Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : xorg-server regression (USN-571-2)

high Nessus Plugin ID 30042

Synopsis

The remote Ubuntu host is missing one or more security-related patches.

Description

USN-571-1 fixed vulnerabilities in X.org. The upstream fixes were incomplete, and under certain situations, applications using the MIT-SHM extension (e.g. Java, wxWidgets) would crash with BadAlloc X errors. This update fixes the problem.

We apologize for the inconvenience.

Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429)

It was discovered that the X.org server did not use user privileges when attempting to open security policy files.
Local attackers could exploit this to probe for files in directories they would not normally be able to access.
(CVE-2007-5958)

It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges. (CVE-2008-0006).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

https://usn.ubuntu.com/571-2/

Plugin Details

Severity: High

ID: 30042

File Name: ubuntu_USN-571-2.nasl

Version: 1.16

Type: local

Agent: unix

Published: 1/21/2008

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:xdmx, p-cpe:/a:canonical:ubuntu_linux:xdmx-tools, p-cpe:/a:canonical:ubuntu_linux:xnest, p-cpe:/a:canonical:ubuntu_linux:xprint, p-cpe:/a:canonical:ubuntu_linux:xprint-common, p-cpe:/a:canonical:ubuntu_linux:xserver-xephyr, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core-dbg, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-dev, p-cpe:/a:canonical:ubuntu_linux:xvfb, cpe:/o:canonical:ubuntu_linux:6.06:-:lts, cpe:/o:canonical:ubuntu_linux:6.10, cpe:/o:canonical:ubuntu_linux:7.04, cpe:/o:canonical:ubuntu_linux:7.10

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/18/2008

Exploitable With

Core Impact

Reference Information

CVE: CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006

CWE: 119, 189, 200, 362, 399

USN: 571-2