RHEL 2.1 : XFree86 (RHSA-2003:289)

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated XFree86 packages provide security fixes to font libraries and

XFree86 is an implementation of the X Window System providing the core
graphical user interface and video drivers. XDM is the X display

Multiple integer overflows in the transfer and enumeration of font
libraries in XFree86 allow local or remote attackers to cause a denial
of service or execute arbitrary code via heap-based and stack-based
buffer overflow attacks. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2003-0730 to this

The risk to users from this vulnerability is limited because only
clients can be affected by these bugs, however in some (non-default)
configurations, both xfs and the X Server can act as clients to remote
font servers.

XDM does not verify whether the pam_setcred function call succeeds,
which may allow attackers to gain root privileges by triggering error
conditions within PAM modules, as demonstrated in certain
configurations of the pam_krb5 module. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2003-0690
to this issue.

Users are advised to upgrade to these updated XFree86 4.1.0 packages,
which contain backported security patches and are not vulnerable to
these issues.

See also :


Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12424 ()

Bugtraq ID: 8514

CVE ID: CVE-2003-0690