This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated XFree86 packages provide security fixes to font libraries and
XFree86 is an implementation of the X Window System providing the core
graphical user interface and video drivers. XDM is the X display
Multiple integer overflows in the transfer and enumeration of font
libraries in XFree86 allow local or remote attackers to cause a denial
of service or execute arbitrary code via heap-based and stack-based
buffer overflow attacks. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2003-0730 to this
The risk to users from this vulnerability is limited because only
clients can be affected by these bugs, however in some (non-default)
configurations, both xfs and the X Server can act as clients to remote
XDM does not verify whether the pam_setcred function call succeeds,
which may allow attackers to gain root privileges by triggering error
conditions within PAM modules, as demonstrated in certain
configurations of the pam_krb5 module. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2003-0690
to this issue.
Users are advised to upgrade to these updated XFree86 4.1.0 packages,
which contain backported security patches and are not vulnerable to
See also :
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0