Scientific Linux Security Update : XFree86 on SL3.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Two integer overflow flaws were found in the XFree86 server's EVI and
MIT-SHM modules. A malicious authorized client could exploit these
issues to cause a denial of service (crash), or potentially execute
arbitrary code with root privileges on the XFree86 server.
(CVE-2007-6429)

A heap based buffer overflow flaw was found in the way the XFree86
server handled malformed font files. A malicious local user could
exploit this issue to potentially execute arbitrary code with the
privileges of the XFree86 server. (CVE-2008-0006)

A memory corruption flaw was found in the XFree86 server's XInput
extension. A malicious authorized client could exploit this issue to
cause a denial of service (crash), or potentially execute arbitrary
code with root privileges on the XFree86 server. (CVE-2007-6427)

An information disclosure flaw was found in the XFree86 server's
TOG-CUP extension. A malicious authorized client could exploit this
issue to cause a denial of service (crash), or potentially view
arbitrary memory content within the XFree86 server's address space.
(CVE-2007-6428)

An integer and heap overflow flaw were found in the X.org font server,
xfs. A user with the ability to connect to the font server could have
been able to cause a denial of service (crash), or potentially execute
arbitrary code with the permissions of the font server.
(CVE-2007-4568, CVE-2007-4990)

A flaw was found in the XFree86 server's XC-SECURITY extension, that
could have allowed a local user to verify the existence of an
arbitrary file, even in directories that are not normally accessible
to that user. (CVE-2007-5958)

See also :

http://www.nessus.org/u?9ebcb45f

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60349 ()

Bugtraq ID:

CVE ID: CVE-2007-4568
CVE-2007-4990
CVE-2007-5958
CVE-2007-6427
CVE-2007-6428
CVE-2007-6429
CVE-2008-0006