Mandrake Linux Security Advisory : xfs (MDKSA-2007:210)

high Nessus Plugin ID 27817
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow. (CVE-2007-4568)

The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption. (CVE-2007-4990)

Updated package fixes these issues.

Solution

Update the affected xfs package.

Plugin Details

Severity: High

ID: 27817

File Name: mandrake_MDKSA-2007-210.nasl

Version: 1.19

Type: local

Published: 11/7/2007

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:xfs, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/6/2007

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2007-4568, CVE-2007-4990

MDKSA: 2007:210

CWE: 119, 189