Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.sol:def:4251
[Eng]
Version
3
Class
vulnerability
ALTXid
277303
Language
Russian
Severity
Medium
Title
Уязвимость в Xsun server в Solaris 10 (CVE-2014-8091)
Description
X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request.
Family
unix
Platform
Oracle Solaris 10
Product
Xsun server
Reference
FSTEC: BDU:2015-09286
FSTEC: BDU:2015-09286
Id:
BDU:2015-09286
Reference:
https://bdu.fstec.ru/vul/2015-09286
FSTEC: BDU:2015-09285
FSTEC: BDU:2015-09285
Id:
BDU:2015-09285
Reference:
https://bdu.fstec.ru/vul/2015-09285
FSTEC: BDU:2015-09284
FSTEC: BDU:2015-09284
Id:
BDU:2015-09284
Reference:
https://bdu.fstec.ru/vul/2015-09284
FSTEC: BDU:2015-09283
FSTEC: BDU:2015-09283
Id:
BDU:2015-09283
Reference:
https://bdu.fstec.ru/vul/2015-09283
FSTEC: BDU:2015-09282
FSTEC: BDU:2015-09282
Id:
BDU:2015-09282
Reference:
https://bdu.fstec.ru/vul/2015-09282
FSTEC: BDU:2015-09281
FSTEC: BDU:2015-09281
Id:
BDU:2015-09281
Reference:
https://bdu.fstec.ru/vul/2015-09281
FSTEC: BDU:2015-09280
FSTEC: BDU:2015-09280
Id:
BDU:2015-09280
Reference:
https://bdu.fstec.ru/vul/2015-09280
FSTEC: BDU:2015-09279
FSTEC: BDU:2015-09279
Id:
BDU:2015-09279
Reference:
https://bdu.fstec.ru/vul/2015-09279
FSTEC: BDU:2015-09278
FSTEC: BDU:2015-09278
Id:
BDU:2015-09278
Reference:
https://bdu.fstec.ru/vul/2015-09278
FSTEC: BDU:2015-09277
FSTEC: BDU:2015-09277
Id:
BDU:2015-09277
Reference:
https://bdu.fstec.ru/vul/2015-09277
FSTEC: BDU:2015-09276
FSTEC: BDU:2015-09276
Id:
BDU:2015-09276
Reference:
https://bdu.fstec.ru/vul/2015-09276
FSTEC: BDU:2015-09275
FSTEC: BDU:2015-09275
Id:
BDU:2015-09275
Reference:
https://bdu.fstec.ru/vul/2015-09275
FSTEC: BDU:2015-06606
FSTEC: BDU:2015-06606
Id:
BDU:2015-06606
Reference:
https://bdu.fstec.ru/vul/2015-06606
FSTEC: BDU:2015-06604
FSTEC: BDU:2015-06604
Id:
BDU:2015-06604
Reference:
https://bdu.fstec.ru/vul/2015-06604
FSTEC: BDU:2015-06601
FSTEC: BDU:2015-06601
Id:
BDU:2015-06601
Reference:
https://bdu.fstec.ru/vul/2015-06601
FSTEC: BDU:2015-06598
FSTEC: BDU:2015-06598
Id:
BDU:2015-06598
Reference:
https://bdu.fstec.ru/vul/2015-06598
FSTEC: BDU:2015-06595
FSTEC: BDU:2015-06595
Id:
BDU:2015-06595
Reference:
https://bdu.fstec.ru/vul/2015-06595
FSTEC: BDU:2015-06592
FSTEC: BDU:2015-06592
Id:
BDU:2015-06592
Reference:
https://bdu.fstec.ru/vul/2015-06592
FSTEC: BDU:2015-06590
FSTEC: BDU:2015-06590
Id:
BDU:2015-06590
Reference:
https://bdu.fstec.ru/vul/2015-06590
FSTEC: BDU:2015-06586
FSTEC: BDU:2015-06586
Id:
BDU:2015-06586
Reference:
https://bdu.fstec.ru/vul/2015-06586
FSTEC: BDU:2015-06584
FSTEC: BDU:2015-06584
Id:
BDU:2015-06584
Reference:
https://bdu.fstec.ru/vul/2015-06584
FSTEC: BDU:2015-06583
FSTEC: BDU:2015-06583
Id:
BDU:2015-06583
Reference:
https://bdu.fstec.ru/vul/2015-06583
FSTEC: BDU:2015-06581
FSTEC: BDU:2015-06581
Id:
BDU:2015-06581
Reference:
https://bdu.fstec.ru/vul/2015-06581
FSTEC: BDU:2015-06579
FSTEC: BDU:2015-06579
Id:
BDU:2015-06579
Reference:
https://bdu.fstec.ru/vul/2015-06579
Oracle: bulletinoct2015-2511968
Oracle: bulletinoct2015-2511968
Id:
bulletinoct2015-2511968
Reference:
https://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Oracle: 119059-71
Oracle: 119059-71
Id:
119059-71
Reference:
https://updates.oracle.com/Orion/Services/download?type=readme&bugfix_name=119059-71
Oracle: 119060-70
Oracle: 119060-70
Id:
119060-70
Reference:
https://updates.oracle.com/Orion/Services/download?type=readme&bugfix_name=119060-70
CVE: CVE-2014-8091
CVE: CVE-2014-8091
Id:
CVE-2014-8091
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8091
Comment
: X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ (CONFIRM)
62292 (SECUNIA)
DSA-3095 (DEBIAN)
http://advisories.mageia.org/MGASA-2014-0532.html (CONFIRM)
MDVSA-2015:119 (MANDRIVA)
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html (CONFIRM)
71597 (BID)
GLSA-201504-06 (GENTOO)
61947 (SECUNIA)
Content available only for registered users!
ovaldb@altx-soft.com