Contact Us
SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME
 
Security Dashboard | US-CERTs | SecurityFocus | Advisories | Exploits | Threats | Vulnerabilities | Risks
Network Security Consulting Advisories Article

X.Org X11 File Read Permission Information Disclosure Vulnerability

http://www.securityfocus.com/bid/50196

Security Info

Bugtraq ID: 50196
Class: Input Validation Error
CVE: CVE-2011-4029
Remote: No
Local: Yes
Published: Oct 18 2011 12:00AM
Updated: Jul 03 2012 08:40AM
Credit: Vladz
Vulnerable: X.org xorg-server 1.4.1
X.org xorg-server 1.1.1
X.org xorg-server 1.4
X.org xorg-server 1.3.99.2 (RC2)
X.org xorg-server 1.2
X.org xorg-server 1.02-r5
X.org xorg-server 1.0.2-r6
Ubuntu Ubuntu Linux 11.10 i386
Ubuntu Ubuntu Linux 11.10 amd64
Ubuntu Ubuntu Linux 11.04 powerpc
Ubuntu Ubuntu Linux 11.04 i386
Ubuntu Ubuntu Linux 11.04 ARM
Ubuntu Ubuntu Linux 11.04 amd64
Ubuntu Ubuntu Linux 10.10 powerpc
Ubuntu Ubuntu Linux 10.10 i386
Ubuntu Ubuntu Linux 10.10 ARM
Ubuntu Ubuntu Linux 10.10 amd64
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 amd64
SuSE SUSE Linux Enterprise Server for VMware 11 SP1
+ Linux kernel 2.6.5
SuSE SUSE Linux Enterprise Server 11 SP1
+ Linux kernel 2.6.5
SuSE SUSE Linux Enterprise SDK 11 SP1
SuSE SUSE Linux Enterprise Desktop 11 SP1
+ Linux kernel 2.6.5
SuSE openSUSE 11.3
Red Hat Enterprise Linux Workstation Optional 6
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server Optional 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux HPC Node Optional 6
Red Hat Enterprise Linux Desktop Optional 6
Red Hat Enterprise Linux Desktop 6
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
Not Vulnerable:

Security Discussion

X.Org X11 is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data.

A local attacker can exploit this issue to gain read permissions of local files. Information obtained may aid in further attacks.

Proof of Concept and Security Exploits

Attackers require local interactive access to exploit.

The following example is available:

Security Solution(s)

Solution:
Updates are available. Please see the references for more information.

Security References(s)

References:

Contact Us

Security Penetration Testing

Security Questions

Security Dashboard

Emagined Security Blog featuring Dr. Eugene Schultz
Site Updated May 24, 2013
©2000-2013 Emagined Security
All Rights Reserved

Secure Web Programming
by Vizual Services