Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Abonnez-vous gratuitement à notre NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Se désabonner

Vigil@nce - X.Org : vulnerabilities of X Server

novembre 2011 par Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

A local attacker can use two vulnerabilities of the X.Org server, in order to detect if a file exists, or to change the mode of any file.

Severity : 2/4

Creation date : 18/10/2011

IMPACTED PRODUCTS

- Unix - plateform

DESCRIPTION OF THE VULNERABILITY

Two vulnerabilities were announced in the X.Org server.

An attacker can create a symbolic link on the lock file, in order to detect if the pointed file exists. [severity:1/4 ; BID-50193, CVE-2011-4028]

The LockServer() function of the os/utils.c file uses chmod() instead of fchmod() in order to change the mode of the lock file to 0444 (read only for everybody). An attacker can therefore use a symbolic link, in order to change the mode of all files on the system. [severity:2/4 ; BID-50196, CVE-2011-4029]

A local attacker can therefore detect if a file exists, or change the mode of any file.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/X...




Voir les articles précédents

    

Voir les articles suivants