CVE-2011-4028

The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
1.2 UNKNOWN
LOCAL
HIGH
AV:L/AC:H/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
x.orgx_server
𝑥
≤ 1.11.1
x.orgx_server
1.11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xorg-server
bullseye
2:1.20.11-1+deb11u13
fixed
lenny
no-dsa
bullseye (security)
2:1.20.11-1+deb11u14
fixed
bookworm
2:21.1.7-3+deb12u7
fixed
bookworm (security)
2:21.1.7-3+deb12u8
fixed
sid
2:21.1.14-1
fixed
trixie
2:21.1.14-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xorg-server
oneiric
Fixed 2:1.10.4-1ubuntu4.1
released
natty
Fixed 2:1.10.1-1ubuntu1.3
released
maverick
Fixed 2:1.9.0-0ubuntu7.5
released
lucid
Fixed 2:1.7.6-2ubuntu7.8
released
hardy
ignored
Common Weakness Enumeration
References
http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34
http://lists.freedesktop.org/archives/xorg/2011-October/053680.html
http://rhn.redhat.com/errata/RHSA-2012-0939.html
http://secunia.com/advisories/46460
http://secunia.com/advisories/49579
http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34
http://lists.freedesktop.org/archives/xorg/2011-October/053680.html
http://rhn.redhat.com/errata/RHSA-2012-0939.html
http://secunia.com/advisories/46460
http://secunia.com/advisories/49579