RHEL 2.1 : XFree86 (RHSA-2003:065)

critical Nessus Plugin ID 12369

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated XFree86 packages that resolve various security issues and additionally provide a number of bug fixes and enhancements are now available for Red Hat Enterprise Linux 2.1.

XFree86 is an implementation of the X Window System, which provides the graphical user interface, video drivers, etc. for Linux systems.

A number of security vulnerabilities have been found and fixed. In addition, various other bug fixes, driver updates, and other enhancements have been made.

Security fixes :

Xterm, provided as part of the XFree86 packages, provides an escape sequence for reporting the current window title. This escape sequence essentially takes the current title and places it directly on the command line. An attacker can craft an escape sequence that sets the victim's Xterm window title to an arbitrary command, and then reports it to the command line. Since it is not possible to embed a carriage return into the window title, the attacker would then have to convince the victim to press Enter for the shell to process the title as a command, although the attacker could craft other escape sequences that might convince the victim to do so. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0063 to this issue.

It is possible to lock up versions of Xterm by sending an invalid DEC UDK escape sequence. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0071 to this issue.

The xdm display manager, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-1510 to this issue.

These erratum packages also contain an updated fix for CVE-2002-0164, a vulnerability in the MIT-SHM extension of the X server that allows local users to read and write arbitrary shared memory. The original fix did not cover the case where the X server is started from xdm.

The X server was setting the /dev/dri directory permissions incorrectly, which resulted in the directory being world-writable. It now sets the directory permissions to a safe value. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2001-1409 to this issue.

Driver updates and other fixes :

The Rage 128 video driver (r128) has been updated to provide 2D support for all previously unsupported ATI Rage 128 hardware. DRI 3D support should also work on the majority of Rage 128 hardware.

Bad page size assumptions in the ATI Radeon video driver (radeon) have been fixed, allowing the driver to work properly on ia64 and other architectures where the page size is not fixed.

A long-standing XFree86 bug has been fixed. This bug occurs when any form of system clock skew (such as NTP clock synchronization, APM suspend/resume cycling on laptops, daylight savings time changeover, or even manually setting the system clock forward or backward) could result in odd application behavior, mouse and keyboard lockups, or even an X server hang or crash.

The S3 Savage driver (savage) has been updated to the upstream author's latest version '1.1.27t', which should fix numerous bugs reported by various users, as well as adding support for some newer savage hardware.

Users are advised to upgrade to these updated packages, which contain XFree86 version 4.1.0 with patches correcting these issues.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/cve-2001-1409

https://access.redhat.com/security/cve/cve-2002-0164

https://access.redhat.com/security/cve/cve-2002-1510

https://access.redhat.com/security/cve/cve-2003-0063

https://access.redhat.com/security/cve/cve-2003-0071

https://access.redhat.com/errata/RHSA-2003:065

Plugin Details

Severity: Critical

ID: 12369

File Name: redhat-RHSA-2003-065.nasl

Version: 1.30

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:xfree86-iso8859-15-75dpi-fonts, p-cpe:/a:redhat:enterprise_linux:xfree86-xnest, p-cpe:/a:redhat:enterprise_linux:xfree86-iso8859-2-75dpi-fonts, p-cpe:/a:redhat:enterprise_linux:xfree86-cyrillic-fonts, p-cpe:/a:redhat:enterprise_linux:xfree86-xfs, p-cpe:/a:redhat:enterprise_linux:xfree86-libs, p-cpe:/a:redhat:enterprise_linux:xfree86-xf86cfg, p-cpe:/a:redhat:enterprise_linux:xfree86-xdm, p-cpe:/a:redhat:enterprise_linux:xfree86-twm, p-cpe:/a:redhat:enterprise_linux:xfree86-iso8859-2-100dpi-fonts, p-cpe:/a:redhat:enterprise_linux:xfree86-75dpi-fonts, p-cpe:/a:redhat:enterprise_linux:xfree86-tools, p-cpe:/a:redhat:enterprise_linux:xfree86-iso8859-15-100dpi-fonts, cpe:/o:redhat:enterprise_linux:2.1, p-cpe:/a:redhat:enterprise_linux:xfree86, p-cpe:/a:redhat:enterprise_linux:xfree86-iso8859-9-75dpi-fonts, p-cpe:/a:redhat:enterprise_linux:xfree86-xvfb, p-cpe:/a:redhat:enterprise_linux:xfree86-devel, p-cpe:/a:redhat:enterprise_linux:xfree86-iso8859-9-100dpi-fonts, p-cpe:/a:redhat:enterprise_linux:xfree86-doc, p-cpe:/a:redhat:enterprise_linux:xfree86-100dpi-fonts

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 6/25/2003

Vulnerability Publication Date: 3/15/2002

Reference Information

CVE: CVE-2001-1409, CVE-2002-0164, CVE-2002-1510, CVE-2003-0063, CVE-2003-0071

RHSA: 2003:065