Published: 03/07/2012 Updated: 24/08/2020

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

VMScore: 195

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

The LockServer function in os/utils.c in X.Org xserver prior to 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x.org x server
x.org x server 1.11.0

Synopsis Low: xorg-x11-server security and bug fix update Type/Severity Security Advisory: Low Topic Updated xorg-x11-server packages that fix two security issues and severalbugs are now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having lowsecurity i ...

Debian Bug report logs - #652249 bypass default security level of the X wrapper Package: xserver-xorg; Maintainer for xserver-xorg is Debian X Strike Force <debian-x@listsdebianorg>; Source for xserver-xorg is src:xorg (PTS, buildd, popcon) Reported by: vladz <vladz@devzerofr> Date: Thu, 15 Dec 2011 18:06:02 UTC ...

The X server could be made to crash, run programs as an administrator, or read arbitrary files ...

The X server could be made to crash or run programs as an administrator ...

USN-1232-1 caused a regression with GLX support ...

A flaw was found in the way the XOrg server handled lock files A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack (CVE-2011-4028) A race condition was found in the way the XOrg server managed temporary lock files A local a ...

/* xchmodc -- Xorg file permission change vulnerability PoC Author: vladz (vladzdevzerofr) Date: 2011/12/15 Software: wwwxorg Version: Xorg 14 to 1112 in all configurations Xorg 13 and earlier if built with the USE_CHMOD preprocessor identifier Tested on: Debian 602 up to date with X defa ...

Xorg versions 1112 and below suffer from a permission change vulnerability that allows a local user the ability to set an arbitrary file to 444 ...

This proof of concept exploit sets permissions to 444 on an arbitrary file specified as an argument by leveraging SIGSTOP/SIGCONT signals and the Inotify API to win a race condition in X ...

Fsnoop is a tool to monitor file operations on GNU/Linux systems. Its primary purpose is to detect bad temporary file usages and therefore, file race condition vulnerabilities.

Fsnoop Introduction Fsnoop is a tool to monitor file operations on GNU/Linux systems by using the Inotify mechanism Its primary purpose is to help detecting file race condition vulnerabilities and since version 3, to exploit them with loadable DSO modules (also called "payload modules" or "paymods") Installation The kernel option CONFIG_INOTIFY_USER is re

CWE-362 http://cgit.freedesktop.org/xorg/xserver/commit/?id=b67581cf825940fdf52bf2e0af4330e695d724a4 http://lists.freedesktop.org/archives/xorg/2011-October/053680.html http://secunia.com/advisories/46460 http://rhn.redhat.com/errata/RHSA-2012-0939.html http://secunia.com/advisories/49579 https://access.redhat.com/errata/RHSA-2012:0939 https://nvd.nist.gov https://github.com/v14dz/fsnoop https://www.exploit-db.com/exploits/18040/https://usn.ubuntu.com/1232-1/

CVE-2011-4029

Vulnerability Summary

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect