Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2011-4028
x.org
xserver
lockserver
symlink attack
file existence
nvd
1.2 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:N/C:P/I:N/A:N
5.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.
Affected configurations
Node
x.orgx_serverRange≤1.11.1
ORx.orgx_serverMatch1.11.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| x.org:x_server | x.org x server | le | 1.11.1 |
| x.org:x_server | x.org x server | eq | 1.11.0 |
Related
nessus
nessus
Scientific Linux Security Update : xorg-x11-server on SL5.x i386/x86_64 (20120221)
2012-08-01 00:00:00
Oracle Linux 5 : xorg-x11-server (ELSA-2012-0303)
2013-07-12 00:00:00
RHEL 5 : xorg-x11-server (RHSA-2012:0303)
2012-02-21 00:00:00
veracode
veracode
Symlink Attack
2019-01-15 08:52:49
Denial Of Service (DoS)
2019-05-02 04:42:01
redhat
redhat
(RHSA-2012:0303) Low: xorg-x11-server security and bug fix update
2012-02-21 00:00:00
(RHSA-2012:0939) Low: xorg-x11-server security and bug fix update
2012-06-20 00:00:00
ubuntucve
ubuntucve
CVE-2011-4028
2011-10-18 00:00:00
openvas
openvas
RedHat Update for xorg-x11-server RHSA-2012:0303-03
2012-02-21 00:00:00
RedHat Update for xorg-x11-server RHSA-2012:0303-03
2012-02-21 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-104)
2015-09-08 00:00:00
nvd
nvd
CVE-2011-4028
2012-07-03 19:55:01
debiancve
debiancve
CVE-2011-4028
2022-10-03 16:15:14
prion
prion
Code injection
2012-07-03 19:55:00
cvelist
cvelist
CVE-2011-4028
2022-10-03 16:15:14
amazon
amazon
Low: xorg-x11-server
2012-07-05 16:24:00
suse
suse
Security update for xorg-x11-server (important)
2011-12-02 08:08:16
xorg-x11-server (important)
2012-02-09 19:10:34
gentoo
gentoo
X.Org X Server: Multiple vulnerabilities
2011-10-22 00:00:00
centos
centos
xorg security update
2012-07-10 17:26:54
oraclelinux
oraclelinux
xorg-x11-server security and bug fix update
2012-06-27 00:00:00
xorg-x11-server security and bug fix update
2012-03-01 00:00:00
freebsd
freebsd
Xorg server -- two vulnerabilities in X server lock handling code
2011-10-18 00:00:00
securityvulns
securityvulns
X.Org multiple security vulnerabilities
2011-10-20 00:00:00
[USN-1232-1] X.Org X server vulnerabilities
2011-10-20 00:00:00
ubuntu
ubuntu
X.Org X server vulnerability
2011-10-20 00:00:00
X.Org X server vulnerabilities
2011-10-18 00:00:00
X.Org X server regression
2011-10-19 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: nx-libs-3.5.0.29-1.fc20
2015-03-26 21:29:40
[SECURITY] Fedora 22 Update: nx-libs-3.5.0.29-1.fc22
2015-03-21 04:53:26
[SECURITY] Fedora 21 Update: nx-libs-3.5.0.29-1.fc21
2015-03-26 21:51:39
1.2 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:H/Au:N/C:P/I:N/A:N
5.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2011-4028