Summary
Detail | |||
---|---|---|---|
Vendor | xfree86 Project | First view | 2001-09-22 |
Product | X11R6 | Last view | 2005-03-02 |
Version | 4.0.1 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:xfree86_project:x11r6 |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2005-03-02 | CVE-2005-0605 | scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. |
10 | 2005-01-10 | CVE-2004-0914 | Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions. |
7.5 | 2004-10-20 | CVE-2004-0688 | Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file. |
7.5 | 2004-10-20 | CVE-2004-0687 | Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file. |
2.1 | 2003-03-03 | CVE-2003-0071 | The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop. |
7.5 | 2003-03-03 | CVE-2003-0063 | The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. |
7.2 | 2001-09-22 | CVE-2001-0955 | Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title. |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
CAPEC-81 | Web Logs Tampering |
CAPEC-93 | Log Injection-Tampering-Forging |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
60459 | XFree xterm DEC UDK Processing Feature Window Title Escape Sequence DoS |
60279 | XFree86 xterm Window Title Escape Sequence Arbitrary Command Execution |
14373 | libXpm XPM Image GetImagePixels() / PutImagePixels() Overflow |
14000 | XFree86 fbglyph.c Remote Overflow |
13999 | XFree86 xterm -title Parameter Overflow |
11991 | X11 libXpm Multiple Unspecified Loops / Leaks DoS |
11990 | X11 libXpm Unspecified Path Traversal |
11989 | X11 libXpm Unspecified Out-of-bounds Memory DoS |
11988 | X11 libXpm Unspecified Multiple Overflows |
10034 | libXpm ParseAndPutPixels Function Stack Overflow |
10033 | libXpm ParsePixels Function Integer Overflow |
10032 | libXpm CreateXImage Function Integer Overflow |
10031 | libXpm XpmCreateImageFromXpmImage Function Integer Overflow |
10030 | libXpm xpmParseColors Function Integer Overflow |
10029 | libXpm xpmParseColors Function XPMv2/3 Parsing Stack Overflow |
10028 | libXpm xpmParseColors Function XPMv1 Parsing Stack Overflow |
10027 | libXpm ParsePixels Function Stack Overflow |
10026 | libXpm ParseAndPutPixels Function Integer Overflow |
OpenVAS Exploits
id | Description |
---|---|
2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
2010-02-03 | Name : Solaris Update for Runtime library for Solaris 10 119281-22 File : nvt/gb_solaris_119281_22.nasl |
2010-02-03 | Name : Solaris Update for CDE 1.6 119280-22 File : nvt/gb_solaris_119280_22.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for openmotif File : nvt/sles9p5020391.nasl |
2009-10-10 | Name : SLES9: Security update for XFree86-libs File : nvt/sles9p5016773.nasl |
2009-10-10 | Name : SLES9: Security update for OpenMotif File : nvt/sles9p5014940.nasl |
2009-10-10 | Name : SLES9: Security update for openmotif File : nvt/sles9p5010938.nasl |
2009-01-07 | Name : Fedora Core 9 FEDORA-2009-0059 (xterm) File : nvt/fcore_2009_0059.nasl |
2009-01-07 | Name : FreeBSD Ports: xterm File : nvt/freebsd_xterm.nasl |
2009-01-07 | Name : Fedora Core 8 FEDORA-2009-0154 (xterm) File : nvt/fcore_2009_0154.nasl |
2009-01-07 | Name : Fedora Core 10 FEDORA-2009-0091 (xterm) File : nvt/fcore_2009_0091.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200503-15 (X.org) File : nvt/glsa_200503_15.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-34 (X) File : nvt/glsa_200409_34.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200410-09 (lesstif) File : nvt/glsa_200410_09.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-28 (X.Org, XFree86) File : nvt/glsa_200411_28.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200502-06 (lesstif) File : nvt/glsa_200502_06.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200502-07 (openmotif) File : nvt/glsa_200502_07.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200503-08 (openmotif) File : nvt/glsa_200503_08.nasl |
2008-09-04 | Name : FreeBSD Ports: linux-gdk-pixbuf File : nvt/freebsd_linux-gdk-pixbuf.nasl |
2008-09-04 | Name : FreeBSD Ports: linux_base File : nvt/freebsd_linux_base.nasl |
2008-09-04 | Name : xpm -- image decoding vulnerabilities File : nvt/freebsd_agenda-snow-libs.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 723-1 (xfree86) File : nvt/deb_723_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 607-1 (xfree86) File : nvt/deb_607_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 561-1 (xfree86) File : nvt/deb_561_1.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2010-03-29 | Name: The remote host is missing a Mac OS X update that fixes various security issues. File: macosx_10_6_3.nasl - Type: ACT_GATHER_INFO |
2010-03-29 | Name: The remote host is missing a Mac OS X update that fixes various security issues. File: macosx_SecUpd2010-002.nasl - Type: ACT_GATHER_INFO |
2010-01-10 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0261.nasl - Type: ACT_GATHER_INFO |
2010-01-10 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0524.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_9399.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote Fedora host is missing a security update. File: fedora_2009-0091.nasl - Type: ACT_GATHER_INFO |
2009-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2009-0154.nasl - Type: ACT_GATHER_INFO |
2009-01-16 | Name: The remote Fedora host is missing a security update. File: fedora_2009-0059.nasl - Type: ACT_GATHER_INFO |
2006-07-05 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2005-198.nasl - Type: ACT_GATHER_INFO |
2006-07-03 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2005-331.nasl - Type: ACT_GATHER_INFO |
2006-07-03 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2005-412.nasl - Type: ACT_GATHER_INFO |
2006-06-06 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHSS_33132.nasl - Type: ACT_GATHER_INFO |
2006-06-06 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHSS_33130.nasl - Type: ACT_GATHER_INFO |
2006-06-06 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHSS_33129.nasl - Type: ACT_GATHER_INFO |
2006-01-15 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-27-1.nasl - Type: ACT_GATHER_INFO |
2006-01-15 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-83-1.nasl - Type: ACT_GATHER_INFO |
2006-01-15 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-83-2.nasl - Type: ACT_GATHER_INFO |
2006-01-15 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-92-1.nasl - Type: ACT_GATHER_INFO |
2006-01-15 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-97-1.nasl - Type: ACT_GATHER_INFO |
2005-10-05 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-816.nasl - Type: ACT_GATHER_INFO |
2005-09-17 | Name: The remote Fedora Core host is missing a security update. File: fedora_2005-815.nasl - Type: ACT_GATHER_INFO |
2005-09-12 | Name: The remote Fedora Core host is missing a security update. File: fedora_2005-273.nasl - Type: ACT_GATHER_INFO |
2005-08-18 | Name: The remote host is missing a Mac OS X update that fixes various security issues. File: macosx_SecUpd2005-007.nasl - Type: ACT_GATHER_INFO |
2005-07-13 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_ef253f8b072711d9b45d000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
2005-07-13 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_bf2e7483d3fa440d8c6e8f1f2f018818.nasl - Type: ACT_GATHER_INFO |