FreeBSD : xorg -- multiple vulnerabilities (800e8bd5-3acb-11dd-8842-001302a18722)

This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Matthieu Herrb of X.Org reports :

Several vulnerabilities have been found in the server-side code of
some extensions in the X Window System. Improper validation of
client-provided data can cause data corruption.

Exploiting these overflows will crash the X server or, under certain
circumstances allow the execution of arbitrary machine code.

When the X server is running with root privileges (which is the case
for the Xorg server and for most kdrive based servers), these
vulnerabilities can thus also be used to raise privileges.

All these vulnerabilities, to be exploited successfully, require
either an already established connection to a running X server (and
normally running X servers are only accepting authenticated
connections), or a shell access with a valid user on the machine where
the vulnerable server is installed.

See also :

http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
http://www.nessus.org/u?9361e423

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 33187 (freebsd_pkg_800e8bd53acb11dd8842001302a18722.nasl)

Bugtraq ID:

CVE ID: CVE-2008-1377
CVE-2008-1379
CVE-2008-2360
CVE-2008-2361
CVE-2008-2362

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now