SUSE-SA:2004:041: xshared, XFree86-libs, xorg-x11-libs

critical Nessus Plugin ID 15755

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2004:041 (xshared, XFree86-libs, xorg-x11-libs).

The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files.
A source code review done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs.
The bug types are:
- integer overflows
- out-of-bounds memory access
- shell command execution
- path traversal
- endless loops By providing a special image these bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges.

Solution

http://www.suse.de/security/2004_41_xshared_XFree86_libs_xorg_x11_libs.html

Plugin Details

Severity: Critical

ID: 15755

File Name: suse_SA_2004_041.nasl

Version: 1.13

Agent: unix

Family: SuSE Local Security Checks

Published: 11/18/2004

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2004-0914

BID: 11694

Detections

Analytics