Mandriva Linux Security Advisory : x11-server-xgl (MDVSA-2008:025)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

An input validation flaw was found in the X.org server's XFree86-Misc
extension that could allow a malicious authorized client to cause a
denial of service (crash), or potentially execute arbitrary code with
root privileges on the X.org server (CVE-2007-5760).

A flaw was found in the X.org server's XC-SECURITY extension that
could allow a local user to verify the existence of an arbitrary file,
even in directories that are not normally accessible to that user
(CVE-2007-5958).

A memory corruption flaw was found in the X.org server's XInput
extension that could allow a malicious authorized client to cause a
denial of service (crash) or potentially execute arbitrary code with
root privileges on the X.org server (CVE-2007-6427).

An information disclosure flaw was found in the X.org server's TOG-CUP
extension that could allow a malicious authorized client to cause a
denial of service (crash) or potentially view arbitrary memory content
within the X.org server's address space (CVE-2007-6428).

Two integer overflow flaws were found in the X.org server's EVI and
MIT-SHM modules that could allow a malicious authorized client to
cause a denial of service (crash) or potentially execute arbitrary
code with the privileges of the X.org server (CVE-2007-6429).

The updated packages have been patched to correct these issues.

Solution :

Update the affected x11-server-xgl package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 37710 (mandriva_MDVSA-2008-025.nasl)

Bugtraq ID: 27350
27351
27353
27354
27355
27356

CVE ID: CVE-2007-5760
CVE-2007-5958
CVE-2007-6427
CVE-2007-6428
CVE-2007-6429

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now