Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:056)

high Nessus Plugin ID 21114

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

Versions of Xorg 6.9.0 and greater have a bug in xf86Init.c, which allows non-root users to use the -modulepath, -logfile and -configure options. This allows loading of arbitrary modules which will execute as the root user, as well as a local DoS by overwriting system files.

Updated packages have been patched to correct these issues.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 21114

File Name: mandrake_MDKSA-2006-056.nasl

Version: 1.16

Type: local

Published: 3/21/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:x11r6-contrib, p-cpe:/a:mandriva:linux:lib64xorg-x11, p-cpe:/a:mandriva:linux:lib64xorg-x11-devel, p-cpe:/a:mandriva:linux:lib64xorg-x11-static-devel, p-cpe:/a:mandriva:linux:libxorg-x11, p-cpe:/a:mandriva:linux:libxorg-x11-devel, p-cpe:/a:mandriva:linux:libxorg-x11-static-devel, p-cpe:/a:mandriva:linux:xorg-x11, p-cpe:/a:mandriva:linux:xorg-x11-100dpi-fonts, p-cpe:/a:mandriva:linux:xorg-x11-75dpi-fonts, p-cpe:/a:mandriva:linux:xorg-x11-xdmx, p-cpe:/a:mandriva:linux:xorg-x11-xnest, p-cpe:/a:mandriva:linux:xorg-x11-xprt, p-cpe:/a:mandriva:linux:xorg-x11-xvfb, p-cpe:/a:mandriva:linux:xorg-x11-cyrillic-fonts, p-cpe:/a:mandriva:linux:xorg-x11-doc, p-cpe:/a:mandriva:linux:xorg-x11-glide-module, p-cpe:/a:mandriva:linux:xorg-x11-server, p-cpe:/a:mandriva:linux:xorg-x11-xauth, p-cpe:/a:mandriva:linux:xorg-x11-xfs, cpe:/o:mandriva:linux:2006

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 3/20/2006

Reference Information

CVE: CVE-2006-0745

MDKSA: 2006:056