RHEL 5 : xorg-x11-server (RHSA-2014:1982)

critical Nessus Plugin ID 80010

Language:

Synopsis

The remote Red Hat host is missing one or more security updates for xorg-x11-server.

Description

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1982 advisory.

- xorg-x11-server: denial of service due to unchecked malloc in client authentication (CVE-2014-8091)

- xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests (CVE-2014-8092)

- xorg-x11-server: integer overflow in GLX extension requests when calculating memory needs for requests (CVE-2014-8093)

- xorg-x11-server: out of bounds access due to not validating length or offset values in XInput extension (CVE-2014-8095)

- xorg-x11-server: out of bounds access due to not validating length or offset values in XC-MISC extension (CVE-2014-8096)

- xorg-x11-server: out of bounds access due to not validating length or offset values in DBE extension (CVE-2014-8097)

- xorg-x11-server: out of bounds access due to not validating length or offset values in GLX extension (CVE-2014-8098)

- xorg-x11-server: out of bounds access due to not validating length or offset values in XVideo extension (CVE-2014-8099)

- xorg-x11-server: out of bounds access due to not validating length or offset values in Render extension (CVE-2014-8100)

- xorg-x11-server: out of bounds access due to not validating length or offset values in RandR extension (CVE-2014-8101)

- xorg-x11-server: out of bounds access due to not validating length or offset values in XFixes extension (CVE-2014-8102)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL xorg-x11-server package based on the guidance in RHSA-2014:1982.

Plugin Details

Severity: Critical

ID: 80010

File Name: redhat-RHSA-2014-1982.nasl

Version: 1.15

Type: local

Agent: unix

Family: Red Hat Local Security Checks

Published: 12/15/2014

Updated: 4/27/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2014-8102

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-xorg, cpe:/o:redhat:enterprise_linux:5, p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-xnest, p-cpe:/a:redhat:enterprise_linux:xorg-x11-server, p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-xvnc-source, p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-sdk, p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-xdmx, p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-xvfb, p-cpe:/a:redhat:enterprise_linux:xorg-x11-server-xephyr

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 12/11/2014

Reference Information

CVE: CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102

BID: 71596, 71597, 71598, 71599, 71600, 71602, 71604, 71605, 71606, 71608, 71595

CWE: 119, 125, 252, 787

RHSA: 2014:1982

Detections

Analytics