SUSE-SA:2004:041: xshared, XFree86-libs, xorg-x11-libs

Critical Nessus Plugin ID 15755


The remote host is missing a vendor-supplied security patch


The remote host is missing the patch for the advisory SUSE-SA:2004:041 (xshared, XFree86-libs, xorg-x11-libs).

The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files.
A source code review done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs.
The bug types are:
- integer overflows
- out-of-bounds memory access
- shell command execution
- path traversal
- endless loops By providing a special image these bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges.


Plugin Details

Severity: Critical

ID: 15755

File Name: suse_SA_2004_041.nasl

Version: $Revision: 1.9 $

Agent: unix

Published: 2004/11/18

Modified: 2010/10/06

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2004-0914

BID: 11694