ID:3718 - Exploit for Race condition - CVE-2011-4029
Published: August 4, 2020
Vulnerability identifier: #VU33698
Vulnerability risk: Low
CVE-ID: CVE-2011-4029
CWE-ID: CWE-362
Exploitation vector: Local access
Vulnerable software:
Link to public exploit:
Vulnerability description
The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.
Remediation
Install update from vendor's website.