Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2006:160 (xorg-x11)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57321

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2006:160 (xorg-x11)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to xorg-x11
announced via advisory MDKSA-2006:160.

X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload,
xtrans, and xterm, does not check the return values for setuid and
seteuid calls when attempting to drop privileges, which might allow
local users to gain privileges by causing those calls to fail, such as
by exceeding a ulimit.

In practice, it is unlikely that these programs have any real-world
vulnerability. The X binary is the only one shipped suid. Further
analysis of the code in question shows that it's highly unlikely that
this can be exploited. Patched updates are provided as a precaution
nonetheless.

Updated packages are patched to address this issue.

Affected: 2006.0, Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:160

Risk factor : High

CVSS Score:
7.2

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-4447
BugTraq ID: 19742
http://www.securityfocus.com/bid/19742
BugTraq ID: 23697
http://www.securityfocus.com/bid/23697
CERT/CC vulnerability note: VU#300368
http://www.kb.cert.org/vuls/id/300368
Debian Security Information: DSA-1193 (Google Search)
http://www.debian.org/security/2006/dsa-1193
http://security.gentoo.org/glsa/glsa-200608-25.xml
http://security.gentoo.org/glsa/glsa-200704-22.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:160
http://mail.gnome.org/archives/beast/2006-December/msg00025.html
http://lists.freedesktop.org/archives/xorg/2006-June/016146.html
http://secunia.com/advisories/21650
http://secunia.com/advisories/21660
http://secunia.com/advisories/21693
http://secunia.com/advisories/22332
http://secunia.com/advisories/25032
http://secunia.com/advisories/25059
http://www.vupen.com/english/advisories/2006/3409
http://www.vupen.com/english/advisories/2007/0409

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57321
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:160 (xorg-x11)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to xorg-x11 announced via advisory MDKSA-2006:160. X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. In practice, it is unlikely that these programs have any real-world vulnerability. The X binary is the only one shipped suid. Further analysis of the code in question shows that it's highly unlikely that this can be exploited. Patched updates are provided as a precaution nonetheless. Updated packages are patched to address this issue. Affected: 2006.0, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:160 Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4447 BugTraq ID: 19742 http://www.securityfocus.com/bid/19742 BugTraq ID: 23697 http://www.securityfocus.com/bid/23697 CERT/CC vulnerability note: VU#300368 http://www.kb.cert.org/vuls/id/300368 Debian Security Information: DSA-1193 (Google Search) http://www.debian.org/security/2006/dsa-1193 http://security.gentoo.org/glsa/glsa-200608-25.xml http://security.gentoo.org/glsa/glsa-200704-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:160 http://mail.gnome.org/archives/beast/2006-December/msg00025.html http://lists.freedesktop.org/archives/xorg/2006-June/016146.html http://secunia.com/advisories/21650 http://secunia.com/advisories/21660 http://secunia.com/advisories/21693 http://secunia.com/advisories/22332 http://secunia.com/advisories/25032 http://secunia.com/advisories/25059 http://www.vupen.com/english/advisories/2006/3409 http://www.vupen.com/english/advisories/2007/0409
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com