FreeBSD : xfs -- multiple vulnerabilities (a5f667db-7596-11dc-8b7a-0019b944b34e)

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Matthieu Herrb reports : Problem Description : Several vulnerabilities
have been identified in xfs, the X font server. The QueryXBitmaps and
QueryXExtents protocol requests suffer from lack of validation of
their 'length' parameters. Impact : On most modern systems, the font
server is accessible only for local clients and runs with reduced
privileges, but on some systems it may still be accessible from remote
clients and possibly running with root privileges, creating an
opportunity for remote privilege escalation.

See also :

http://lists.freedesktop.org/archives/xorg/2007-October/028899.html
http://www.nessus.org/u?9d627805

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 26939 (freebsd_pkg_a5f667db759611dc8b7a0019b944b34e.nasl)

Bugtraq ID:

CVE ID: CVE-2007-4568

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now