FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-4028

This CVE name corresponds to:

Entered Topic
2011-10-18 Xorg server -- two vulnerabilities in X server lock handling code

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-4028 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-4028
Phase Assigned(20111009)

Description

The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.

References

Source Reference
MLIST [xorg] 20111018 X.Org security advisory: xserver locking code issues
CONFIRM http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34
REDHAT RHSA-2012:0939
SECUNIA 46460
SECUNIA 49579

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.