FreeBSD : xorg -- multiple vulnerabilities (800e8bd5-3acb-11dd-8842-001302a18722)

Critical Nessus Plugin ID 33187


The remote FreeBSD host is missing a security-related update.


Matthieu Herrb of X.Org reports :

Several vulnerabilities have been found in the server-side code of some extensions in the X Window System. Improper validation of client-provided data can cause data corruption.

Exploiting these overflows will crash the X server or, under certain circumstances allow the execution of arbitrary machine code.

When the X server is running with root privileges (which is the case for the Xorg server and for most kdrive based servers), these vulnerabilities can thus also be used to raise privileges.

All these vulnerabilities, to be exploited successfully, require either an already established connection to a running X server (and normally running X servers are only accepting authenticated connections), or a shell access with a valid user on the machine where the vulnerable server is installed.


Update the affected package.

See Also

Plugin Details

Severity: Critical

ID: 33187

File Name: freebsd_pkg_800e8bd53acb11dd8842001302a18722.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2008/06/16

Modified: 2014/04/15

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:xorg-server, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2008/06/15

Vulnerability Publication Date: 2008/06/11

Reference Information

CVE: CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362

Secunia: 30627

CWE: 189