This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200710-11
(X Font Server: Multiple Vulnerabilities)
iDefense reported that the xfs init script does not correctly handle a
race condition when setting permissions of a temporary file
(CVE-2007-3103). Sean Larsson discovered an integer overflow
vulnerability in the build_range() function possibly leading to a
heap-based buffer overflow when handling 'QueryXBitmaps' and
'QueryXExtents' protocol requests (CVE-2007-4568). Sean Larsson also
discovered an error in the swap_char2b() function possibly leading to a
heap corruption when handling the same protocol requests
The first issue would allow a local attacker to change permissions of
arbitrary files to be world-writable by performing a symlink attack.
The second and third issues would allow a local attacker to execute
arbitrary code with privileges of the user running the X Font Server,
There is no known workaround at this time.
See also :
All X Font Server users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=x11-apps/xfs-1.0.5'
Risk factor :
High / CVSS Base Score : 7.5
Public Exploit Available : true
Family: Gentoo Local Security Checks
Nessus Plugin ID: 27046 (gentoo_GLSA-200710-11.nasl)
CVE ID: CVE-2007-3103CVE-2007-4568CVE-2007-4990
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.