OracleVM 3.3 : libXfont (OVMSA-2014-0080)

high Nessus Plugin ID 79557

Synopsis

The remote OracleVM host is missing a security update.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- CVE-2014-0209: integer overflow of allocations in font metadata file parsing (bug 1163602, bug 1163601)

- CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies (bug 1163602, bug 1163601)

- CVE-2014-0211: integer overflows calculating memory needs for xfs replies (bug 1163602, bug 1163601)

- CVE-2013-6462.patch: sscanf overflow (bug 1049684)

- sscanf-hardening.patch: Some other sscanf hardening fixes (1049684)

Solution

Update the affected libXfont package.

See Also

http://www.nessus.org/u?cfbd88e1

Plugin Details

Severity: High

ID: 79557

File Name: oraclevm_OVMSA-2014-0080.nasl

Version: 1.7

Type: local

Published: 11/26/2014

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:libxfont, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/24/2014

Vulnerability Publication Date: 1/9/2014

Exploitable With

Core Impact

Reference Information

CVE: CVE-2013-6462, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211

BID: 64694, 67382