This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.
The remote Debian host is missing a security-related update.
A number of vulnerabilities have been discovered in XFree86. The
corrections are listed below with the identification from the Common
Vulnerabilities and Exposures (CVE) project :
- CAN-2004-0083 :
Buffer overflow in ReadFontAlias from dirfile.c of
XFree86 4.1.0 through 4.3.0 allows local users and
remote attackers to execute arbitrary code via a font
alias file (font.alias) with a long token, a different
vulnerability than CAN-2004-0084.
- CAN-2004-0084 :
Buffer overflow in the ReadFontAlias function in XFree86
4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered
function, allows local or remote authenticated users to
execute arbitrary code via a malformed entry in the font
alias (font.alias) file, a different vulnerability than
- CAN-2004-0106 :
Miscellaneous additional flaws in XFree86's handling of
- CAN-2003-0690 :
xdm does not verify whether the pam_setcred function
call succeeds, which may allow attackers to gain root
privileges by triggering error conditions within PAM
modules, as demonstrated in certain configurations of
the MIT pam_krb5 module.
- CAN-2004-0093, CAN-2004-0094 :
Denial-of-service attacks against the X server by
clients using the GLX extension and Direct Rendering
Infrastructure are possible due to unchecked client data
(out-of-bounds array indexes [CAN-2004-0093] and integer
signedness errors [CAN-2004-0094]).
Exploitation of CAN-2004-0083, CAN-2004-0084, CAN-2004-0106,
CAN-2004-0093 and CAN-2004-0094 would require a connection to the X
server. By default, display managers in Debian start the X server with
a configuration which only accepts local connections, but if the
configuration is changed to allow remote connections, or X servers are
started by other means, then these bugs could be exploited remotely.
Since the X server usually runs with root privileges, these bugs could
potentially be exploited to gain root privileges.
No attack vector for CAN-2003-0690 is known at this time.
See also :
For the stable distribution (woody) these problems have been fixed in
We recommend that you update your xfree86 package.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true