Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4029

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2011-4029
Last Modified 17 Jul 2012 12:00:00
Published 03 Jul 2012 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4029

Summary

The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.

Vulnerable Systems

Application

  • X Server 1.11.0

  • X Server 1.11.1


References

CONFIRM - http://cgit.freedesktop.org/xorg/xserver/commit/?id=b67581cf825940fdf52bf2e0af4330e695d724a4

SECUNIA - 49579

SECUNIA - 46460

REDHAT - RHSA-2012:0939

MLIST - [xorg] 20111018 X.Org security advisory: xserver locking code issues

Related Patches

Novell SUSE 2011:5479 xorg-x11-Xvnc security update for SLE 11 SP1 i586

Novell SUSE 2011:5479 xorg-x11-Xvnc security update for SLE 11 SP1 x86_64

Novell SUSE 2012:6111 xorg-x11-server-rdp security update for SLE 11 SP2 i586

Novell SUSE 2012:6111 xorg-x11-server-rdp security update for SLE 11 SP2 x86_64

Novell SUSE 2012:6112 xorg-x11-server-dmx security update for SLE 11 SP1 x86_64

Novell SUSE 2012:6112 xorg-x11-server-dmx security update for SLE 11 SP1 i586

Novell SUSE 2012:6113 xorg-x11-server-rdp security update for SLED 11 SP1 x86_64

Novell SUSE 2012:6113 xorg-x11-server-rdp security update for SLED 11 SP1 i586


Last Updated: 27 May 2016 10:57:33