Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2007-424.NASL
HistoryApr 12, 2007 - 12:00 a.m.

Fedora Core 5 : xorg-x11-server-1.0.1-9.fc5.7 (2007-424)

2007-04-1200:00:00
This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.025 Low

EPSS

Percentile

90.1%

JSON

  • Sun Apr 8 2007 Adam Jackson <ajax at redhat.com> 1.0.1-9.fc5.7

    • xserver-CVE-2007-1003.patch: Fix CVE-2007-1003 in XC-MISC extension.

    • xorg-x11-server-1.0.1-intel-bridge-fix.patch: Backport an Intel PCI bridge fix from FC6.

    • Tue Jan 9 2007 Adam Jackson <ajax at redhat.com> 1.0.1-9.fc5.6

      • xorg-xserver-1.0.1-dbe-render.diff: CVE #2006-6101.

      • Fri Jun 30 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-9.fc5.5

      • Standardize on using lowercase ‘fcN’ in Release field to denote the OS release the package is being built for in all erratum from now on, as this is the official Fedora packaging guideline recommended way that the new ‘dist’ tag uses:
        http://fedoraproject.org/wiki/DistTag. (#197266)

    • Remove various rpm spec file macros from the changelog which were inadvertently added over time. (#197281)

    • Mon Jun 26 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-9.FC5.4

      • Updated build dependency to require mesa-source-6.4.2-6.FC5.3 minimum for DRI enabled builds to fix numerous bug reports on x86_64 including (#190245, 185929,187603,185727,189730)

    • Added xorg-x11-server-1.0.1-setuid.diff to fix setuid bug (#196126)

      • Bump xtrans dependency to ‘>= 1.0.0-3.2.FC5.0’ for setuid fix in xtrans.

      • Added ‘BuildRequires: freetype-devel >= 2.1.9-1, zlib-devel’ so that the package will build now in brew/mock for erratum.

    • Fri May 19 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-9.FC5.3

      • Enable alpha, sparc, sparc64 architectures to be buildable (untested, but feel free to submit patches in bugzilla if it does not work right)

    • Add missing SBUS header for sparc architecture (#187357)

      • Fri May 5 2006 Mike A. Harris <mharris at redhat.com> 1.0.1-9.fc5.2

      • Merge xorg-x11-server-1.0.1-render-tris-CVE-2006-1526.patch security fix from 1.0.1-9.fc5.1.1 release from embargoed branch of CVS to FC-5 branch.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2007-424.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(25027);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_xref(name:"FEDORA", value:"2007-424");

  script_name(english:"Fedora Core 5 : xorg-x11-server-1.0.1-9.fc5.7 (2007-424)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora Core host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Sun Apr 8 2007 Adam Jackson <ajax at redhat.com>
    1.0.1-9.fc5.7

    - xserver-CVE-2007-1003.patch: Fix CVE-2007-1003 in
      XC-MISC extension.

    - xorg-x11-server-1.0.1-intel-bridge-fix.patch: Backport
      an Intel PCI bridge fix from FC6.

  - Tue Jan 9 2007 Adam Jackson <ajax at redhat.com>
    1.0.1-9.fc5.6

    - xorg-xserver-1.0.1-dbe-render.diff: CVE #2006-6101.

    - Fri Jun 30 2006 Mike A. Harris <mharris at redhat.com>
      1.0.1-9.fc5.5

    - Standardize on using lowercase 'fcN' in Release field
      to denote the OS release the package is being built
      for in all erratum from now on, as this is the
      official Fedora packaging guideline recommended way
      that the new 'dist' tag uses:
      http://fedoraproject.org/wiki/DistTag. (#197266)

  - Remove various rpm spec file macros from the changelog
    which were inadvertently added over time. (#197281)

  - Mon Jun 26 2006 Mike A. Harris <mharris at redhat.com>
    1.0.1-9.FC5.4

    - Updated build dependency to require
      mesa-source-6.4.2-6.FC5.3 minimum for DRI enabled
      builds to fix numerous bug reports on x86_64 including
      (#190245, 185929,187603,185727,189730)

  - Added xorg-x11-server-1.0.1-setuid.diff to fix setuid
    bug (#196126)

    - Bump xtrans dependency to '>= 1.0.0-3.2.FC5.0' for
      setuid fix in xtrans.

    - Added 'BuildRequires: freetype-devel >= 2.1.9-1,
      zlib-devel' so that the package will build now in
      brew/mock for erratum.

  - Fri May 19 2006 Mike A. Harris <mharris at redhat.com>
    1.0.1-9.FC5.3

    - Enable alpha, sparc, sparc64 architectures to be
      buildable (untested, but feel free to submit patches
      in bugzilla if it does not work right)

  - Add missing SBUS header for sparc architecture (#187357)

    - Fri May 5 2006 Mike A. Harris <mharris at redhat.com>
      1.0.1-9.fc5.2

    - Merge
      xorg-x11-server-1.0.1-render-tris-CVE-2006-1526.patch
      security fix from 1.0.1-9.fc5.1.1 release from
      embargoed branch of CVS to FC-5 branch.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://fedoraproject.org/wiki/DistTag.
  script_set_attribute(
    attribute:"see_also",
    value:"https://fedoraproject.org/wiki/DistTag."
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2007-April/001651.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?80a79938"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xdmx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xnest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xorg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-Xvfb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xorg-x11-server-sdk");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/04/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC5", reference:"xorg-x11-server-Xdmx-1.0.1-9.fc5.7")) flag++;
if (rpm_check(release:"FC5", reference:"xorg-x11-server-Xnest-1.0.1-9.fc5.7")) flag++;
if (rpm_check(release:"FC5", reference:"xorg-x11-server-Xorg-1.0.1-9.fc5.7")) flag++;
if (rpm_check(release:"FC5", reference:"xorg-x11-server-Xvfb-1.0.1-9.fc5.7")) flag++;
if (rpm_check(release:"FC5", reference:"xorg-x11-server-debuginfo-1.0.1-9.fc5.7")) flag++;
if (rpm_check(release:"FC5", reference:"xorg-x11-server-sdk-1.0.1-9.fc5.7")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xorg-x11-server-Xdmx / xorg-x11-server-Xnest / xorg-x11-server-Xorg / etc");
}
VendorProductVersionCPE
fedoraprojectfedoraxorg-x11-server-xdmxp-cpe:/a:fedoraproject:fedora:xorg-x11-server-xdmx
fedoraprojectfedoraxorg-x11-server-xnestp-cpe:/a:fedoraproject:fedora:xorg-x11-server-xnest
fedoraprojectfedoraxorg-x11-server-xorgp-cpe:/a:fedoraproject:fedora:xorg-x11-server-xorg
fedoraprojectfedoraxorg-x11-server-xvfbp-cpe:/a:fedoraproject:fedora:xorg-x11-server-xvfb
fedoraprojectfedoraxorg-x11-server-debuginfop-cpe:/a:fedoraproject:fedora:xorg-x11-server-debuginfo
fedoraprojectfedoraxorg-x11-server-sdkp-cpe:/a:fedoraproject:fedora:xorg-x11-server-sdk
fedoraprojectfedora_core5cpe:/o:fedoraproject:fedora_core:5

Related

openvas 27
fedora 3
prion 2
nessus 27
debiancve 2
suse 2
centos 4
cvelist 2
securityvulns 3
cert 1
slackware 1
altlinux 2
nvd 2
cve 2
ubuntucve 2
gentoo 2
redhat 4
ubuntu 2
veracode 1
oraclelinux 3
debian 1
osv 1
vmware 1
openvas
openvas
Fedora Update for xorg-x11-server FEDORA-2007-424
2009-02-27 00:00:00
Gentoo Security Advisory GLSA 200605-02 (X.Org)
2008-09-24 00:00:00
Fedora Update for xorg-x11-server FEDORA-2007-036
2009-02-27 00:00:00
fedora
fedora
[SECURITY] Fedora Core 5 Update: xorg-x11-server-1.0.1-9.fc5.7
2007-04-10 16:49:15
[SECURITY] Fedora Core 5 Update: xorg-x11-server-1.0.1-9.fc5.6
2007-01-10 04:40:15
[SECURITY] Fedora Core 6 Update: xorg-x11-server-1.1.1-47.8.fc6
2007-04-10 16:49:47
prion
prion
Buffer overflow
2006-05-02 21:06:00
Integer overflow
2007-04-06 01:19:00
nessus
nessus
CentOS 4 : xorg-x11 (CESA-2006:0451)
2006-07-05 00:00:00
Fedora Core 5 : xorg-x11-server-1.0.1-9.fc5.6 (2007-036)
2007-01-17 00:00:00
Fedora Core 4 : xorg-x11-6.8.2-37.FC4.49.2.1 (2006-484)
2007-01-17 00:00:00
debiancve
debiancve
CVE-2006-1526
2006-05-02 21:06:00
CVE-2007-1003
2007-04-06 01:19:00
suse
suse
local privilege escalation in xorg-x11-server
2006-05-03 10:46:28
local privilege escalation in XFree86, Xorg
2007-04-20 16:38:35
centos
centos
xorg security update
2006-05-04 16:07:11
XFree86 security update
2007-04-03 22:05:23
xorg security update
2007-04-04 00:24:46
cvelist
cvelist
CVE-2006-1526
2006-05-02 21:00:00
CVE-2007-1003
2007-04-06 01:00:00
securityvulns
securityvulns
[ GLSA 200605-02 ] X.Org: Buffer overflow in XRender extension
2006-05-03 00:00:00
[Full-disclosure] iDefense Security Advisory 04.03.07: Multiple Vendor X Server XC-MISC Extension Memory Corruption Vulnerability
2007-04-04 00:00:00
Multiple vulnerabilities in X.Org X11 server
2007-04-04 00:00:00
cert
cert
X.Org server buffer overflow in Xrender extension
2006-06-16 00:00:00
slackware
slackware
[slackware-security] xorg server overflow
2006-05-03 15:58:40
altlinux
altlinux
Security fix for the ALT Linux 10 package xorg-server version 1:1.0.2-alt5
2006-05-03 00:00:00
Security fix for the ALT Linux 10 package xorg-server version 2:1.2.99.903-alt3
2007-04-03 00:00:00
nvd
nvd
CVE-2006-1526
2006-05-02 21:06:00
CVE-2007-1003
2007-04-06 01:19:00
cve
cve
CVE-2006-1526
2006-05-02 21:06:00
CVE-2007-1003
2007-04-06 01:19:00
ubuntucve
ubuntucve
CVE-2006-1526
2006-05-02 00:00:00
CVE-2007-1003
2007-04-06 00:00:00
gentoo
gentoo
X.Org: Buffer overflow in XRender extension
2006-05-02 00:00:00
LibXfont, TightVNC: Multiple vulnerabilities
2007-05-08 00:00:00
redhat
redhat
(RHSA-2006:0451) xorg-x11 security update
2006-05-04 00:00:00
(RHSA-2007:0127) Important: xorg-x11-server security update
2007-04-03 00:00:00
(RHSA-2007:0125) Important: XFree86 security update
2007-04-03 00:00:00
ubuntu
ubuntu
X.org server vulnerability
2006-05-04 00:00:00
X.org vulnerabilities
2007-04-03 00:00:00
veracode
veracode
Integer Overflow
2020-04-10 00:14:29
oraclelinux
oraclelinux
Important: xorg-x11-server security update
2007-06-26 00:00:00
Important: XFree86 security update
2007-04-04 00:00:00
Important: xorg-x11 security update
2007-04-04 00:00:00
debian
debian
[SECURITY] [DSA 1294-1] New xfree86 packages fix several vulnerabilities
2007-05-17 21:22:02
osv
osv
xfree86
2007-05-17 00:00:00
vmware
vmware
Updated Service Console packages (XFree86, UP and SMP kernels, Kerberos libraries) resolve security issues.
2007-07-05 00:00:00

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.025 Low

EPSS

Percentile

90.1%

JSON
Related for FEDORA_2007-424.NASL
openvas27fedora3prion2nessus27debiancve2suse2centos4cvelist2securityvulns3cert1slackware1altlinux2nvd2cve2ubuntucve2gentoo2redhat4ubuntu2veracode1oraclelinux3debian1osv1vmware1