Last Updated: 2008-01-18 08:22:17 UTC
by Stephen Hall (Version: 1)
Remote vulnerabilities for two graphical user environments have been announced, four for an environment which has been around since the beginning of distributed computing, and one with a newer contender.
iDefense have released four vulnerabilities for various vendor implementations of the popular X11 implementations.
Multiple Vendor X Server XInput Extension Multiple Memory Corruption Vulnerabilities (CVE-2007-6427)
Multiple Vendor X Server TOG-CUP Extension Information Disclosure Vulnerability (CVE-2007-6428)
Multiple Vendor X Server EVI and MIT-SHM Extensions Integer Overflow Vulnerabilities (CVE-2007-6429)
Multiple Vendor X Server XFree86-Misc Extension Invalid Array Index Vulnerability (CVE-2007-5760)
ZDI have released the following remotely exploitable vulnerability for the following products:
- Metaframe Presentation Server 3.0
- Presentation Server 4.0, 4.5
- Access Essentials 1.0, 1.5, 2.0
- Desktop Server 1.0
This vulnerability does not require previous authentication for Citrix.
Citrix Presentation Server IMA Service Heap Overflow Vulnerability (ZDI-08-002)