Local File Disclosure Vulnerability in X.Org xserver by The X.Org Foundation
CVE-2011-4028

Currently unrated

Key Information:

Vendor: X.org
Status: X Server
Vendor: CVE Published:; 3 July 2012

What is CVE-2011-4028?

The LockServer function in os/utils.c within X.Org xserver versions prior to 1.11.2 contains a vulnerability that enables local users to exploit symlink attacks on a temporary lock file. By leveraging this flaw, an attacker can ascertain the presence of arbitrary files based on how the system manages the lock file, leading to potential unauthorized access to sensitive information.

References

http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44...

x_refsource_CONFIRM

http://lists.freedesktop.org/archives/xorg/2011-October/0...

mailing-listx_refsource_MLIST

http://secunia.com/advisories/46460

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 3, 2012

X.org

What is CVE-2011-4028?

References

Timeline