Ubuntu 5.04 / 5.10 : xorg vulnerability (USN-280-1)

low Nessus Plugin ID 21374

Synopsis

The remote Ubuntu host is missing one or more security-related patches.

Description

The Render extension of the X.org server incorrectly calculated the size of a memory buffer, which led to a buffer overflow. A local attacker could exploit this to crash the X server or even execute arbitrary code with root privileges.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

Plugin Details

Severity: Low

ID: 21374

File Name: ubuntu_USN-280-1.nasl

Version: 1.14

Type: local

Agent: unix

Published: 5/13/2006

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:lbxproxy, p-cpe:/a:canonical:ubuntu_linux:libdmx-dev, p-cpe:/a:canonical:ubuntu_linux:libdmx1, p-cpe:/a:canonical:ubuntu_linux:libdmx1-dbg, p-cpe:/a:canonical:ubuntu_linux:libdps-dev, p-cpe:/a:canonical:ubuntu_linux:libdps1, p-cpe:/a:canonical:ubuntu_linux:libdps1-dbg, p-cpe:/a:canonical:ubuntu_linux:libfs-dev, p-cpe:/a:canonical:ubuntu_linux:libfs6, p-cpe:/a:canonical:ubuntu_linux:libfs6-dbg, p-cpe:/a:canonical:ubuntu_linux:libice-dev, p-cpe:/a:canonical:ubuntu_linux:libice6, p-cpe:/a:canonical:ubuntu_linux:libice6-dbg, p-cpe:/a:canonical:ubuntu_linux:libsm-dev, p-cpe:/a:canonical:ubuntu_linux:libsm6, p-cpe:/a:canonical:ubuntu_linux:libsm6-dbg, p-cpe:/a:canonical:ubuntu_linux:libx11-6, p-cpe:/a:canonical:ubuntu_linux:libx11-6-dbg, p-cpe:/a:canonical:ubuntu_linux:libx11-dev, p-cpe:/a:canonical:ubuntu_linux:libxau-dev, p-cpe:/a:canonical:ubuntu_linux:libxau6, p-cpe:/a:canonical:ubuntu_linux:libxau6-dbg, p-cpe:/a:canonical:ubuntu_linux:libxaw6, p-cpe:/a:canonical:ubuntu_linux:libxaw6-dbg, p-cpe:/a:canonical:ubuntu_linux:libxaw6-dev, p-cpe:/a:canonical:ubuntu_linux:libxaw7, p-cpe:/a:canonical:ubuntu_linux:libxaw7-dbg, p-cpe:/a:canonical:ubuntu_linux:libxaw7-dev, p-cpe:/a:canonical:ubuntu_linux:libxaw8, p-cpe:/a:canonical:ubuntu_linux:libxaw8-dbg, p-cpe:/a:canonical:ubuntu_linux:libxaw8-dev, p-cpe:/a:canonical:ubuntu_linux:libxcomposite-dev, p-cpe:/a:canonical:ubuntu_linux:libxcomposite1, p-cpe:/a:canonical:ubuntu_linux:libxcomposite1-dbg, p-cpe:/a:canonical:ubuntu_linux:libxdamage-dev, p-cpe:/a:canonical:ubuntu_linux:libxdamage1, p-cpe:/a:canonical:ubuntu_linux:libxdamage1-dbg, p-cpe:/a:canonical:ubuntu_linux:libxdmcp-dev, p-cpe:/a:canonical:ubuntu_linux:libxdmcp6, p-cpe:/a:canonical:ubuntu_linux:libxdmcp6-dbg, p-cpe:/a:canonical:ubuntu_linux:libxevie-dev, p-cpe:/a:canonical:ubuntu_linux:libxevie1, p-cpe:/a:canonical:ubuntu_linux:libxevie1-dbg, p-cpe:/a:canonical:ubuntu_linux:libxext-dev, p-cpe:/a:canonical:ubuntu_linux:libxext6, p-cpe:/a:canonical:ubuntu_linux:libxext6-dbg, p-cpe:/a:canonical:ubuntu_linux:libxfixes-dev, p-cpe:/a:canonical:ubuntu_linux:libxfixes3, p-cpe:/a:canonical:ubuntu_linux:libxfixes3-dbg, p-cpe:/a:canonical:ubuntu_linux:libxi-dev, p-cpe:/a:canonical:ubuntu_linux:libxi6, p-cpe:/a:canonical:ubuntu_linux:libxi6-dbg, p-cpe:/a:canonical:ubuntu_linux:libxinerama-dev, p-cpe:/a:canonical:ubuntu_linux:libxinerama1, p-cpe:/a:canonical:ubuntu_linux:libxinerama1-dbg, p-cpe:/a:canonical:ubuntu_linux:libxkbfile-dev, p-cpe:/a:canonical:ubuntu_linux:libxkbfile1, p-cpe:/a:canonical:ubuntu_linux:libxkbfile1-dbg, p-cpe:/a:canonical:ubuntu_linux:libxkbui-dev, p-cpe:/a:canonical:ubuntu_linux:libxkbui1, p-cpe:/a:canonical:ubuntu_linux:libxkbui1-dbg, p-cpe:/a:canonical:ubuntu_linux:libxmu-dev, p-cpe:/a:canonical:ubuntu_linux:libxmu6, p-cpe:/a:canonical:ubuntu_linux:libxmu6-dbg, p-cpe:/a:canonical:ubuntu_linux:libxmuu-dev, p-cpe:/a:canonical:ubuntu_linux:libxmuu1, p-cpe:/a:canonical:ubuntu_linux:libxmuu1-dbg, p-cpe:/a:canonical:ubuntu_linux:libxp-dev, p-cpe:/a:canonical:ubuntu_linux:libxp6, p-cpe:/a:canonical:ubuntu_linux:libxp6-dbg, p-cpe:/a:canonical:ubuntu_linux:libxpm-dev, p-cpe:/a:canonical:ubuntu_linux:libxpm4, p-cpe:/a:canonical:ubuntu_linux:libxpm4-dbg, p-cpe:/a:canonical:ubuntu_linux:libxrandr-dev, p-cpe:/a:canonical:ubuntu_linux:libxrandr2, p-cpe:/a:canonical:ubuntu_linux:libxrandr2-dbg, p-cpe:/a:canonical:ubuntu_linux:libxres-dev, p-cpe:/a:canonical:ubuntu_linux:libxres1, p-cpe:/a:canonical:ubuntu_linux:libxres1-dbg, p-cpe:/a:canonical:ubuntu_linux:libxss-dev, p-cpe:/a:canonical:ubuntu_linux:libxss1, p-cpe:/a:canonical:ubuntu_linux:libxss1-dbg, p-cpe:/a:canonical:ubuntu_linux:libxt-dev, p-cpe:/a:canonical:ubuntu_linux:libxt6, p-cpe:/a:canonical:ubuntu_linux:libxt6-dbg, p-cpe:/a:canonical:ubuntu_linux:libxtrap-dev, p-cpe:/a:canonical:ubuntu_linux:libxtrap6, p-cpe:/a:canonical:ubuntu_linux:libxtrap6-dbg, p-cpe:/a:canonical:ubuntu_linux:libxtst-dev, p-cpe:/a:canonical:ubuntu_linux:libxtst6, p-cpe:/a:canonical:ubuntu_linux:libxtst6-dbg, p-cpe:/a:canonical:ubuntu_linux:libxv-dev, p-cpe:/a:canonical:ubuntu_linux:libxv1, p-cpe:/a:canonical:ubuntu_linux:libxv1-dbg, p-cpe:/a:canonical:ubuntu_linux:libxvmc-dev, p-cpe:/a:canonical:ubuntu_linux:libxvmc1, p-cpe:/a:canonical:ubuntu_linux:libxvmc1-dbg, p-cpe:/a:canonical:ubuntu_linux:libxxf86dga-dev, p-cpe:/a:canonical:ubuntu_linux:libxxf86dga1, p-cpe:/a:canonical:ubuntu_linux:libxxf86dga1-dbg, p-cpe:/a:canonical:ubuntu_linux:libxxf86misc-dev, p-cpe:/a:canonical:ubuntu_linux:libxxf86misc1, p-cpe:/a:canonical:ubuntu_linux:libxxf86misc1-dbg, p-cpe:/a:canonical:ubuntu_linux:libxxf86rush-dev, p-cpe:/a:canonical:ubuntu_linux:libxxf86rush1, p-cpe:/a:canonical:ubuntu_linux:libxxf86rush1-dbg, p-cpe:/a:canonical:ubuntu_linux:libxxf86vm-dev, p-cpe:/a:canonical:ubuntu_linux:libxxf86vm1, p-cpe:/a:canonical:ubuntu_linux:libxxf86vm1-dbg, p-cpe:/a:canonical:ubuntu_linux:pm-dev, p-cpe:/a:canonical:ubuntu_linux:proxymngr, p-cpe:/a:canonical:ubuntu_linux:twm, p-cpe:/a:canonical:ubuntu_linux:x-dev, p-cpe:/a:canonical:ubuntu_linux:x-window-system, p-cpe:/a:canonical:ubuntu_linux:x-window-system-core, p-cpe:/a:canonical:ubuntu_linux:x-window-system-dev, p-cpe:/a:canonical:ubuntu_linux:xbase-clients, p-cpe:/a:canonical:ubuntu_linux:xdm, p-cpe:/a:canonical:ubuntu_linux:xdmx, p-cpe:/a:canonical:ubuntu_linux:xfonts-100dpi, p-cpe:/a:canonical:ubuntu_linux:xfonts-100dpi-transcoded, p-cpe:/a:canonical:ubuntu_linux:xfonts-75dpi, p-cpe:/a:canonical:ubuntu_linux:xfonts-75dpi-transcoded, p-cpe:/a:canonical:ubuntu_linux:xfonts-base, p-cpe:/a:canonical:ubuntu_linux:xfonts-base-transcoded, p-cpe:/a:canonical:ubuntu_linux:xfonts-cyrillic, p-cpe:/a:canonical:ubuntu_linux:xfonts-scalable, p-cpe:/a:canonical:ubuntu_linux:xfree86-common, p-cpe:/a:canonical:ubuntu_linux:xfs, p-cpe:/a:canonical:ubuntu_linux:xfwp, p-cpe:/a:canonical:ubuntu_linux:xlibmesa-dev, p-cpe:/a:canonical:ubuntu_linux:xlibmesa-dri, p-cpe:/a:canonical:ubuntu_linux:xlibmesa-dri-dbg, p-cpe:/a:canonical:ubuntu_linux:xlibmesa-gl, p-cpe:/a:canonical:ubuntu_linux:xlibmesa-gl-dbg, p-cpe:/a:canonical:ubuntu_linux:xlibmesa-gl-dev, p-cpe:/a:canonical:ubuntu_linux:xlibmesa-glu, p-cpe:/a:canonical:ubuntu_linux:xlibmesa-glu-dbg, p-cpe:/a:canonical:ubuntu_linux:xlibmesa-glu-dev, p-cpe:/a:canonical:ubuntu_linux:xlibmesa3, p-cpe:/a:canonical:ubuntu_linux:xlibmesa3-dbg, p-cpe:/a:canonical:ubuntu_linux:xlibosmesa-dev, p-cpe:/a:canonical:ubuntu_linux:xlibosmesa4, p-cpe:/a:canonical:ubuntu_linux:xlibosmesa4-dbg, p-cpe:/a:canonical:ubuntu_linux:xlibs, p-cpe:/a:canonical:ubuntu_linux:xlibs-data, p-cpe:/a:canonical:ubuntu_linux:xlibs-dbg, p-cpe:/a:canonical:ubuntu_linux:xlibs-dev, p-cpe:/a:canonical:ubuntu_linux:xlibs-pic, p-cpe:/a:canonical:ubuntu_linux:xlibs-static-dev, p-cpe:/a:canonical:ubuntu_linux:xlibs-static-pic, p-cpe:/a:canonical:ubuntu_linux:xmh, p-cpe:/a:canonical:ubuntu_linux:xnest, p-cpe:/a:canonical:ubuntu_linux:xorg-common, p-cpe:/a:canonical:ubuntu_linux:xprt, p-cpe:/a:canonical:ubuntu_linux:xserver-common, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-core, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-dbg, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-apm, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-ark, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-ati, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-chips, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-cirrus, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-cyrix, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-dummy, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-fbdev, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-glide, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-glint, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-i128, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-i740, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-i810, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-imstt, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-mga, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-neomagic, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-newport, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-nsc, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-nv, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-rendition, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-s3, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-s3virge, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-savage, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-siliconmotion, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-sis, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-tdfx, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-tga, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-trident, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-tseng, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-v4l, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-vesa, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-vga, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-via, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-driver-vmware, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-acecad, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-aiptek, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-calcomp, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-citron, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-digitaledge, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-dmc, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-dynapro, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-elographics, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-fpit, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-hyperpen, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-kbd, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-magellan, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-microtouch, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-mouse, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-mutouch, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-palmax, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-penmount, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-spaceorb, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-summa, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-tek4957, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-void, p-cpe:/a:canonical:ubuntu_linux:xserver-xorg-input-wacom, p-cpe:/a:canonical:ubuntu_linux:xspecs, p-cpe:/a:canonical:ubuntu_linux:xterm, p-cpe:/a:canonical:ubuntu_linux:xutils, p-cpe:/a:canonical:ubuntu_linux:xvfb, cpe:/o:canonical:ubuntu_linux:5.04, cpe:/o:canonical:ubuntu_linux:5.10

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Patch Publication Date: 5/4/2006

Vulnerability Publication Date: 5/2/2006

Reference Information

CVE: CVE-2006-1526

USN: 280-1