SuSE Update For XFree86, Xorg SUSE-SA:2007:027 Network Vulnerability

Impact

local privilege escalation

Solution

Please Install the Updated Packages.

Insight

Several X security problems were fixed that could be used by local attackers to crash the X server or potentially to execute code as root user. - CVE-2007-1003: Integer overflows in the XC-MISC extension of the X-server could potentially be exploited to execute code with root privileges. - CVE-2007-1667: Integer overflows in libX11 could cause crashes. - CVE-2007-1351: Integer overflows in the font handling of the X-server could potentially be exploited to execute code with root privileges.

Affected

XFree86, Xorg on SUSE LINUX 10.1, openSUSE 10.2, SuSE Linux Enterprise Server 8, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE SLED 10, SUSE SLES 10

References

http://www.novell.com/linux/security/advisories/2007_27_x.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-1003, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SuSE Update for XFree86, Xorg SUSE-SA:2007:027

Take action and discover your vulnerabilities