Detections
Analytics
SUSE-SA:2007:008: XFree86-server,xorg-x11-server,xloader
high Nessus Plugin ID 24462
Synopsis
The remote host is missing a vendor-supplied security patchDescription
The remote host is missing the patch for the advisory SUSE-SA:2007:008 (XFree86-server,xorg-x11-server,xloader).This update fixes three memory corruptions within the X server which could be used by local attackers with access to this display to crash the X server and potentially execute code.
CVE-2006-6101: Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures.
CVE-2006-6102: Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.
CVE-2006-6103: Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.
Solution
http://www.novell.com/linux/security/advisories/2007_08_x.htmlPlugin Details
Severity: High
ID: 24462
File Name: suse_SA_2007_008.nasl
Version: 1.10
Agent: unix
Family: SuSE Local Security Checks
Published: 2/18/2007
Updated: 1/14/2021
Supported Sensors: Nessus Agent, Nessus
Vulnerability Information
Required KB Items: Host/SuSE/rpm-list