CVE-2011-4028 — Link Following in X Server

CWE-59 — Link Following9 documents8 sources

Severity

1.2LOWNVD

EPSS

0.1%

top 72.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server X.org X Server

Timeline

PublishedJul 3

Latest updateMay 13

Description

The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.

CVSS vector

AV:L/AC:H/C:P/I:N/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages2 packages

▶NVDx.org/x_server1.11.1+1

▶Debianx.org/xorg-server< 2:1.11.1.901-2+3

🔴Vulnerability Details

GHSA

GHSA-43jf-fxqp-3qf7: The LockServer function in os/utils↗2022-05-13

▶

OSV

CVE-2011-4028: The LockServer function in os/utils↗2012-07-03

▶

CVEList

CVE-2011-4028: The LockServer function in os/utils↗2012-07-03

▶

📋Vendor Advisories

Ubuntu

X.Org X server vulnerabilities↗2011-10-18

▶

Red Hat

xorg-x11-server: File existence disclosure vulnerability↗2011-10-18

▶

Debian

CVE-2011-4028: xorg-server - The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows loca...↗2011

▶

💬Community

Bugzilla

CVE-2011-4028 CVE-2011-4029 xorg-x11-server various flaws [fedora-15]↗2012-03-02

▶

Bugzilla

CVE-2011-4028 xorg-x11-server: File existence disclosure vulnerability↗2011-10-13

▶