English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72022 CVE descriptions
and 38680 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60225
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-571-2 (xorg-server)
Summary:Ubuntu USN-571-2 (xorg-server)
Description:
The remote host is missing an update to xorg-server
announced via advisory USN-571-2.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

USN-571-1 fixed vulnerabilities in X.org. The upstream fixes were
incomplete, and under certain situations, applications using the MIT-SHM
extension (e.g. Java, wxWidgets) would crash with BadAlloc X errors.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple overflows were discovered in the XFree86-Misc, XInput-Misc,
TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate
function arguments. An authenticated attacker could send specially
crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427,
CVE-2007-6428, CVE-2007-6429)

It was discovered that the X.org server did not use user privileges when
attempting to open security policy files. Local attackers could exploit
this to probe for files in directories they would not normally be able
to access. (CVE-2007-5958)

It was discovered that the PCF font handling code did not correctly
validate the size of fonts. An authenticated attacker could load a
specially crafted font and gain additional privileges. (CVE-2008-0006)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
xserver-xorg-core 1:1.0.2-0ubuntu10.10

Ubuntu 6.10:
xserver-xorg-core 1:1.1.1-0ubuntu12.5

Ubuntu 7.04:
xserver-xorg-core 2:1.2.0-3ubuntu8.3

Ubuntu 7.10:
xserver-xorg-core 2:1.3.0.0.dfsg-12ubuntu8.3

After a standard system upgrade you need to restart your session to effect
the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-571-2

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5760
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=646
Bugtraq: 20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search)
http://www.securityfocus.com/archive/1/archive/1/487335/100/0/threaded
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html
Debian Security Information: DSA-1466 (Google Search)
http://www.debian.org/security/2008/dsa-1466
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html
http://security.gentoo.org/glsa/glsa-200801-09.xml
http://security.gentoo.org/glsa/glsa-200804-05.xml
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:022
http://www.mandriva.com/security/advisories?name=MDVSA-2008:023
http://www.mandriva.com/security/advisories?name=MDVSA-2008:025
OpenBSD Security Advisory: [4.1] 20080208 012: SECURITY FIX: February 8, 2008
http://www.openbsd.org/errata41.html#012_xorg
OpenBSD Security Advisory: [4.2] 20080208 006: SECURITY FIX: February 8, 2008
http://www.openbsd.org/errata42.html#006_xorg
http://www.redhat.com/support/errata/RHSA-2008-0030.html
http://www.redhat.com/support/errata/RHSA-2008-0031.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1
SuSE Security Announcement: SUSE-SA:2008:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html
http://www.ubuntulinux.org/support/documentation/usn/usn-571-1
BugTraq ID: 27336
http://www.securityfocus.com/bid/27336
BugTraq ID: 27354
http://www.securityfocus.com/bid/27354
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11718
http://www.vupen.com/english/advisories/2008/0179
http://www.vupen.com/english/advisories/2008/0184
http://www.vupen.com/english/advisories/2008/0497/references
http://securitytracker.com/id?1019232
http://secunia.com/advisories/28532
http://secunia.com/advisories/28535
http://secunia.com/advisories/28536
http://secunia.com/advisories/28539
http://secunia.com/advisories/28540
http://secunia.com/advisories/28543
http://secunia.com/advisories/28550
http://secunia.com/advisories/28273
http://secunia.com/advisories/28592
http://secunia.com/advisories/28616
http://secunia.com/advisories/28584
http://secunia.com/advisories/28693
http://secunia.com/advisories/28718
http://secunia.com/advisories/28843
http://secunia.com/advisories/28885
http://secunia.com/advisories/28941
http://secunia.com/advisories/29707
http://secunia.com/advisories/30161
XForce ISS Database: xorg-xfree86misc-code-execution(39766)
http://xforce.iss.net/xforce/xfdb/39766
Common Vulnerability Exposure (CVE) ID: CVE-2007-6427
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=643
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
HPdes Security Advisory: HPSBUX02381
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
HPdes Security Advisory: SSRT080083
http://www.mandriva.com/security/advisories?name=MDVSA-2008:021
http://www.redhat.com/support/errata/RHSA-2008-0029.html
SuSE Security Announcement: SUSE-SR:2008:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
SuSE Security Announcement: SUSE-SR:2008:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
BugTraq ID: 27351
http://www.securityfocus.com/bid/27351
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10372
http://secunia.com/advisories/32545
http://www.vupen.com/english/advisories/2008/0703
http://www.vupen.com/english/advisories/2008/0924/references
http://secunia.com/advisories/28542
http://secunia.com/advisories/28838
http://secunia.com/advisories/29139
http://secunia.com/advisories/29420
http://secunia.com/advisories/29622
http://www.vupen.com/english/advisories/2008/3000
XForce ISS Database: xorg-xinput-code-execution(39759)
http://xforce.iss.net/xforce/xfdb/39759
Common Vulnerability Exposure (CVE) ID: CVE-2007-6428
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=644
BugTraq ID: 27355
http://www.securityfocus.com/bid/27355
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11754
XForce ISS Database: xorg-togcup-information-disclosure(39761)
http://xforce.iss.net/xforce/xfdb/39761
Common Vulnerability Exposure (CVE) ID: CVE-2007-6429
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=645
BugTraq ID: 27350
http://www.securityfocus.com/bid/27350
BugTraq ID: 27353
http://www.securityfocus.com/bid/27353
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11045
XForce ISS Database: xorg-evi-bo(39763)
http://xforce.iss.net/xforce/xfdb/39763
XForce ISS Database: xorg-mitshm-overflow(39764)
http://xforce.iss.net/xforce/xfdb/39764
Common Vulnerability Exposure (CVE) ID: CVE-2007-5958
http://www.milw0rm.com/exploits/5152
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103205-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-230901-1
BugTraq ID: 27356
http://www.securityfocus.com/bid/27356
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10991
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5393
http://secunia.com/advisories/28997
XForce ISS Database: xorg-xsp-information-disclosure(39769)
http://xforce.iss.net/xforce/xfdb/39769
Common Vulnerability Exposure (CVE) ID: CVE-2008-0006
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:024
http://www.redhat.com/support/errata/RHSA-2008-0064.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1
CERT/CC vulnerability note: VU#203220
http://www.kb.cert.org/vuls/id/203220
http://jvn.jp/en/jp/JVN88935101/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html
BugTraq ID: 27352
http://www.securityfocus.com/bid/27352
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10021
http://secunia.com/advisories/28544
http://secunia.com/advisories/28500
http://secunia.com/advisories/28571
http://secunia.com/advisories/28621
XForce ISS Database: xorg-pcffont-bo(39767)
http://xforce.iss.net/xforce/xfdb/39767
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 38680 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.