#VU33700 Link following - CVE-2011-4028

Cybersecurity Help s.r.o.

Published: 2012-07-03 | Updated: 2020-08-04

Vulnerability identifier: #VU33700

Vulnerability risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2011-4028

CWE-ID: CWE-59

Exploitation vector: Local

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.

Mitigation
Install update from vendor's website.

External links
https://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34
https://lists.freedesktop.org/archives/xorg/2011-October/053680.html
https://rhn.redhat.com/errata/RHSA-2012-0939.html
https://secunia.com/advisories/46460
https://secunia.com/advisories/49579

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Amazon Linux AMI update for xorg-x11-server

SUSE Linux update for xorg-x11-server

Link following in xorg-server (Alpine package)

Gentoo update for X.Org X Server