English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72151 CVE descriptions
and 38907 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61494
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-616-1 (xorg-server)
Summary:Ubuntu USN-616-1 (xorg-server)
Description:
The remote host is missing an update to xorg-server
announced via advisory USN-616-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Details follow:

Multiple flaws were found in the RENDER, RECORD, and Security
extensions of X.org which did not correctly validate function arguments.
An authenticated attacker could send specially crafted requests and gain
root privileges or crash X. (CVE-2008-1377, CVE-2008-2360, CVE-2008-2361,
CVE-2008-2362)

It was discovered that the MIT-SHM extension of X.org did not correctly
validate the location of memory during an image copy. An authenticated
attacker could exploit this to read arbitrary memory locations within X,
exposing sensitive information. (CVE-2008-1379)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
xserver-xorg-core 1:1.0.2-0ubuntu10.13

Ubuntu 7.04:
xserver-xorg-core 2:1.2.0-3ubuntu8.4

Ubuntu 7.10:
xserver-xorg-core 2:1.3.0.0.dfsg-12ubuntu8.4

Ubuntu 8.04 LTS:
xserver-xorg-core 2:1.4.1~
git20080131-1ubuntu9.2

After a standard system upgrade you need to restart your session to effect
the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-616-1

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-1377
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=721
Bugtraq: 20080620 rPSA-2008-0200-1 xorg-server (Google Search)
http://www.securityfocus.com/archive/1/archive/1/493548/100/0/threaded
Bugtraq: 20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs (Google Search)
http://www.securityfocus.com/archive/1/archive/1/493550/100/0/threaded
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
Debian Security Information: DSA-1595 (Google Search)
http://www.debian.org/security/2008/dsa-1595
http://security.gentoo.org/glsa/glsa-200806-07.xml
http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml
HPdes Security Advisory: HPSBUX02381
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321
HPdes Security Advisory: SSRT080083
http://www.mandriva.com/security/advisories?name=MDVSA-2008:116
http://www.mandriva.com/security/advisories?name=MDVSA-2008:115
RedHat Security Advisories: RHSA-2008:0502
http://rhn.redhat.com/errata/RHSA-2008-0502.html
RedHat Security Advisories: RHSA-2008:0504
http://rhn.redhat.com/errata/RHSA-2008-0504.html
RedHat Security Advisories: RHSA-2008:0512
http://rhn.redhat.com/errata/RHSA-2008-0512.html
http://www.redhat.com/support/errata/RHSA-2008-0503.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1
SuSE Security Announcement: SUSE-SA:2008:027 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html
SuSE Security Announcement: SUSE-SR:2008:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html
http://www.ubuntu.com/usn/usn-616-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10109
http://secunia.com/advisories/32545
http://www.vupen.com/english/advisories/2008/1803
http://www.vupen.com/english/advisories/2008/1833
http://www.vupen.com/english/advisories/2008/1983/references
http://securitytracker.com/id?1020247
http://secunia.com/advisories/30627
http://secunia.com/advisories/30628
http://secunia.com/advisories/30629
http://secunia.com/advisories/30630
http://secunia.com/advisories/30637
http://secunia.com/advisories/30659
http://secunia.com/advisories/30664
http://secunia.com/advisories/30666
http://secunia.com/advisories/30671
http://secunia.com/advisories/30715
http://secunia.com/advisories/30772
http://secunia.com/advisories/30809
http://secunia.com/advisories/30843
http://secunia.com/advisories/31109
http://secunia.com/advisories/32099
http://secunia.com/advisories/31025
http://secunia.com/advisories/33937
http://www.vupen.com/english/advisories/2008/3000
Common Vulnerability Exposure (CVE) ID: CVE-2008-1379
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=722
http://www.mandriva.com/security/advisories?name=MDVSA-2008:179
BugTraq ID: 29669
http://www.securityfocus.com/bid/29669
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8966
http://securitytracker.com/id?1020246
XForce ISS Database: xorg-fbshmputimage-information-disclosure(43016)
http://xforce.iss.net/xforce/xfdb/43016
Common Vulnerability Exposure (CVE) ID: CVE-2008-2360
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9329
http://securitytracker.com/id?1020243
Common Vulnerability Exposure (CVE) ID: CVE-2008-2361
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=719
BugTraq ID: 29665
http://www.securityfocus.com/bid/29665
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8978
http://securitytracker.com/id?1020244
Common Vulnerability Exposure (CVE) ID: CVE-2008-2362
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=720
BugTraq ID: 29670
http://www.securityfocus.com/bid/29670
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11246
http://securitytracker.com/id?1020245
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.