Lucene search
Copyright (C) 2008 E-Soft Inc.OPENVAS:136141256231053704HistoryJan 17, 2008 - 12:00 a.m.
Debian Security Advisory DSA 561-1 (xfree86)
2008-01-1700:00:00
Copyright (C) 2008 E-Soft Inc.
plugins.openvas.org
7
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.4 Medium
AI Score
Confidence
Low
0.348 Low
EPSS
Percentile
97.1%
The remote host is missing an update to xfree86
announced via advisory DSA 561-1.
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.53704");
script_version("2023-07-19T05:05:15+0000");
script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
script_tag(name:"creation_date", value:"2008-01-17 22:45:44 +0100 (Thu, 17 Jan 2008)");
script_cve_id("CVE-2004-0687", "CVE-2004-0688");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Debian Security Advisory DSA 561-1 (xfree86)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB3\.0");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20561-1");
script_tag(name:"insight", value:"Chris Evans discovered several stack and integer overflows in the
libXpm library which is provided by X.Org, XFree86 and LessTif.
For the stable distribution (woody) this problem has been fixed in
version 4.1.0-16woody4.
For the unstable distribution (sid) this problem has been fixed in
version 4.3.0.dfsg.1-8.");
script_tag(name:"solution", value:"We recommend that you upgrade your libxpm packages.");
script_tag(name:"summary", value:"The remote host is missing an update to xfree86
announced via advisory DSA 561-1.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
res = "";
report = "";
if((res = isdpkgvuln(pkg:"x-window-system", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-100dpi-transcoded", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-100dpi", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-75dpi-transcoded", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-75dpi", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-base-transcoded", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-base", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-cyrillic", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-pex", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-scalable", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfree86-common", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlib6g-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlib6g", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xspecs", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"lbxproxy", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libdps-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libdps1", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libdps1-dbg", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libxaw6", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libxaw6-dbg", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libxaw6-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libxaw7", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libxaw7-dbg", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libxaw7-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"proxymngr", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"twm", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"x-window-system-core", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xbase-clients", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xdm", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfs", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfwp", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibmesa-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibmesa3", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibmesa3-dbg", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibosmesa-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibosmesa3", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibosmesa3-dbg", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibs", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibs-dbg", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibs-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibs-pic", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xmh", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xnest", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xprt", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xserver-common", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xserver-xfree86", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xterm", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xutils", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xvfb", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
Related
freebsd
freebsd
xpm -- image decoding vulnerabilities
2004-09-15 00:00:00
linux_base -- vulnerabilities in Red Hat 7.1 libraries
2004-09-27 00:00:00
openvas
openvas
Debian Security Advisory DSA 561-1 (xfree86)
2008-01-17 00:00:00
xpm -- image decoding vulnerabilities
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200409-34 (X)
2008-09-24 00:00:00
osv
osv
xfree86 - integer and stack overflows
2004-10-11 00:00:00
lesstif1-1 - integer and stack overflows
2004-10-07 00:00:00
nessus
nessus
Ubuntu 4.10 : libxpm4 vulnerability (USN-27-1)
2006-01-15 00:00:00
Debian DSA-560-1 : lesstif1-1 - integer and stack overflows
2004-11-10 00:00:00
Mandrake Linux Security Advisory : XFree86 (MDKSA-2004:099)
2004-09-16 00:00:00
cert
cert
libXpm library contains multiple integer overflow vulnerabilities
2004-09-30 00:00:00
libXpm image library vulnerable to buffer overflow
2004-09-30 00:00:00
ubuntu
ubuntu
libxpm4 vulnerability
2004-11-18 00:00:00
gentoo
gentoo
X.org, XFree86: Integer and stack overflows in libXpm
2004-09-27 00:00:00
LessTif: Integer and stack overflows in libXpm
2004-10-09 00:00:00
OpenMotif: Multiple vulnerabilities in libXpm
2005-02-07 00:00:00
debian
debian
[SECURITY] [DSA 561-1] New libxpm packages fix several vulnerabilities
2004-10-11 07:42:09
[SECURITY] [DSA 560-1] New lesstif packages fix several vulnerabilities
2004-10-07 13:32:27
[SECURITY] [DSA 561-1] New libxpm packages fix several vulnerabilities
2004-10-11 07:42:09
redhat
redhat
(RHSA-2005:004) lesstif security update
2005-01-12 00:00:00
(RHSA-2004:479) XFree86 security update
2004-10-06 00:00:00
(RHSA-2004:537) openmotif security update
2004-12-02 00:00:00
cvelist
cvelist
nvd
nvd
cve
cve
ubuntucve
ubuntucve
debiancve
debiancve
CVE-2004-0783
2004-10-20 04:00:00
CVE-2004-0782
2004-10-20 04:00:00
packetstorm
packetstorm
Solaris 10 dtprintinfo / libXm / libXpm Security Issues
2023-01-20 00:00:00
zdt
zdt
Solaris 10 dtprintinfo / libXm / libXpm Security Issues Vulnerability
2023-01-22 00:00:00
securityvulns
securityvulns
suse
suse
remote command execution in XFree86-libs, xshared
2004-09-17 13:37:17
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.4 Medium
AI Score
Confidence
Low
0.348 Low
EPSS
Percentile
97.1%
Related for OPENVAS:136141256231053704