This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

A local attacker can use two vulnerabilities of the X.Org server,
in order to detect if a file exists, or to change the mode of any
file.

Severity : 2/4

Creation date : 18/10/2011

IMPACTED PRODUCTS

– Unix - plateform

DESCRIPTION OF THE VULNERABILITY

Two vulnerabilities were announced in the X.Org server.

An attacker can create a symbolic link on the lock file, in order
to detect if the pointed file exists. [severity:1/4 ; BID-50193,
CVE-2011-4028]

The LockServer() function of the os/utils.c file uses chmod()
instead of fchmod() in order to change the mode of the lock file
to 0444 (read only for everybody). An attacker can therefore use a
symbolic link, in order to change the mode of all files on the
system. [severity:2/4 ; BID-50196, CVE-2011-4029]

A local attacker can therefore detect if a file exists, or change
the mode of any file.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/X-Org-vulnerabilities-of-X-Server-11071