Test ID:	1.3.6.1.4.1.25623.1.1.12.2004.27.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-27-1)
Summary:	The remote host is missing an update for the 'xfree86' package(s) announced via the USN-27-1 advisory.
Description:	Summary: The remote host is missing an update for the 'xfree86' package(s) announced via the USN-27-1 advisory. Vulnerability Insight: Chris Evans discovered several stack overflows in the versions of libXpm shipped by X.Org, XFree86, and LessTif. These overflows were fixed in the Warty development tree before its release. Mathieu Herrb of OpenBSD subsequently discovered that the original patch was insufficient to address these overflows, and thus the version of libxpm4 shipped with Warty is still vulnerable to the original overflows. These overflows do not allow privilege escalation through the X server, the overflows are in a client-side library, allowing arbitrary code execution with the privileges of the user viewing a malicious pixmap. Affected Software/OS: 'xfree86' package(s) on Ubuntu 4.10. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0687 http://lists.apple.com/archives/security-announce/2005/May/msg00001.html BugTraq ID: 11196 http://www.securityfocus.com/bid/11196 Bugtraq: 20040915 CESA-2004-004: libXpm (Google Search) http://marc.info/?l=bugtraq&m=109530851323415&w=2 Cert/CC Advisory: TA05-136A http://www.us-cert.gov/cas/techalerts/TA05-136A.html CERT/CC vulnerability note: VU#882750 http://www.kb.cert.org/vuls/id/882750 Conectiva Linux advisory: CLA-2005:924 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924 Debian Security Information: DSA-560 (Google Search) http://www.debian.org/security/2004/dsa-560 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml HPdes Security Advisory: HPSBUX02119 http://www.securityfocus.com/archive/1/434715/100/0/threaded HPdes Security Advisory: SSRT4848 http://www.mandriva.com/security/advisories?name=MDKSA-2004:098 http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html http://scary.beasts.org/security/CESA-2004-003.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9187 http://www.redhat.com/support/errata/RHSA-2004-537.html http://www.redhat.com/support/errata/RHSA-2005-004.html http://secunia.com/advisories/20235 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1 SuSE Security Announcement: SUSE-SA:2004:034 (Google Search) http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.html https://usn.ubuntu.com/27-1/ http://www.vupen.com/english/advisories/2006/1914 XForce ISS Database: libxpm-multiple-stack-bo(17414) https://exchange.xforce.ibmcloud.com/vulnerabilities/17414 Common Vulnerability Exposure (CVE) ID: CVE-2004-0688 CERT/CC vulnerability note: VU#537878 http://www.kb.cert.org/vuls/id/537878 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11796 XForce ISS Database: libxpm-xpmfile-integer-overflow(17416) https://exchange.xforce.ibmcloud.com/vulnerabilities/17416
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.