Test ID:	1.3.6.1.4.1.25623.1.0.50651
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2004:012 (XFree86)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to XFree86 announced via advisory MDKSA-2004:012. Two buffer overflow vulnerabilities were found by iDEFENSE in XFree86's parsing of the font.alias file. The X server, which runs as root, fails to check the length of user-provided input as a result a malicious user could craft a malformed font.alias file causing a buffer overflow upon parsing, which could eventually lead to the execution of arbitrary code. Additional vulnerabilities were found by David Dawes, also in the reading of font files. The updated packages have a patch from David Dawes to correct these vulnerabilities. Affected versions: 9.0, 9.1, 9.2, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:012 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0083 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0106 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0083 BugTraq ID: 9636 http://www.securityfocus.com/bid/9636 Bugtraq: 20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow (Google Search) http://marc.info/?l=bugtraq&m=107644835523678&w=2 Bugtraq: 20040211 XFree86 vulnerability exploit (Google Search) http://marc.info/?l=bugtraq&m=107653324115914&w=2 CERT/CC vulnerability note: VU#820006 http://www.kb.cert.org/vuls/id/820006 Conectiva Linux advisory: CLA-2004:821 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821 Debian Security Information: DSA-443 (Google Search) http://www.debian.org/security/2004/dsa-443 http://marc.info/?l=bugtraq&m=110979666528890&w=2 http://security.gentoo.org/glsa/glsa-200402-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:012 http://www.idefense.com/application/poi/display?id=72 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A806 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A830 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9612 http://www.redhat.com/support/errata/RHSA-2004-059.html http://www.redhat.com/support/errata/RHSA-2004-060.html http://www.redhat.com/support/errata/RHSA-2004-061.html http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1 SuSE Security Announcement: SuSE-SA:2004:006 (Google Search) http://www.novell.com/linux/security/advisories/2004_06_xf86.html XForce ISS Database: xfree86-fontalias-bo(15130) https://exchange.xforce.ibmcloud.com/vulnerabilities/15130 Common Vulnerability Exposure (CVE) ID: CVE-2004-0084 BugTraq ID: 9652 http://www.securityfocus.com/bid/9652 Bugtraq: 20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II (Google Search) http://marc.info/?l=bugtraq&m=107662833512775&w=2 CERT/CC vulnerability note: VU#667502 http://www.kb.cert.org/vuls/id/667502 http://www.idefense.com/application/poi/display?id=73 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831 XForce ISS Database: xfree86-copyisolatin1lLowered-bo(15200) https://exchange.xforce.ibmcloud.com/vulnerabilities/15200 Common Vulnerability Exposure (CVE) ID: CVE-2004-0106 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832 XForce ISS Database: xfree86-multiple-font-improper-handling(15206) https://exchange.xforce.ibmcloud.com/vulnerabilities/15206
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.