Vulnerability Details CVE-2011-4028
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.3%
CVSS Severity
CVSS v2 Score 1.2
References
- http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34
- http://lists.freedesktop.org/archives/xorg/2011-October/053680.html
- http://rhn.redhat.com/errata/RHSA-2012-0939.html
- http://secunia.com/advisories/46460
- http://secunia.com/advisories/49579
- http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34
- http://lists.freedesktop.org/archives/xorg/2011-October/053680.html
- http://rhn.redhat.com/errata/RHSA-2012-0939.html
- http://secunia.com/advisories/46460
- http://secunia.com/advisories/49579
Products affected by CVE-2011-4028
-
cpe:2.3:a:x.org:x_server:-
-
cpe:2.3:a:x.org:x_server:1.0.1
-
cpe:2.3:a:x.org:x_server:1.0.2
-
cpe:2.3:a:x.org:x_server:1.0.99.2
-
cpe:2.3:a:x.org:x_server:1.0.99.901
-
cpe:2.3:a:x.org:x_server:1.0.99.902
-
cpe:2.3:a:x.org:x_server:1.0.99.903
-
cpe:2.3:a:x.org:x_server:1.1.0
-
cpe:2.3:a:x.org:x_server:1.1.1
-
cpe:2.3:a:x.org:x_server:1.1.99.901
-
cpe:2.3:a:x.org:x_server:1.1.99.902
-
cpe:2.3:a:x.org:x_server:1.1.99.903
-
cpe:2.3:a:x.org:x_server:1.10.0
-
cpe:2.3:a:x.org:x_server:1.10.0.901
-
cpe:2.3:a:x.org:x_server:1.10.0.902
-
cpe:2.3:a:x.org:x_server:1.10.1.901
-
cpe:2.3:a:x.org:x_server:1.10.1.902
-
cpe:2.3:a:x.org:x_server:1.10.2
-
cpe:2.3:a:x.org:x_server:1.10.2.901
-
cpe:2.3:a:x.org:x_server:1.10.2.902
-
cpe:2.3:a:x.org:x_server:1.10.3
-
cpe:2.3:a:x.org:x_server:1.10.3.901
-
cpe:2.3:a:x.org:x_server:1.10.3.902
-
cpe:2.3:a:x.org:x_server:1.10.4
-
cpe:2.3:a:x.org:x_server:1.10.6
-
cpe:2.3:a:x.org:x_server:1.10.99.901
-
cpe:2.3:a:x.org:x_server:1.10.99.902
-
cpe:2.3:a:x.org:x_server:1.11.0
-
cpe:2.3:a:x.org:x_server:1.11.1
-
cpe:2.3:a:x.org:x_server:1.2.0
-
cpe:2.3:a:x.org:x_server:1.2.99.0
-
cpe:2.3:a:x.org:x_server:1.2.99.901
-
cpe:2.3:a:x.org:x_server:1.2.99.902
-
cpe:2.3:a:x.org:x_server:1.2.99.903
-
cpe:2.3:a:x.org:x_server:1.2.99.904
-
cpe:2.3:a:x.org:x_server:1.2.99.905
-
cpe:2.3:a:x.org:x_server:1.3.0.0
-
cpe:2.3:a:x.org:x_server:1.3.99.0
-
cpe:2.3:a:x.org:x_server:1.3.99.2
-
cpe:2.3:a:x.org:x_server:1.4
-
cpe:2.3:a:x.org:x_server:1.4.0.90
-
cpe:2.3:a:x.org:x_server:1.4.1
-
cpe:2.3:a:x.org:x_server:1.4.2
-
cpe:2.3:a:x.org:x_server:1.4.99.901
-
cpe:2.3:a:x.org:x_server:1.4.99.902
-
cpe:2.3:a:x.org:x_server:1.4.99.904
-
cpe:2.3:a:x.org:x_server:1.4.99.905
-
cpe:2.3:a:x.org:x_server:1.4.99.906
-
cpe:2.3:a:x.org:x_server:1.5.0
-
cpe:2.3:a:x.org:x_server:1.5.1
-
cpe:2.3:a:x.org:x_server:1.5.2
-
cpe:2.3:a:x.org:x_server:1.5.3
-
cpe:2.3:a:x.org:x_server:1.5.99.1
-
cpe:2.3:a:x.org:x_server:1.5.99.2
-
cpe:2.3:a:x.org:x_server:1.5.99.3
-
cpe:2.3:a:x.org:x_server:1.5.99.901
-
cpe:2.3:a:x.org:x_server:1.5.99.902
-
cpe:2.3:a:x.org:x_server:1.5.99.903
-
cpe:2.3:a:x.org:x_server:1.6.0
-
cpe:2.3:a:x.org:x_server:1.6.1
-
cpe:2.3:a:x.org:x_server:1.6.1.901
-
cpe:2.3:a:x.org:x_server:1.6.1.902
-
cpe:2.3:a:x.org:x_server:1.6.2
-
cpe:2.3:a:x.org:x_server:1.6.2.901
-
cpe:2.3:a:x.org:x_server:1.6.3
-
cpe:2.3:a:x.org:x_server:1.6.3.901
-
cpe:2.3:a:x.org:x_server:1.6.4
-
cpe:2.3:a:x.org:x_server:1.6.4.901
-
cpe:2.3:a:x.org:x_server:1.6.5
-
cpe:2.3:a:x.org:x_server:1.6.99.900
-
cpe:2.3:a:x.org:x_server:1.6.99.901
-
cpe:2.3:a:x.org:x_server:1.6.99.902
-
cpe:2.3:a:x.org:x_server:1.6.99.903
-
cpe:2.3:a:x.org:x_server:1.7.0
-
cpe:2.3:a:x.org:x_server:1.7.0.901
-
cpe:2.3:a:x.org:x_server:1.7.0.902
-
cpe:2.3:a:x.org:x_server:1.7.1
-
cpe:2.3:a:x.org:x_server:1.7.1.901
-
cpe:2.3:a:x.org:x_server:1.7.1.902
-
cpe:2.3:a:x.org:x_server:1.7.2
-
cpe:2.3:a:x.org:x_server:1.7.3
-
cpe:2.3:a:x.org:x_server:1.7.3.901
-
cpe:2.3:a:x.org:x_server:1.7.3.902
-
cpe:2.3:a:x.org:x_server:1.7.4
-
cpe:2.3:a:x.org:x_server:1.7.4.901
-
cpe:2.3:a:x.org:x_server:1.7.4.902
-
cpe:2.3:a:x.org:x_server:1.7.5
-
cpe:2.3:a:x.org:x_server:1.7.5.901
-
cpe:2.3:a:x.org:x_server:1.7.5.902
-
cpe:2.3:a:x.org:x_server:1.7.6
-
cpe:2.3:a:x.org:x_server:1.7.6.901
-
cpe:2.3:a:x.org:x_server:1.7.6.902
-
cpe:2.3:a:x.org:x_server:1.7.7
-
cpe:2.3:a:x.org:x_server:1.7.99.1
-
cpe:2.3:a:x.org:x_server:1.7.99.2
-
cpe:2.3:a:x.org:x_server:1.7.99.901
-
cpe:2.3:a:x.org:x_server:1.7.99.902
-
cpe:2.3:a:x.org:x_server:1.8.0
-
cpe:2.3:a:x.org:x_server:1.8.0.901
-
cpe:2.3:a:x.org:x_server:1.8.0.902
-
cpe:2.3:a:x.org:x_server:1.8.1
-
cpe:2.3:a:x.org:x_server:1.8.1.901
-
cpe:2.3:a:x.org:x_server:1.8.1.902
-
cpe:2.3:a:x.org:x_server:1.8.2
-
cpe:2.3:a:x.org:x_server:1.8.99.901
-
cpe:2.3:a:x.org:x_server:1.8.99.902
-
cpe:2.3:a:x.org:x_server:1.8.99.903
-
cpe:2.3:a:x.org:x_server:1.8.99.904
-
cpe:2.3:a:x.org:x_server:1.8.99.905
-
cpe:2.3:a:x.org:x_server:1.8.99.906
-
cpe:2.3:a:x.org:x_server:1.9.0
-
cpe:2.3:a:x.org:x_server:1.9.0.901
-
cpe:2.3:a:x.org:x_server:1.9.0.902
-
cpe:2.3:a:x.org:x_server:1.9.1
-
cpe:2.3:a:x.org:x_server:1.9.2
-
cpe:2.3:a:x.org:x_server:1.9.2.901
-
cpe:2.3:a:x.org:x_server:1.9.2.902
-
cpe:2.3:a:x.org:x_server:1.9.3
-
cpe:2.3:a:x.org:x_server:1.9.3.901
-
cpe:2.3:a:x.org:x_server:1.9.3.902
-
cpe:2.3:a:x.org:x_server:1.9.4
-
cpe:2.3:a:x.org:x_server:1.9.4.901
-
cpe:2.3:a:x.org:x_server:1.9.5
-
cpe:2.3:a:x.org:x_server:1.9.99.901
-
cpe:2.3:a:x.org:x_server:1.9.99.902
-
cpe:2.3:a:x.org:x_server:1.9.99.903