|
|
Family: SuSE Local Security Checks --> Category: infos
SUSE-SA:2007:008: XFree86-server,xorg-x11-server,xloader Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the XFree86-server,xorg-x11-server,xloader package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory SUSE-SA:2007:008 (XFree86-server,xorg-x11-server,xloader).
This update fixes three memory corruptions within the X server which
could be used by local attackers with access to this display to crash
the X server and potentially execute code.
CVE-2006-6101: Integer overflow in the ProcRenderAddGlyphs function
in the Render extension for X.Org 6.8.2, 6.9.0, 7.0,
and 7.1, and XFree86 X server, allows local users to
execute arbitrary code via a crafted X protocol request
that triggers memory corruption during processing of
glyph management data structures.
CVE-2006-6102: Integer overflow in the ProcDbeGetVisualInfo function
in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0,
and 7.1, and XFree86 X server, allows local users to
execute arbitrary code via a crafted X protocol request
that triggers memory corruption during processing of
unspecified data structures.
CVE-2006-6103: Integer overflow in the ProcDbeSwapBuffers function in
the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1,
and XFree86 X server, allows local users to execute
arbitrary code via a crafted X protocol request
that triggers memory corruption during processing of
unspecified data structures.
Solution : http://www.suse.de/security/http://www.novell.com/linux/security/advisories/2007_08_x.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
