CVE-2011-4029

Name of the Vulnerable Software and Affected Versions xorg-server versions prior to 1.10.4-r1 xorg-x11-server-sdk (affected versions not specified) linux-headers-2.6.18-4-s390 (affected versions not specified) xorg-x11-server-extra (affected versions not specified) X.Org xserver versions prior to 1.11.2

Description The issue concerns multiple vulnerabilities in the xorg-server package and related components, which can lead to a breach of protected information. Exploitation of these vulnerabilities can be carried out locally, potentially allowing an attacker to change file permissions, read files, or cause a denial of service by manipulating symbolic links on a temporarily locked file. The LockServer function in os/utils.c is specifically identified as vulnerable due to synchronization errors when using shared resources.

Recommendations For xorg-server versions prior to 1.10.4-r1, update to version 1.10.4-r1 or later. For X.Org xserver versions prior to 1.11.2, update to version 1.11.2 or later. For xorg-x11-server-sdk, xorg-x11-server-extra, and linux-headers-2.6.18-4-s390, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the LockServer function in os/utils.c to minimize the risk of exploitation. Avoid using symbolic links on temporary lock files until the issue is resolved.