Vigil@nce - X.Org : vulnerabilities of X Server
novembre 2011 par Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use two vulnerabilities of the X.Org server, in order to detect if a file exists, or to change the mode of any file.
Severity : 2/4
Creation date : 18/10/2011
Unix - plateform
DESCRIPTION OF THE VULNERABILITY
Two vulnerabilities were announced in the X.Org server.
An attacker can create a symbolic link on the lock file, in order to detect if the pointed file exists. [severity:1/4 ; BID-50193, CVE-2011-4028]
The LockServer() function of the os/utils.c file uses chmod() instead of fchmod() in order to change the mode of the lock file to 0444 (read only for everybody). An attacker can therefore use a symbolic link, in order to change the mode of all files on the system. [severity:2/4 ; BID-50196, CVE-2011-4029]
A local attacker can therefore detect if a file exists, or change the mode of any file.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN