CVE Vulnerabilities

CVE-2011-4028

Improper Link Resolution Before File Access ('Link Following')

Published: Jul 03, 2012 | Modified: Aug 24, 2020
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
1.2 LOW
AV:L/AC:H/Au:N/C:P/I:N/A:N
RedHat/V2
1.2 LOW
AV:L/AC:H/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu

The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.

Weakness

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

Name Vendor Start Version End Version
X_server X.org 1.11.0 1.11.0
X_server X.org * 1.11.1
Red Hat Enterprise Linux 5 RedHat xorg-x11-server-0:1.1.1-48.90.el5 *
Red Hat Enterprise Linux 6 RedHat xorg-x11-server-0:1.10.6-1.el6 *
Xorg-server Ubuntu hardy *
Xorg-server Ubuntu lucid *
Xorg-server Ubuntu maverick *
Xorg-server Ubuntu natty *
Xorg-server Ubuntu oneiric *

Potential Mitigations

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

References