English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60692
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0029
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2008:0029.

XFree86 is an implementation of the X Window System, which provides the
core functionality for the Linux graphical desktop.

Two integer overflow flaws were found in the XFree86 server's EVI and
MIT-SHM modules. A malicious authorized client could exploit these issues
to cause a denial of service (crash), or potentially execute arbitrary code
with root privileges on the XFree86 server. (CVE-2007-6429)

A heap based buffer overflow flaw was found in the way the XFree86 server
handled malformed font files. A malicious local user could exploit this
issue to potentially execute arbitrary code with the privileges of the
XFree86 server. (CVE-2008-0006)

A memory corruption flaw was found in the XFree86 server's XInput
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash), or potentially execute arbitrary code with
root privileges on the XFree86 server. (CVE-2007-6427)

An information disclosure flaw was found in the XFree86 server's TOG-CUP
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash), or potentially view arbitrary memory content
within the XFree86 server's address space. (CVE-2007-6428)

An integer and heap overflow flaw were found in the X.org font server, xfs.
A user with the ability to connect to the font server could have been able
to cause a denial of service (crash), or potentially execute arbitrary code
with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990)

A flaw was found in the XFree86 server's XC-SECURITY extension, that could
have allowed a local user to verify the existence of an arbitrary file,
even in directories that are not normally accessible to that user.
(CVE-2007-5958)

Users of XFree86 are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2008-0029.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-4568
1018763
http://www.securitytracker.com/id?1018763
103114
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103114-1
200642
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200642-1
20071002 Multiple Vendor X Font Server Multiple Vulnerabilities
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602
20071003 rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
http://www.securityfocus.com/archive/1/481432/100/0/threaded
25898
http://www.securityfocus.com/bid/25898
27040
http://secunia.com/advisories/27040
27052
http://secunia.com/advisories/27052
27060
http://secunia.com/advisories/27060
27168
http://secunia.com/advisories/27168
27176
http://secunia.com/advisories/27176
27228
http://secunia.com/advisories/27228
27240
http://secunia.com/advisories/27240
27560
http://secunia.com/advisories/27560
28004
http://secunia.com/advisories/28004
28536
http://secunia.com/advisories/28536
28542
http://secunia.com/advisories/28542
28891
http://secunia.com/advisories/28891
29420
http://secunia.com/advisories/29420
ADV-2007-3337
http://www.vupen.com/english/advisories/2007/3337
ADV-2007-3338
http://www.vupen.com/english/advisories/2007/3338
ADV-2007-3467
http://www.vupen.com/english/advisories/2007/3467
ADV-2008-0495
http://www.vupen.com/english/advisories/2008/0495/references
ADV-2008-0924
http://www.vupen.com/english/advisories/2008/0924/references
APPLE-SA-2008-02-11
http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html
APPLE-SA-2008-03-18
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
DSA-1385
http://www.debian.org/security/2007/dsa-1385
FEDORA-2007-4263
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00352.html
GLSA-200710-11
http://security.gentoo.org/glsa/glsa-200710-11.xml
MDKSA-2007:210
http://www.mandriva.com/security/advisories?name=MDKSA-2007:210
RHSA-2008:0029
http://www.redhat.com/support/errata/RHSA-2008-0029.html
RHSA-2008:0030
http://www.redhat.com/support/errata/RHSA-2008-0030.html
SUSE-SA:2007:054
http://www.novell.com/linux/security/advisories/2007_54_xorg.html
TA08-043B
http://www.us-cert.gov/cas/techalerts/TA08-043B.html
[xorg-announce] 20071002 [ANNOUNCE] X.Org security advisory: multiple vulnerabilities in X font server
http://lists.freedesktop.org/archives/xorg-announce/2007-October/000416.html
http://bugs.freedesktop.org/show_bug.cgi?id=12298
http://bugs.gentoo.org/show_bug.cgi?id=194606
http://docs.info.apple.com/article.html?artnum=307430
http://docs.info.apple.com/article.html?artnum=307562
https://issues.rpath.com/browse/RPL-1756
oval:org.mitre.oval:def:10882
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10882
xfs-protocol-requests-bo(36919)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36919
Common Vulnerability Exposure (CVE) ID: CVE-2007-4990
BugTraq ID: 25898
Bugtraq: 20071003 rPSA-2007-0205-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search)
HPdes Security Advisory: HPSBUX02303
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01323725
HPdes Security Advisory: SSRT071468
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11599
http://secunia.com/advisories/28514
SuSE Security Announcement: SUSE-SA:2007:054 (Google Search)
http://www.vupen.com/english/advisories/2008/0149
XForce ISS Database: xfs-queryxbitmaps-queryxextents-bo(36920)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36920
Common Vulnerability Exposure (CVE) ID: CVE-2007-5958
BugTraq ID: 27336
http://www.securityfocus.com/bid/27336
BugTraq ID: 27356
http://www.securityfocus.com/bid/27356
Bugtraq: 20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search)
http://www.securityfocus.com/archive/1/487335/100/0/threaded
Debian Security Information: DSA-1466 (Google Search)
http://www.debian.org/security/2008/dsa-1466
https://www.exploit-db.com/exploits/5152
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html
http://security.gentoo.org/glsa/glsa-200801-09.xml
http://security.gentoo.org/glsa/glsa-200804-05.xml
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
HPdes Security Advisory: HPSBUX02381
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
HPdes Security Advisory: SSRT080083
http://www.mandriva.com/security/advisories?name=MDVSA-2008:021
http://www.mandriva.com/security/advisories?name=MDVSA-2008:022
http://www.mandriva.com/security/advisories?name=MDVSA-2008:023
http://www.mandriva.com/security/advisories?name=MDVSA-2008:025
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html
OpenBSD Security Advisory: [4.1] 20080208 012: SECURITY FIX: February 8, 2008
http://www.openbsd.org/errata41.html#012_xorg
OpenBSD Security Advisory: [4.2] 20080208 006: SECURITY FIX: February 8, 2008
http://www.openbsd.org/errata42.html#006_xorg
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10991
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5393
http://www.redhat.com/support/errata/RHSA-2008-0031.html
http://securitytracker.com/id?1019232
http://secunia.com/advisories/28273
http://secunia.com/advisories/28532
http://secunia.com/advisories/28535
http://secunia.com/advisories/28539
http://secunia.com/advisories/28540
http://secunia.com/advisories/28543
http://secunia.com/advisories/28550
http://secunia.com/advisories/28584
http://secunia.com/advisories/28592
http://secunia.com/advisories/28616
http://secunia.com/advisories/28718
http://secunia.com/advisories/28843
http://secunia.com/advisories/28885
http://secunia.com/advisories/28997
http://secunia.com/advisories/29622
http://secunia.com/advisories/29707
http://secunia.com/advisories/30161
http://secunia.com/advisories/32545
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103205-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-230901-1
SuSE Security Announcement: SUSE-SA:2008:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html
SuSE Security Announcement: SUSE-SR:2008:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
https://usn.ubuntu.com/571-1/
http://www.vupen.com/english/advisories/2008/0179
http://www.vupen.com/english/advisories/2008/0184
http://www.vupen.com/english/advisories/2008/0497/references
http://www.vupen.com/english/advisories/2008/3000
XForce ISS Database: xorg-xsp-information-disclosure(39769)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39769
Common Vulnerability Exposure (CVE) ID: CVE-2007-6427
BugTraq ID: 27351
http://www.securityfocus.com/bid/27351
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=643
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10372
http://secunia.com/advisories/28693
http://secunia.com/advisories/28838
http://secunia.com/advisories/28941
http://secunia.com/advisories/29139
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103200-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-200153-1
SuSE Security Announcement: SUSE-SR:2008:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
http://www.vupen.com/english/advisories/2008/0703
XForce ISS Database: xorg-xinput-code-execution(39759)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39759
Common Vulnerability Exposure (CVE) ID: CVE-2007-6428
BugTraq ID: 27355
http://www.securityfocus.com/bid/27355
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=644
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11754
XForce ISS Database: xorg-togcup-information-disclosure(39761)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39761
Common Vulnerability Exposure (CVE) ID: CVE-2007-6429
BugTraq ID: 27350
http://www.securityfocus.com/bid/27350
BugTraq ID: 27353
http://www.securityfocus.com/bid/27353
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=645
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11045
XForce ISS Database: xorg-evi-bo(39763)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39763
XForce ISS Database: xorg-mitshm-overflow(39764)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39764
Common Vulnerability Exposure (CVE) ID: CVE-2008-0006
BugTraq ID: 27352
http://www.securityfocus.com/bid/27352
CERT/CC vulnerability note: VU#203220
http://www.kb.cert.org/vuls/id/203220
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html
http://jvn.jp/en/jp/JVN88935101/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001043.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:024
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10021
http://www.redhat.com/support/errata/RHSA-2008-0064.html
http://secunia.com/advisories/28500
http://secunia.com/advisories/28544
http://secunia.com/advisories/28571
http://secunia.com/advisories/28621
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1
XForce ISS Database: xorg-pcffont-bo(39767)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39767
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.