktop.org/archives/xorg/2006-June/016146.html

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-4447
BugTraq ID: 19742
http://www.securityfocus.com/bid/19742
BugTraq ID: 23697
http://www.securityfocus.com/bid/23697
CERT/CC vulnerability note: VU#300368
http://www.kb.cert.org/vuls/id/300368
Debian Security Information: DSA-1193 (Google Search)
http://www.debian.org/security/2006/dsa-1193
http://security.gentoo.org/glsa/glsa-200608-25.xml
http://security.gentoo.org/glsa/glsa-200704-22.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:160
http://mail.gnome.org/archives/beast/2006-December/msg00025.html
http://lists.freedesktop.org/archives/xorg/2006-June/016146.html
http://secunia.com/advisories/21650
http://secunia.com/advisories/21660
http://secunia.com/advisories/21693
http://secunia.com/advisories/22332
http://secunia.com/advisories/25032
http://secunia.com/advisories/25059
http://www.vupen.com/english/advisories/2006/3409
http://www.vupen.com/english/advisories/2007/0409
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.