Family: SuSE Local Security Checks --> Category: infos
SUSE-SA:2004:041: xshared, XFree86-libs, xorg-x11-libs Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the xshared, XFree86-libs, xorg-x11-libs package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory SUSE-SA:2004:041 (xshared, XFree86-libs, xorg-x11-libs).
The XPM library which is part of the XFree86/XOrg project is used by
several GUI applications to process XPM image files.
A source code review done by Thomas Biege of the SuSE Security-Team
revealed several different kinds of bugs.
The bug types are:
- integer overflows
- out-of-bounds memory access
- shell command execution
- path traversal
- endless loops
By providing a special image these bugs can be exploited by remote and/or
local attackers to gain access to the system or to escalate their local
Solution : http://www.suse.de/security/2004_41_xshared_XFree86_libs_xorg_x11_libs.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.