FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  351541
Date:      2014-04-18
Time:      14:56:43Z
Committer: ohauer

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a863aa74-24be-11da-8882-000e0c33c2dcX11 server -- pixmap allocation vulnerability

Allocating large pixmaps by a client can trigger an integer overflow in the X server, potentially leading to execution of arbitrary code with elevated (root) privileges.


Discovery 2005-09-12
Entry 2005-09-15
XFree86-Server
lt 4.5.0_2

xorg-server
lt 6.8.2_5

gt 6.8.99 lt 6.8.99.12_1

14807
102441
CVE-2005-2495
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166856
https://bugs.freedesktop.org/show_bug.cgi?id=594
800e8bd5-3acb-11dd-8842-001302a18722xorg -- multiple vulnerabilities

Matthieu Herrb of X.Org reports:

Several vulnerabilities have been found in the server-side code of some extensions in the X Window System. Improper validation of client-provided data can cause data corruption.

Exploiting these overflows will crash the X server or, under certain circumstances allow the execution of arbitray machine code.

When the X server is running with root privileges (which is the case for the Xorg server and for most kdrive based servers), these vulnerabilities can thus also be used to raise privileges.

All these vulnerabilities, to be exploited successfully, require either an already established connection to a running X server (and normally running X servers are only accepting authenticated connections), or a shell access with a valid user on the machine where the vulnerable server is installed.


Discovery 2008-06-11
Entry 2008-06-15
xorg-server
lt 1.4.2,1

CVE-2008-1377
CVE-2008-1379
CVE-2008-2360
CVE-2008-2361
CVE-2008-2362
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
http://secunia.com/advisories/30627/
800e8bd5-3acb-11dd-8842-001302a18722xorg -- multiple vulnerabilities

Matthieu Herrb of X.Org reports:

Several vulnerabilities have been found in the server-side code of some extensions in the X Window System. Improper validation of client-provided data can cause data corruption.

Exploiting these overflows will crash the X server or, under certain circumstances allow the execution of arbitray machine code.

When the X server is running with root privileges (which is the case for the Xorg server and for most kdrive based servers), these vulnerabilities can thus also be used to raise privileges.

All these vulnerabilities, to be exploited successfully, require either an already established connection to a running X server (and normally running X servers are only accepting authenticated connections), or a shell access with a valid user on the machine where the vulnerable server is installed.


Discovery 2008-06-11
Entry 2008-06-15
xorg-server
lt 1.4.2,1

CVE-2008-1377
CVE-2008-1379
CVE-2008-2360
CVE-2008-2361
CVE-2008-2362
http://lists.freedesktop.org/archives/xorg/2008-June/036026.html
http://secunia.com/advisories/30627/
fe2b6597-c9a4-11dc-8da8-0008a18a9961xorg -- multiple vulnerabilities

Matthieu Herrb of X.Org reports:

Several vulnerabilities have been identified in server code of the X window system caused by lack of proper input validation on user controlled data in various parts of the software, causing various kinds of overflows.

Exploiting these overflows will crash the X server or, under certain circumstances allow the execution of arbitray machine code.

When the X server is running with root privileges (which is the case for the Xorg server and for most kdrive based servers), these vulnerabilities can thus also be used to raise privileges.

All these vulnerabilities, to be exploited succesfully, require either an already established connection to a running X server (and normally running X servers are only accepting authenticated connections), or a shell access with a valid user on the machine where the vulnerable server is installed.


Discovery 2008-01-18
Entry 2008-01-23
xorg-server
lt 1.4_4,1

libXfont
lt 1.3.1_2,1

CVE-2007-5760
CVE-2007-5958
CVE-2007-6427
CVE-2007-6428
CVE-2007-6429
CVE-2008-0006
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html
http://lists.freedesktop.org/archives/xorg/2008-January/032099.html
http://secunia.com/advisories/28532/
a863aa74-24be-11da-8882-000e0c33c2dcX11 server -- pixmap allocation vulnerability

Allocating large pixmaps by a client can trigger an integer overflow in the X server, potentially leading to execution of arbitrary code with elevated (root) privileges.


Discovery 2005-09-12
Entry 2005-09-15
XFree86-Server
lt 4.5.0_2

xorg-server
lt 6.8.2_5

gt 6.8.99 lt 6.8.99.12_1

14807
102441
CVE-2005-2495
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166856
https://bugs.freedesktop.org/show_bug.cgi?id=594
fe2b6597-c9a4-11dc-8da8-0008a18a9961xorg -- multiple vulnerabilities

Matthieu Herrb of X.Org reports:

Several vulnerabilities have been identified in server code of the X window system caused by lack of proper input validation on user controlled data in various parts of the software, causing various kinds of overflows.

Exploiting these overflows will crash the X server or, under certain circumstances allow the execution of arbitray machine code.

When the X server is running with root privileges (which is the case for the Xorg server and for most kdrive based servers), these vulnerabilities can thus also be used to raise privileges.

All these vulnerabilities, to be exploited succesfully, require either an already established connection to a running X server (and normally running X servers are only accepting authenticated connections), or a shell access with a valid user on the machine where the vulnerable server is installed.


Discovery 2008-01-18
Entry 2008-01-23
xorg-server
lt 1.4_4,1

libXfont
lt 1.3.1_2,1

CVE-2007-5760
CVE-2007-5958
CVE-2007-6427
CVE-2007-6428
CVE-2007-6429
CVE-2008-0006
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html
http://lists.freedesktop.org/archives/xorg/2008-January/032099.html
http://secunia.com/advisories/28532/