Test ID:	1.3.6.1.4.1.25623.1.0.58724
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2007:210 (xfs)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to xfs announced via advisory MDKSA-2007:210. Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow. (CVE-2007-4568) The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. (CVE-2007-4990) Updated package fixes these issues. Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:210 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4568 1018763 http://www.securitytracker.com/id?1018763 103114 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103114-1 200642 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200642-1 20071002 Multiple Vendor X Font Server Multiple Vulnerabilities http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602 20071003 rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs http://www.securityfocus.com/archive/1/481432/100/0/threaded 25898 http://www.securityfocus.com/bid/25898 27040 http://secunia.com/advisories/27040 27052 http://secunia.com/advisories/27052 27060 http://secunia.com/advisories/27060 27168 http://secunia.com/advisories/27168 27176 http://secunia.com/advisories/27176 27228 http://secunia.com/advisories/27228 27240 http://secunia.com/advisories/27240 27560 http://secunia.com/advisories/27560 28004 http://secunia.com/advisories/28004 28536 http://secunia.com/advisories/28536 28542 http://secunia.com/advisories/28542 28891 http://secunia.com/advisories/28891 29420 http://secunia.com/advisories/29420 ADV-2007-3337 http://www.vupen.com/english/advisories/2007/3337 ADV-2007-3338 http://www.vupen.com/english/advisories/2007/3338 ADV-2007-3467 http://www.vupen.com/english/advisories/2007/3467 ADV-2008-0495 http://www.vupen.com/english/advisories/2008/0495/references ADV-2008-0924 http://www.vupen.com/english/advisories/2008/0924/references APPLE-SA-2008-02-11 http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html APPLE-SA-2008-03-18 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html DSA-1385 http://www.debian.org/security/2007/dsa-1385 FEDORA-2007-4263 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html GLSA-200710-11 http://security.gentoo.org/glsa/glsa-200710-11.xml MDKSA-2007:210 http://www.mandriva.com/security/advisories?name=MDKSA-2007:210 RHSA-2008:0029 http://www.redhat.com/support/errata/RHSA-2008-0029.html RHSA-2008:0030 http://www.redhat.com/support/errata/RHSA-2008-0030.html SUSE-SA:2007:054 http://www.novell.com/linux/security/advisories/2007_54_xorg.html TA08-043B http://www.us-cert.gov/cas/techalerts/TA08-043B.html [xorg-announce] 20071002 [ANNOUNCE] X.Org security advisory: multiple vulnerabilities in X font server http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html http://bugs.freedesktop.org/show_bug.cgi?id=12298 http://bugs.gentoo.org/show_bug.cgi?id=194606 http://docs.info.apple.com/article.html?artnum=307430 http://docs.info.apple.com/article.html?artnum=307562 https://issues.rpath.com/browse/RPL-1756 oval:org.mitre.oval:def:10882 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10882 xfs-protocol-requests-bo(36919) https://exchange.xforce.ibmcloud.com/vulnerabilities/36919 Common Vulnerability Exposure (CVE) ID: CVE-2007-4990 BugTraq ID: 25898 Bugtraq: 20071003 rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search) HPdes Security Advisory: HPSBUX02303 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01323725 HPdes Security Advisory: SSRT071468 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11599 http://secunia.com/advisories/28514 SuSE Security Announcement: SUSE-SA:2007:054 (Google Search) http://www.vupen.com/english/advisories/2008/0149 XForce ISS Database: xfs-queryxbitmaps-queryxextents-bo(36920) https://exchange.xforce.ibmcloud.com/vulnerabilities/36920
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.