Boletines de Vulnerabilidades |
Desbordamiento de búfer en xorg-x11 |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Aumento de privilegios |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto con cuenta |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado |
xorg-server 1.0.x X11R 6.8.x X11R 6.9.0 X11R 7.0 |
Descripción |
|
Se ha descubierto una vulnerabilidad de tipo desbordamiento de búfer en xorg-x11. La vulnerabilidad reside en que la extensión X render no calcula bien el tamaño de un búfer. Un atacante remoto autenticado podría causar una denegación de servicio y ejecutar código arbitrario. |
|
Solución |
|
Actualización de software OpenBSD OpenBSD 3.7 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/013_xorg.patch OpenBSD 3.8 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/007_xorg.patch OpenBSD 3.9 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/002_xorg.patch Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Mandriva Mandrivalinux LE2005 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libxorg-x11-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libxorg-x11-devel-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libxorg-x11-static-devel-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/X11R6-contrib-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-100dpi-fonts-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-75dpi-fonts-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-cyrillic-fonts-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-doc-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-glide-module-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-server-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-xauth-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-Xdmx-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-xfs-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-Xnest-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-Xprt-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-Xvfb-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/xorg-x11-6.8.2-7.3.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64xorg-x11-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64xorg-x11-devel-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64xorg-x11-static-devel-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libxorg-x11-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libxorg-x11-devel-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libxorg-x11-static-devel-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/X11R6-contrib-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-100dpi-fonts-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-75dpi-fonts-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-cyrillic-fonts-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-doc-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-server-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-xauth-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-Xdmx-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-xfs-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-Xnest-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-Xprt-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-Xvfb-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/xorg-x11-6.8.2-7.3.102mdk.src.rpm Mandrivalinux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libxorg-x11-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libxorg-x11-devel-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-doc-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-server-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/xorg-x11-6.9.0-5.6.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64xorg-x11-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64xorg-x11-devel-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64xorg-x11-static-devel-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/libxorg-x11-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/libxorg-x11-devel-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/X11R6-contrib-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-doc-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-server-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/xorg-x11-6.9.0-5.6.20060mdk.src.rpm Red Hat Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Sun Solaris 10 / x86 / 118966-20 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CVE-2006-1526 |
BID | |
Recursos adicionales |
|
OpenBSD Security Advisory May 3, 2006 http://www.openbsd.org/security.html SUSE Security Advisory (SUSE-SA:2006:023) http://www.novell.com/linux/security/advisories/2006_05_03.html Mandriva Security Advisory (MDKSA-2006:081) http://www.mandriva.com/security/advisories?name=MDKSA-2006:081 Mandriva Security Advisory (MDKSA-2006:081-1) http://www.mandriva.com/security/advisories?name=MDKSA-2006:081-1 Red Hat Security Advisory (RHSA-2006:0451-9) https://rhn.redhat.com/errata/RHSA-2006-0451.html Sun Alert Notification (102339) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102339-1 |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2006-05-03 |
1.1 | Aviso emitido por Suse (SUSE-SA:2006:023). Aviso emitido por Mandriva (MDKSA-2006:081). Aviso emitido por Red Hat (RHSA-2006:0451-9) | 2006-05-04 |
1.2 | Aviso actualizado por Mandriva (MDKSA-2006:081-1). Aviso emitido por Sun (102339) | 2006-05-05 |
1.3 | Aviso actualizado por Sun (102339) | 2006-05-19 |