Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4028

Overview

Vulnerability Score 1.2 1.2
CVE Id CVE-2011-4028
Last Modified 17 Jul 2012 12:00:00
Published 03 Jul 2012 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2011-4028

Summary

The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.

Vulnerable Systems

Application

  • X Server 1.11.0

  • X Server 1.11.1


References

SECUNIA - 49579

SECUNIA - 46460

REDHAT - RHSA-2012:0939

MLIST - [xorg] 20111018 X.Org security advisory: xserver locking code issues

CONFIRM - http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34

Related Patches

Red Hat 2012:0303-03 RHSA Low: xorg-x11-server security and bug fix update for RHEL 5 x86

Red Hat 2012:0303-03 RHSA Low: xorg-x11-server security and bug fix update for RHEL 5 x86_64

Novell SUSE 2011:5479 xorg-x11-Xvnc security update for SLE 11 SP1 i586

Novell SUSE 2011:5479 xorg-x11-Xvnc security update for SLE 11 SP1 x86_64

Novell SUSE 2012:6111 xorg-x11-server-rdp security update for SLE 11 SP2 i586

Novell SUSE 2012:6111 xorg-x11-server-rdp security update for SLE 11 SP2 x86_64

Novell SUSE 2012:6112 xorg-x11-server-dmx security update for SLE 11 SP1 x86_64

Novell SUSE 2012:6112 xorg-x11-server-dmx security update for SLE 11 SP1 i586

Novell SUSE 2012:6113 xorg-x11-server-rdp security update for SLED 11 SP1 x86_64

Novell SUSE 2012:6113 xorg-x11-server-rdp security update for SLED 11 SP1 i586


Last Updated: 27 May 2016 10:57:32