PT-2011-5245 · X.Org+3 · Xserver+4

Vladz

Published

1970-01-01

Updated

2020-08-24

CVE-2011-4028

CVSS v2.0

1.9

Low

Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions xorg-server versions prior to 1.10.4-r1 xserver versions prior to 1.11.2

Description The issue concerns multiple vulnerabilities in the xorg-server package, which can be exploited locally to compromise the confidentiality of protected information. Specifically, the LockServer function in os/utils.c in X.Org xserver is vulnerable to a symlink attack on a temporary lock file, allowing local users to determine the existence of arbitrary files.

Recommendations For xorg-server versions prior to 1.10.4-r1, update to version 1.10.4-r1 or later to resolve the issue. For xserver versions prior to 1.11.2, update to version 1.11.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the LockServer function to minimize the risk of exploitation.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

BDU:2015-05404

BDU:2015-05405

BDU:2015-09425

CESA-2012_0939

CVE-2011-4028

OPENSUSE-SU-2012_0227-1

RHSA-2012:0303

RHSA-2012:0939

RHSA-2012_0303

RHSA-2012_0939

Affected Products

Centos

Red Hat

Suse

Xorg-Server

Xserver

PT-2011-5245 · X.Org+3 · Xserver+4

CVE-2011-4028

Weakness Enumeration

Related Identifiers

Affected Products

References · 32