7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.4 Medium
AI Score
Confidence
Low
0.348 Low
EPSS
Percentile
97.1%
The remote host is missing an update to xfree86
announced via advisory DSA 561-1.
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.53704");
script_version("2023-07-19T05:05:15+0000");
script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
script_tag(name:"creation_date", value:"2008-01-17 22:45:44 +0100 (Thu, 17 Jan 2008)");
script_cve_id("CVE-2004-0687", "CVE-2004-0688");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Debian Security Advisory DSA 561-1 (xfree86)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB3\.0");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20561-1");
script_tag(name:"insight", value:"Chris Evans discovered several stack and integer overflows in the
libXpm library which is provided by X.Org, XFree86 and LessTif.
For the stable distribution (woody) this problem has been fixed in
version 4.1.0-16woody4.
For the unstable distribution (sid) this problem has been fixed in
version 4.3.0.dfsg.1-8.");
script_tag(name:"solution", value:"We recommend that you upgrade your libxpm packages.");
script_tag(name:"summary", value:"The remote host is missing an update to xfree86
announced via advisory DSA 561-1.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
res = "";
report = "";
if((res = isdpkgvuln(pkg:"x-window-system", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-100dpi-transcoded", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-100dpi", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-75dpi-transcoded", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-75dpi", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-base-transcoded", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-base", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-cyrillic", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-pex", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfonts-scalable", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfree86-common", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlib6g-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlib6g", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xspecs", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"lbxproxy", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libdps-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libdps1", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libdps1-dbg", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libxaw6", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libxaw6-dbg", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libxaw6-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libxaw7", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libxaw7-dbg", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"libxaw7-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"proxymngr", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"twm", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"x-window-system-core", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xbase-clients", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xdm", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfs", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xfwp", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibmesa-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibmesa3", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibmesa3-dbg", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibosmesa-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibosmesa3", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibosmesa3-dbg", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibs", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibs-dbg", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibs-dev", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xlibs-pic", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xmh", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xnest", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xprt", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xserver-common", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xserver-xfree86", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xterm", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xutils", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if((res = isdpkgvuln(pkg:"xvfb", ver:"4.1.0-16woody4", rls:"DEB3.0")) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}