How to Buy
This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated XFree86 packages that fix a privilege escalation vulnerability
are now available.
[Update 16 February 2004] Erratum filelist has been modified for
x86_64 and s390x only so that the correct multi-lib packages are
XFree86 is an implementation of the X Window System, providing the
core graphical user interface and video drivers.
iDefense discovered two buffer overflows in the parsing of the
'font.alias' file. A local attacker could exploit this vulnerability
by creating a carefully-crafted file and gaining root privileges. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2004-0083 and CVE-2004-0084 to these issues.
Additionally David Dawes discovered additional flaws in reading font
files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0106 to these issues.
All users of XFree86 are advised to upgrade to these erratum packages,
which contain a backported fix and are not vulnerable to these issues.
Red Hat would like to thank David Dawes from XFree86 for the patches
and notification of these issues.
See also :
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12466 ()
CVE ID: CVE-2004-0083CVE-2004-0084CVE-2004-0106
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.