Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:148)

high Nessus Plugin ID 23895

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

An integer overflow flaw was discovered in how xorg-x11/XFree86 handles PCF files. A malicious authorized client could exploit the issue to cause a DoS (crash) or potentially execute arbitrary code with root privileges on the xorg-x11/XFree86 server.

Updated packages are patched to address this issue.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 23895

File Name: mandrake_MDKSA-2006-148.nasl

Version: 1.16

Type: local

Published: 12/16/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64xorg-x11, p-cpe:/a:mandriva:linux:xorg-x11, p-cpe:/a:mandriva:linux:xorg-x11-75dpi-fonts, p-cpe:/a:mandriva:linux:libxorg-x11-devel, p-cpe:/a:mandriva:linux:lib64xorg-x11-static-devel, p-cpe:/a:mandriva:linux:xorg-x11-xauth, p-cpe:/a:mandriva:linux:xorg-x11-xnest, p-cpe:/a:mandriva:linux:xorg-x11-server, p-cpe:/a:mandriva:linux:x11r6-contrib, p-cpe:/a:mandriva:linux:xorg-x11-xprt, p-cpe:/a:mandriva:linux:xorg-x11-doc, p-cpe:/a:mandriva:linux:xorg-x11-100dpi-fonts, p-cpe:/a:mandriva:linux:xorg-x11-xfs, p-cpe:/a:mandriva:linux:libxorg-x11-static-devel, cpe:/o:mandriva:linux:2006, p-cpe:/a:mandriva:linux:xorg-x11-xvfb, p-cpe:/a:mandriva:linux:xorg-x11-xdmx, p-cpe:/a:mandriva:linux:xorg-x11-cyrillic-fonts, p-cpe:/a:mandriva:linux:xorg-x11-glide-module, p-cpe:/a:mandriva:linux:libxorg-x11, p-cpe:/a:mandriva:linux:lib64xorg-x11-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 8/24/2006

Reference Information

CVE: CVE-2006-3467

MDKSA: 2006:148