Vigil@nce - X.Org : vulnerabilities of X Server
novembre 2011 par Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use two vulnerabilities of the X.Org server,
in order to detect if a file exists, or to change the mode of any
file.
Severity : 2/4
Creation date : 18/10/2011
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
Two vulnerabilities were announced in the X.Org server.
An attacker can create a symbolic link on the lock file, in order
to detect if the pointed file exists. [severity:1/4 ; BID-50193,
CVE-2011-4028]
The LockServer() function of the os/utils.c file uses chmod()
instead of fchmod() in order to change the mode of the lock file
to 0444 (read only for everybody). An attacker can therefore use a
symbolic link, in order to change the mode of all files on the
system. [severity:2/4 ; BID-50196, CVE-2011-4029]
A local attacker can therefore detect if a file exists, or change
the mode of any file.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/X-Org-vulnerabilities-of-X-Server-11071