CVE-2013-2004medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file.
References
http://www.debian.org/security/2013/dsa-2693
http://www.openwall.com/lists/oss-security/2013/05/23/3
http://www.ubuntu.com/usn/USN-1854-1
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:x:libx11:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:x:libx11:*:*:*:*:*:*:*:* versions up to 1.5.99.901 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 86215 | HP-UX PHSS_43690 : s700_800 11.31 X/Motif Runtime Patch | Nessus | HP-UX Local Security Checks | medium |
| 86119 | HP-UX PHSS_44188 : s700_800 11.11 X/Motif Runtime Periodic Patch | Nessus | HP-UX Local Security Checks | medium |
| 86118 | HP-UX PHSS_44149 : s700_800 11.23 X/Motif Runtime Patch | Nessus | HP-UX Local Security Checks | medium |
| 80822 | Oracle Solaris Third-Party Patch Update : xorg (multiple_vulnerabilities_in_x_org1) | Nessus | Solaris Local Security Checks | medium |
| 79560 | Amazon Linux AMI : libX11 / libXcursor,libXfixes,libXi,libXrandr,libXrender,libXres,libXt,libXv,libXvMC,libXxf86dga,libXxf86vm,libdmx,xorg-x11-proto-devel (ALAS-2014-452) | Nessus | Amazon Linux Local Security Checks | medium |
| 79182 | CentOS 6 : libX11 / libXcursor / libXext / libXfixes / libXi / libXinerama / libXp / libXrandr / etc (CESA-2014:1436) | Nessus | CentOS Local Security Checks | medium |
| 78841 | Scientific Linux Security Update : X11 client libraries on SL6.x i386/x86_64 (20141014) | Nessus | Scientific Linux Local Security Checks | medium |
| 78411 | RHEL 6 : X11 client libraries (RHSA-2014:1436) | Nessus | Red Hat Local Security Checks | medium |
| 75052 | openSUSE Security Update : libX11 (openSUSE-SU-2013:1047-1) | Nessus | SuSE Local Security Checks | medium |
| 74028 | GLSA-201405-07 : X.Org X Server: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |
| 67256 | SuSE 10 Security Update : xorg-x11 (ZYPP Patch Number 8623) | Nessus | SuSE Local Security Checks | medium |
| 67107 | SuSE 11.2 / 11.3 Security Update : xorg-x11-libX11 (SAT Patch Numbers 7842 / 7935) | Nessus | SuSE Local Security Checks | medium |
| 66818 | Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : libx11 vulnerabilities (USN-1854-1) | Nessus | Ubuntu Local Security Checks | medium |
| 66798 | FreeBSD : xorg -- protocol handling issues in X Window System client libraries (2eebebff-cd3b-11e2-8f09-001b38c3836c) | Nessus | FreeBSD Local Security Checks | medium |
| 66629 | Fedora 18 : libX11-1.5.99.901-3.20130524gita3bdd2b09.fc18 (2013-9151) | Nessus | Fedora Local Security Checks | medium |
| 66602 | Debian DSA-2693-1 : libx11 - several vulnerabilities | Nessus | Debian Local Security Checks | medium |