CVE-2011-4029

Related Files

Red Hat Security Advisory 2012-0939-04

Posted Jun 20, 2012

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0939-04 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information.

tags | advisory, arbitrary, local

systems | linux, redhat

advisories | CVE-2011-4028, CVE-2011-4029

SHA-256 | 056bbb8f9c917f5519bbd54df7dac67565efe3792cceacb35765ad54e8033a0f

Download | Favorite | View

X.org File Permission Change Proof Of Concept

Posted Dec 16, 2011

Authored by vladz

This proof of concept exploit sets permissions to 444 on an arbitrary file specified as an argument by leveraging SIGSTOP/SIGCONT signals and the Inotify API to win a race condition in X.

tags | exploit, arbitrary, proof of concept

advisories | CVE-2011-4029

SHA-256 | 0ea22872b6b51bf5249b0a70a12ebe97e3272ad611f24a936335036486484018

Download | Favorite | View

Gentoo Linux Security Advisory 201110-19

Posted Oct 23, 2011

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201110-19 - Multiple vulnerabilities in the X.Org X server might allow local attackers to disclose information. Versions less than 1.10.4-r1 are affected.

tags | advisory, local, vulnerability

systems | linux, gentoo

advisories | CVE-2011-4028, CVE-2011-4029

SHA-256 | 609832a138e154288bb1dbf8b4f5cc7bfd03135dd2be9fdcf641657ed8183c62

Download | Favorite | View

Ubuntu Security Notice USN-1232-1

Posted Oct 18, 2011

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1232-1 - It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly read arbitrary data from the X server process. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.

tags | advisory, arbitrary, root

systems | linux, ubuntu

advisories | CVE-2010-4818, CVE-2010-4819, CVE-2011-4028, CVE-2011-4029

SHA-256 | a04660c7b598d19e4f72432e2a317262cebfd0b9fa6d764460a7bd04e7a74a4f

Download | Favorite | View