Detections
Analytics
Mandrake Linux Security Advisory : XFree86 (MDKSA-2004:138)
critical Nessus Plugin ID 15794
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files.A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows, out-of-bounds memory access, shell command execution, path traversal, and endless loops.
These bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges, by using a specially crafted xpm image.
Updated packages are patched to correct all these issues.
Solution
Update the affected packages.Plugin Details
Severity: Critical
ID: 15794
File Name: mandrake_MDKSA-2004-138.nasl
Version: 1.18
Type: local
Family: Mandriva Local Security Checks
Published: 11/23/2004
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.6
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:x11r6-contrib, p-cpe:/a:mandriva:linux:xfree86, p-cpe:/a:mandriva:linux:xfree86-100dpi-fonts, p-cpe:/a:mandriva:linux:xfree86-75dpi-fonts, p-cpe:/a:mandriva:linux:xfree86-xnest, p-cpe:/a:mandriva:linux:xfree86-xvfb, p-cpe:/a:mandriva:linux:xfree86-cyrillic-fonts, p-cpe:/a:mandriva:linux:xfree86-doc, p-cpe:/a:mandriva:linux:xfree86-glide-module, p-cpe:/a:mandriva:linux:xfree86-server, p-cpe:/a:mandriva:linux:xfree86-xfs, p-cpe:/a:mandriva:linux:lib64xfree86, p-cpe:/a:mandriva:linux:lib64xfree86-devel, p-cpe:/a:mandriva:linux:lib64xfree86-static-devel, p-cpe:/a:mandriva:linux:lib64xorg-x11, p-cpe:/a:mandriva:linux:lib64xorg-x11-devel, p-cpe:/a:mandriva:linux:lib64xorg-x11-static-devel, p-cpe:/a:mandriva:linux:libxfree86, p-cpe:/a:mandriva:linux:libxfree86-devel, p-cpe:/a:mandriva:linux:libxfree86-static-devel, p-cpe:/a:mandriva:linux:libxorg-x11, p-cpe:/a:mandriva:linux:libxorg-x11-devel, p-cpe:/a:mandriva:linux:libxorg-x11-static-devel, p-cpe:/a:mandriva:linux:xorg-x11, p-cpe:/a:mandriva:linux:xorg-x11-100dpi-fonts, p-cpe:/a:mandriva:linux:xorg-x11-75dpi-fonts, p-cpe:/a:mandriva:linux:xorg-x11-xnest, p-cpe:/a:mandriva:linux:xorg-x11-xvfb, p-cpe:/a:mandriva:linux:xorg-x11-cyrillic-fonts, p-cpe:/a:mandriva:linux:xorg-x11-doc, p-cpe:/a:mandriva:linux:xorg-x11-glide-module, p-cpe:/a:mandriva:linux:xorg-x11-server, p-cpe:/a:mandriva:linux:xorg-x11-xfs, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1, cpe:/o:mandrakesoft:mandrake_linux:9.2
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 11/22/2004
Reference Information
CVE: CVE-2004-0914
MDKSA: 2004:138