Debian DSA-1466-1 : xorg-server - several vulnerabilities

high Nessus Plugin ID 30059

Synopsis

The remote Debian host is missing a security-related update.

Description

The X.org fix for CVE-2007-6429 introduced a regression in the MIT-SHM extension, which prevented the start of a few applications. This update provides updated packages for the xfree86 version included in Debian old stable (sarge) in addition to the fixed packages for Debian stable (etch), which were provided in DSA 1466-2.

For reference the original advisory text below :

Several local vulnerabilities have been discovered in the X.Org X server. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2007-5760 'regenrecht' discovered that missing input sanitising within the XFree86-Misc extension may lead to local privilege escalation.

- CVE-2007-5958 It was discovered that error messages of security policy file handling may lead to a minor information leak disclosing the existence of files otherwise inaccessible to the user.

- CVE-2007-6427 'regenrecht' discovered that missing input sanitising within the XInput-Misc extension may lead to local privilege escalation.

- CVE-2007-6428 'regenrecht' discovered that missing input sanitising within the TOG-CUP extension may lead to disclosure of memory contents.

- CVE-2007-6429 'regenrecht' discovered that integer overflows in the EVI and MIT-SHM extensions may lead to local privilege escalation.

- CVE-2008-0006 It was discovered that insufficient validation of PCF fonts could lead to local privilege escalation.

Solution

Upgrade the X.org/Xfree86 packages.

For the oldstable distribution (sarge), this problem has been fixed in version 4.3.0.dfsg.1-14sarge7 of xfree86.

For the stable distribution (etch), this problem has been fixed in version 1.1.1-21etch3 of xorg-server and 1.2.2-2.etch1 of libxfont.

See Also

https://security-tracker.debian.org/tracker/CVE-2007-6429

https://security-tracker.debian.org/tracker/CVE-2007-5760

https://security-tracker.debian.org/tracker/CVE-2007-5958

https://security-tracker.debian.org/tracker/CVE-2007-6427

https://security-tracker.debian.org/tracker/CVE-2007-6428

https://security-tracker.debian.org/tracker/CVE-2008-0006

https://www.debian.org/security/2008/dsa-1466

Plugin Details

Severity: High

ID: 30059

File Name: debian_DSA-1466.nasl

Version: 1.28

Type: local

Agent: unix

Published: 1/27/2008

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:xfree86, cpe:/o:debian:debian_linux:4.0, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/21/2008

Exploitable With

Core Impact

Reference Information

CVE: CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006

BID: 27350, 27351, 27352, 27353, 27354, 27355

CWE: 119, 189, 200, 362, 399

DSA: 1466