FreeBSD : xorg-server -- Multiple Issues (ab881a74-c016-4e6d-9f7d-68c8e7cedafb)

high Nessus Plugin ID 103909

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

xorg-server developers reports :

In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.

Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?ca9626a5

http://www.nessus.org/u?c59234c4

http://www.nessus.org/u?34c7477b

https://www.securityfocus.com/bid/99543

http://www.nessus.org/u?2e446704

http://www.nessus.org/u?5460b1bf

https://www.securityfocus.com/bid/99546

https://bugzilla.suse.com/show_bug.cgi?id=1035283

Plugin Details

Severity: High

ID: 103909

File Name: freebsd_pkg_ab881a74c0164e6d9f7d68c8e7cedafb.nasl

Version: 3.6

Type: local

Published: 10/18/2017

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:xorg-server, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/17/2017

Vulnerability Publication Date: 7/6/2017

Reference Information

CVE: CVE-2017-10971, CVE-2017-10972