Detections
Analytics
Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2007:005)
critical Nessus Plugin ID 24621
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
Sean Larsson of iDefense Labs discovered several vulnerabilities in X.Org/XFree86 :Local exploitation of a memory corruption vulnerability in the 'ProcRenderAddGlyphs()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. (CVE-2006-6101)
Local exploitation of a memory corruption vulnerability in the 'ProcDbeGetVisualInfo()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. (CVE-2006-6102)
Local exploitation of a memory corruption vulnerability in the 'ProcDbeSwapBuffers()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. (CVE-2006-6103)
Updated packages are patched to address these issues.
Solution
Update the affected packages.Plugin Details
Severity: Critical
ID: 24621
File Name: mandrake_MDKSA-2007-005.nasl
Version: 1.16
Type: local
Family: Mandriva Local Security Checks
Published: 2/18/2007
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:x11-server, p-cpe:/a:mandriva:linux:x11-server-common, p-cpe:/a:mandriva:linux:x11-server-devel, p-cpe:/a:mandriva:linux:x11-server-xati, p-cpe:/a:mandriva:linux:x11-server-xchips, p-cpe:/a:mandriva:linux:x11-server-xdmx, p-cpe:/a:mandriva:linux:x11-server-xephyr, p-cpe:/a:mandriva:linux:x11-server-xepson, p-cpe:/a:mandriva:linux:x11-server-xfake, p-cpe:/a:mandriva:linux:x11-server-xfbdev, p-cpe:/a:mandriva:linux:x11-server-xi810, p-cpe:/a:mandriva:linux:x11-server-xmach64, p-cpe:/a:mandriva:linux:x11-server-xmga, p-cpe:/a:mandriva:linux:x11-server-xneomagic, p-cpe:/a:mandriva:linux:x11-server-xnest, p-cpe:/a:mandriva:linux:x11-server-xnvidia, p-cpe:/a:mandriva:linux:x11-server-xorg, p-cpe:/a:mandriva:linux:x11-server-xpm2, p-cpe:/a:mandriva:linux:x11-server-xprt, p-cpe:/a:mandriva:linux:x11-server-xr128, p-cpe:/a:mandriva:linux:x11-server-xsdl, p-cpe:/a:mandriva:linux:x11-server-xsmi, p-cpe:/a:mandriva:linux:x11-server-xvesa, p-cpe:/a:mandriva:linux:x11-server-xvfb, p-cpe:/a:mandriva:linux:x11-server-xvia, cpe:/o:mandriva:linux:2007
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 1/9/2007
Reference Information
CVE: CVE-2006-6101, CVE-2006-6102, CVE-2006-6103
MDKSA: 2007:005