NVD

Id
10570  
Name
CVE-2011-4028  
Description
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.  
Reject
 
CVSS Version
2  
CVSS Score
1.2  
Severity
Low  
CVSS Base Score
1.2  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
1.9  
CVSS Vector
(AV:L/AC:H/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-07  
Published
2012-07-03  
Modified Date
2012-07-17  
Seq
2011-4028  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
59822 10570 CVE-2011-4028 http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34  View
59823 10570 CVE-2011-4028 [xorg] 20111018 X.Org security advisory: xserver locking code issues  View
59824 10570 CVE-2011-4028 RHSA-2012:0939  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
34811 JVNDB-2011-005053 X.Org xserver の os/utils.c における情報漏えいの脆弱性 X.Org xserver の os/utils.c 内の LockServer 関数には、ファイルが存在する場合に存在しない場合とは異なる処理が行われるため、任意のファイルの存在が漏えいする脆弱性が存在します。 CVE-2011-4028 51935 CVE-2011-4028 10570 1.2 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005053.html 2011-10-18 2012-08-03 View