Symlink Attack

2019-01-1508:52:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

1.2 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:N/A:N

JSON

X.Org is vulnerable to a symlink attack. Due to a flaw in LockServer function in os/utils.c, a user can disclose the existence of a file in a directory with no access privilege using a symlink attack on a temporary lock file.

CPENameOperatorVersion
xorg-x11-servereq1.1.1__48.76.el5_5.1
xorg-x11-servereq1.1.1__48.76.el5_5.2
xorg-x11-servereq1.7.7__26.el6
xorg-x11-servereq1.10.4__6.el6
xorg-x11-servereq1.1.1__48.76.el5_7.5
xorg-x11-servereq1.1.1__48.26.el5_1.4
xorg-x11-servereq1.1.1__48.13.0.1.el5
xorg-x11-servereq1.1.1__48.52.el5
xorg-x11-servereq1.1.1__48.67.el5
xorg-x11-servereq1.7.7__29.el6

Name	Operator	Version
xorg-x11-server	eq	1.1.1__48.76.el5_5.1
xorg-x11-server	eq	1.1.1__48.76.el5_5.2
xorg-x11-server	eq	1.7.7__26.el6
xorg-x11-server	eq	1.10.4__6.el6
xorg-x11-server	eq	1.1.1__48.76.el5_7.5
xorg-x11-server	eq	1.1.1__48.26.el5_1.4
xorg-x11-server	eq	1.1.1__48.13.0.1.el5
xorg-x11-server	eq	1.1.1__48.52.el5
xorg-x11-server	eq	1.1.1__48.67.el5
xorg-x11-server	eq	1.7.7__29.el6