Vulnerability Bulletins

int(2368)

Vulnerability Bulletins

Desbordamiento de búfer en xorg-x11
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Aumento de privilegios
Dificulty	Experto
Required attacker level	Acceso remoto con cuenta
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	xorg-server 1.0.x X11R 6.8.x X11R 6.9.0 X11R 7.0
Description
Se ha descubierto una vulnerabilidad de tipo desbordamiento de búfer en xorg-x11. La vulnerabilidad reside en que la extensión X render no calcula bien el tamaño de un búfer. Un atacante remoto autenticado podría causar una denegación de servicio y ejecutar código arbitrario.
Solution
Actualización de software OpenBSD OpenBSD 3.7 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/013_xorg.patch OpenBSD 3.8 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/007_xorg.patch OpenBSD 3.9 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/002_xorg.patch Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Mandriva Mandrivalinux LE2005 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libxorg-x11-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libxorg-x11-devel-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libxorg-x11-static-devel-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/X11R6-contrib-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-100dpi-fonts-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-75dpi-fonts-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-cyrillic-fonts-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-doc-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-glide-module-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-server-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-xauth-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-Xdmx-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-xfs-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-Xnest-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-Xprt-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/xorg-x11-Xvfb-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/xorg-x11-6.8.2-7.3.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64xorg-x11-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64xorg-x11-devel-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64xorg-x11-static-devel-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libxorg-x11-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libxorg-x11-devel-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/libxorg-x11-static-devel-6.8.2-7.3.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/X11R6-contrib-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-100dpi-fonts-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-75dpi-fonts-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-cyrillic-fonts-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-doc-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-server-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-xauth-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-Xdmx-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-xfs-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-Xnest-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-Xprt-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/xorg-x11-Xvfb-6.8.2-7.3.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/xorg-x11-6.8.2-7.3.102mdk.src.rpm Mandrivalinux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libxorg-x11-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libxorg-x11-devel-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-doc-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-server-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/xorg-x11-6.9.0-5.6.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64xorg-x11-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64xorg-x11-devel-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/lib64xorg-x11-static-devel-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/libxorg-x11-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/libxorg-x11-devel-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.6.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/X11R6-contrib-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-doc-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-server-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.6.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/xorg-x11-6.9.0-5.6.20060mdk.src.rpm Red Hat Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Sun Solaris 10 / x86 / 118966-20 http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage
Standar resources
Property	Value
CVE	CVE-2006-1526
BID
Other resources
OpenBSD Security Advisory May 3, 2006 http://www.openbsd.org/security.html SUSE Security Advisory (SUSE-SA:2006:023) http://www.novell.com/linux/security/advisories/2006_05_03.html Mandriva Security Advisory (MDKSA-2006:081) http://www.mandriva.com/security/advisories?name=MDKSA-2006:081 Mandriva Security Advisory (MDKSA-2006:081-1) http://www.mandriva.com/security/advisories?name=MDKSA-2006:081-1 Red Hat Security Advisory (RHSA-2006:0451-9) https://rhn.redhat.com/errata/RHSA-2006-0451.html Sun Alert Notification (102339) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102339-1

Version history
Version	Comments	Date
1.0	Aviso emitido	2006-05-03
1.1	Aviso emitido por Suse (SUSE-SA:2006:023). Aviso emitido por Mandriva (MDKSA-2006:081). Aviso emitido por Red Hat (RHSA-2006:0451-9)	2006-05-04
1.2	Aviso actualizado por Mandriva (MDKSA-2006:081-1). Aviso emitido por Sun (102339)	2006-05-05
1.3	Aviso actualizado por Sun (102339)	2006-05-19

Vulnerability Bulletins

Desbordamiento de búfer en xorg-x11

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history