Information Disclosure in X.Org Xserver by The X.Org Foundation
CVE-2007-5958

Currently unrated

Key Information:

Vendor: X.org
Status: Xserver
Vendor: CVE Published:; 18 January 2008

What is CVE-2007-5958?

The X.Org Xserver prior to version 1.4.1 is susceptible to a vulnerability that permits local users to ascertain the presence of arbitrary files. This is achieved through the -sp option of the X program, where divergent error messages are returned depending on whether the specified filename exists. This behavior can lead to unauthorized information disclosure, as attackers can leverage the error messages to infer sensitive file existence on the system.

References

http://secunia.com/advisories/28542

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/27336

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2008/0184

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 18, 2008
Vulnerability Reserved
Nov 14, 2007

X.org

What is CVE-2007-5958?

References

Timeline