Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
1.2
CVSSv2

CVE-2011-4028

Published: 03/07/2012 Updated: 24/08/2020
CVSS v2 Base Score: 1.2 | Impact Score: 2.9 | Exploitability Score: 1.9
VMScore: 107
Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N
Subscribe to X Server

Vulnerability Summary

The LockServer function in os/utils.c in X.Org xserver prior to 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.

Vulnerable Product Search on Vulmon Subscribe to Product

x.org x server

x.org x server 1.11.0

Vendor Advisories

Red Hat: Low: xorg-x11-server security and bug fix update
Synopsis Low: xorg-x11-server security and bug fix update Type/Severity Security Advisory: Low Topic Updated xorg-x11-server packages that fix two security issues and severalbugs are now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having lowsecurity i ...
Red Hat: Low: xorg-x11-server security and bug fix update
Synopsis Low: xorg-x11-server security and bug fix update Type/Severity Security Advisory: Low Topic Updated xorg-x11-server packages that fix one security issue and variousbugs are now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having lowsecurity im ...
Ubuntu Security Notice: xorg-server vulnerabilities
The X server could be made to crash, run programs as an administrator, or read arbitrary files ...
Ubuntu Security Notice: xorg-server vulnerability
The X server could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: xorg-server regression
USN-1232-1 caused a regression with GLX support ...
Amazon Linux AMI: ALAS-2012-104
A flaw was found in the way the XOrg server handled lock files A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack (CVE-2011-4028) A race condition was found in the way the XOrg server managed temporary lock files A local a ...

References

CWE-59http://secunia.com/advisories/49579http://lists.freedesktop.org/archives/xorg/2011-October/053680.htmlhttp://secunia.com/advisories/46460http://rhn.redhat.com/errata/RHSA-2012-0939.htmlhttp://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34https://access.redhat.com/errata/RHSA-2012:0939https://nvd.nist.govhttps://usn.ubuntu.com/1232-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook