English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58696
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-1193-1)
Summary:The remote host is missing an update for the Debian 'xfree86' package(s) announced via the DSA-1193-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'xfree86' package(s) announced via the DSA-1193-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in the X Window System, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-3467

Chris Evan discovered an integer overflow in the code to handle PCF fonts, which might lead to denial of service if a malformed font is opened.

CVE-2006-3739

It was discovered that an integer overflow in the code to handle Adobe Font Metrics might lead to the execution of arbitrary code.

CVE-2006-3740

It was discovered that an integer overflow in the code to handle CMap and CIDFont font data might lead to the execution of arbitrary code.

CVE-2006-4447

The XFree86 initialization code performs insufficient checking of the return value of setuid() when dropping privileges, which might lead to local privilege escalation.

For the stable distribution (sarge) these problems have been fixed in version 4.3.0.dfsg.1-14sarge2. This release lacks builds for the Motorola 680x0 architecture, which failed due to diskspace constraints on the build host. They will be released once this problem has been resolved.

For the unstable distribution (sid) these problems have been fixed in version 1:1.2.2-1 of libxfont and version 1:1.0.2-9 of xorg-server.

We recommend that you upgrade your XFree86 packages.

Affected Software/OS:
'xfree86' package(s) on Debian 3.1.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-3467
1016522
http://securitytracker.com/id?1016522
102705
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1
2006-0052
http://www.trustix.org/errata/2006/0052/
20060701-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
20060825 rPSA-2006-0157-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
http://www.securityfocus.com/archive/1/444318/100/0/threaded
20061113 VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1
http://www.securityfocus.com/archive/1/451419/100/200/threaded
20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4
http://www.securityfocus.com/archive/1/451404/100/0/threaded
20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2
http://www.securityfocus.com/archive/1/451417/100/200/threaded
20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2
http://www.securityfocus.com/archive/1/451426/100/200/threaded
21062
http://secunia.com/advisories/21062
21135
http://secunia.com/advisories/21135
21144
http://secunia.com/advisories/21144
21232
http://secunia.com/advisories/21232
21285
http://secunia.com/advisories/21285
21566
http://secunia.com/advisories/21566
21567
http://secunia.com/advisories/21567
21606
http://secunia.com/advisories/21606
21626
http://secunia.com/advisories/21626
21701
http://secunia.com/advisories/21701
21793
http://secunia.com/advisories/21793
21798
http://secunia.com/advisories/21798
21836
http://secunia.com/advisories/21836
22027
http://secunia.com/advisories/22027
22332
http://secunia.com/advisories/22332
22875
http://secunia.com/advisories/22875
22907
http://secunia.com/advisories/22907
23400
http://secunia.com/advisories/23400
23939
http://secunia.com/advisories/23939
27271
http://secunia.com/advisories/27271
33937
http://secunia.com/advisories/33937
ADV-2006-4502
http://www.vupen.com/english/advisories/2006/4502
ADV-2006-4522
http://www.vupen.com/english/advisories/2006/4522
ADV-2007-0381
http://www.vupen.com/english/advisories/2007/0381
APPLE-SA-2009-02-12
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
DSA-1178
http://www.debian.org/security/2006/dsa-1178
DSA-1193
http://www.debian.org/security/2006/dsa-1193
GLSA-200609-04
http://security.gentoo.org/glsa/glsa-200609-04.xml
MDKSA-2006:129
http://www.mandriva.com/security/advisories?name=MDKSA-2006:129
MDKSA-2006:148
http://www.mandriva.com/security/advisories?name=MDKSA-2006:148
RHSA-2006:0500
http://www.redhat.com/support/errata/RHSA-2006-0500.html
RHSA-2006:0634
http://www.redhat.com/support/errata/RHSA-2006-0634.html
RHSA-2006:0635
http://www.redhat.com/support/errata/RHSA-2006-0635.html
SUSE-SA:2006:045
http://lists.suse.com/archive/suse-security-announce/2006-Aug/0002.html
SUSE-SR:2007:021
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
USN-324-1
http://www.ubuntu.com/usn/usn-324-1
USN-341-1
http://www.ubuntu.com/usn/usn-341-1
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593
http://support.apple.com/kb/HT3438
http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-186.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-284.htm
http://www.vmware.com/download/esx/esx-202-200610-patch.html
http://www.vmware.com/download/esx/esx-213-200610-patch.html
http://www.vmware.com/download/esx/esx-254-200610-patch.html
oval:org.mitre.oval:def:10673
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10673
Common Vulnerability Exposure (CVE) ID: CVE-2006-3739
1016828
http://securitytracker.com/id?1016828
102714
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102714-1
102780
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1
19974
http://www.securityfocus.com/bid/19974
20060912 Multiple Vendor X Server CID-keyed Fonts 'CIDAFM()' Integer Overflow Vulnerability
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=412
20060912 rPSA-2006-0167-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
http://www.securityfocus.com/archive/1/445812/100/0/threaded
20070330 VMSA-2007-0002 VMware ESX security updates
http://www.securityfocus.com/archive/1/464268/100/0/threaded
21864
http://secunia.com/advisories/21864
21889
http://secunia.com/advisories/21889
21890
http://secunia.com/advisories/21890
21894
http://secunia.com/advisories/21894
21900
http://secunia.com/advisories/21900
21904
http://secunia.com/advisories/21904
21908
http://secunia.com/advisories/21908
21924
http://secunia.com/advisories/21924
22080
http://secunia.com/advisories/22080
22141
http://secunia.com/advisories/22141
22560
http://secunia.com/advisories/22560
23033
http://secunia.com/advisories/23033
23899
http://secunia.com/advisories/23899
24636
http://secunia.com/advisories/24636
ADV-2006-3581
http://www.vupen.com/english/advisories/2006/3581
ADV-2006-3582
http://www.vupen.com/english/advisories/2006/3582
ADV-2007-0322
http://www.vupen.com/english/advisories/2007/0322
ADV-2007-1171
http://www.vupen.com/english/advisories/2007/1171
GLSA-200609-07
http://security.gentoo.org/glsa/glsa-200609-07.xml
MDKSA-2006:164
http://www.mandriva.com/security/advisories?name=MDKSA-2006:164
RHSA-2006:0665
http://www.redhat.com/support/errata/RHSA-2006-0665.html
RHSA-2006:0666
http://www.redhat.com/support/errata/RHSA-2006-0666.html
SUSE-SR:2006:023
http://www.novell.com/linux/security/advisories/2006_23_sr.html
USN-344-1
http://www.ubuntu.com/usn/usn-344-1
http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm
http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html
https://issues.rpath.com/browse/RPL-614
oval:org.mitre.oval:def:10305
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10305
xorg-server-cidafm-overflow(28899)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28899
Common Vulnerability Exposure (CVE) ID: CVE-2006-3740
20060912 Multiple Vendor X Server CID-keyed Fonts 'scan_cidfont()' Integer Overflow Vulnerability
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411
23907
http://secunia.com/advisories/23907
oval:org.mitre.oval:def:9454
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9454
xorg-server-scancidfont-overflow(28890)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28890
Common Vulnerability Exposure (CVE) ID: CVE-2006-4447
BugTraq ID: 19742
http://www.securityfocus.com/bid/19742
BugTraq ID: 23697
http://www.securityfocus.com/bid/23697
CERT/CC vulnerability note: VU#300368
http://www.kb.cert.org/vuls/id/300368
Debian Security Information: DSA-1193 (Google Search)
http://security.gentoo.org/glsa/glsa-200608-25.xml
http://security.gentoo.org/glsa/glsa-200704-22.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:160
http://mail.gnome.org/archives/beast/2006-December/msg00025.html
http://lists.freedesktop.org/archives/xorg/2006-June/016146.html
http://secunia.com/advisories/21650
http://secunia.com/advisories/21660
http://secunia.com/advisories/21693
http://secunia.com/advisories/25032
http://secunia.com/advisories/25059
http://www.vupen.com/english/advisories/2006/3409
http://www.vupen.com/english/advisories/2007/0409
CopyrightCopyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.