News
Vigil@nce - X.Org: multiple vulnerabilities of libraries
June 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of libraries of X.Org.
– Impacted products: Debian, Fedora, openSUSE, RHEL, Unix (platform)
– Severity: 2/4
– Creation date: 23/05/2013
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in X.Org.
An attacker can generate an integer overflow in libX11, in order
to trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60120, CVE-2013-1981]
An attacker can generate an integer overflow in libXext, in order
to trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60126, CVE-2013-1982]
An attacker can generate an integer overflow in libXfixes, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; BID-60125, CVE-2013-1983]
An attacker can generate an integer overflow in libXi, in order to
trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60123, CVE-2013-1984]
An attacker can generate an integer overflow in libXinerama, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; BID-60128, CVE-2013-1985]
An attacker can generate an integer overflow in libXp, in order to
trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60131, CVE-2013-2062]
An attacker can generate an integer overflow in libXrandr, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; BID-60129, CVE-2013-1986]
An attacker can generate an integer overflow in libXrender, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; BID-60132, CVE-2013-1987]
An attacker can generate an integer overflow in libXRes, in order
to trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60134, CVE-2013-1988]
An attacker can generate an integer overflow in libXtst, in order
to trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60141, CVE-2013-2063]
An attacker can generate an integer overflow in libXv, in order to
trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60135, CVE-2013-1989]
An attacker can generate an integer overflow in libXvMC, in order
to trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60136, CVE-2013-1990]
An attacker can generate an integer overflow in libXxf86dga, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; BID-60138, CVE-2013-1991]
An attacker can generate an integer overflow in libdmx, in order
to trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60142, CVE-2013-1992]
An attacker can generate an integer overflow in libxcb, in order
to trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60148, CVE-2013-2064]
An attacker can generate an integer overflow in libGLX, in order
to trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60149, CVE-2013-1993]
An attacker can generate an integer overflow in libchromeXvMC, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; CVE-2013-1994]
An attacker can generate a memory corruption in libXi, in order to
trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60124, CVE-2013-1995]
An attacker can generate a memory corruption in libFS, in order to
trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60130, CVE-2013-1996]
An attacker can generate a buffer overflow in libX11, in order to
trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60122, CVE-2013-1997]
An attacker can generate a buffer overflow in libXi, in order to
trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60127, CVE-2013-1998]
An attacker can generate a buffer overflow in libXv, in order to
trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60143, CVE-2013-2066]
An attacker can generate a buffer overflow in libXvMC, in order to
trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60144, CVE-2013-1999]
An attacker can generate a buffer overflow in libXxf86dga, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; BID-60139, CVE-2013-2000]
An attacker can generate a buffer overflow in libXxf86vm, in order
to trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60145, CVE-2013-2001]
An attacker can generate a buffer overflow in libXt, in order to
trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60137, CVE-2013-2002]
An attacker can generate an integer overflow in libX11, in order
to trigger a denial of service, and possibly to execute code.
[severity:2/4; CVE-2013-1981]
An attacker can generate an integer overflow in libXcursor, in
order to trigger a denial of service, and possibly to execute
code. [severity:2/4; BID-60121, CVE-2013-2003]
An attacker can trigger a denial of service in libX11.
[severity:2/4; BID-60146, CVE-2013-2004]
An attacker can generate a memory corruption in libXt, in order to
trigger a denial of service, and possibly to execute code.
[severity:2/4; BID-60133, CVE-2013-2005]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/X-Org-multiple-vulnerabilities-of-libraries-12858
