Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2007:005)

critical Nessus Plugin ID 24621

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

Sean Larsson of iDefense Labs discovered several vulnerabilities in X.Org/XFree86 :

Local exploitation of a memory corruption vulnerability in the 'ProcRenderAddGlyphs()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. (CVE-2006-6101)

Local exploitation of a memory corruption vulnerability in the 'ProcDbeGetVisualInfo()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. (CVE-2006-6102)

Local exploitation of a memory corruption vulnerability in the 'ProcDbeSwapBuffers()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. (CVE-2006-6103)

Updated packages are patched to address these issues.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 24621

File Name: mandrake_MDKSA-2007-005.nasl

Version: 1.16

Type: local

Published: 2/18/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:x11-server-xi810, p-cpe:/a:mandriva:linux:x11-server-xmach64, p-cpe:/a:mandriva:linux:x11-server-xmga, p-cpe:/a:mandriva:linux:x11-server-xneomagic, p-cpe:/a:mandriva:linux:x11-server-xnest, p-cpe:/a:mandriva:linux:x11-server-xnvidia, p-cpe:/a:mandriva:linux:x11-server-xorg, p-cpe:/a:mandriva:linux:x11-server-xpm2, p-cpe:/a:mandriva:linux:x11-server-xprt, p-cpe:/a:mandriva:linux:x11-server-xr128, p-cpe:/a:mandriva:linux:x11-server-xsdl, p-cpe:/a:mandriva:linux:x11-server-xsmi, p-cpe:/a:mandriva:linux:x11-server-xvesa, p-cpe:/a:mandriva:linux:x11-server-xvfb, p-cpe:/a:mandriva:linux:x11-server-xvia, cpe:/o:mandriva:linux:2007, p-cpe:/a:mandriva:linux:x11-server, p-cpe:/a:mandriva:linux:x11-server-common, p-cpe:/a:mandriva:linux:x11-server-devel, p-cpe:/a:mandriva:linux:x11-server-xati, p-cpe:/a:mandriva:linux:x11-server-xchips, p-cpe:/a:mandriva:linux:x11-server-xdmx, p-cpe:/a:mandriva:linux:x11-server-xephyr, p-cpe:/a:mandriva:linux:x11-server-xepson, p-cpe:/a:mandriva:linux:x11-server-xfake, p-cpe:/a:mandriva:linux:x11-server-xfbdev

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 1/9/2007

Reference Information

CVE: CVE-2006-6101, CVE-2006-6102, CVE-2006-6103

MDKSA: 2007:005