Family: Red Hat Local Security Checks --> Category: infos
RHSA-2003-289: XFree Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the XFree packages
Detailed Explanation for this Vulnerability Test
Updated XFree86 packages provide security fixes to font libraries and XDM.
XFree86 is an implementation of the X Window System providing the core
graphical user interface and video drivers. XDM is the X display manager.
Multiple integer overflows in the transfer and enumeration of font
libraries in XFree86 allow local or remote attackers to cause a denial of
service or execute arbitrary code via heap-based and stack-based buffer
overflow attacks. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0730 to this issue.
The risk to users from this vulnerability is limited because only clients
can be affected by these bugs, however in some (non-default)
configurations, both xfs and the X Server can act as clients
to remote font servers.
XDM does not verify whether the pam_setcred function call succeeds, which
may allow attackers to gain root rights by triggering error conditions
within PAM modules, as demonstrated in certain configurations of the
pam_krb5 module. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0690 to this issue.
Users are advised to upgrade to these updated XFree86 4.1.0 packages, which
contain backported security patches and are not vulnerable to these issues.
Solution : http://rhn.redhat.com/errata/RHSA-2003-289.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.