FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Xorg server -- two vulnerabilities in X server lock handling code

Affected packages
xorg-server < 1.7.7_3


VuXML ID 8441957c-f9b4-11e0-a78a-bcaec565249c
Discovery 2011-10-18
Entry 2011-10-18

Matthieu Herrb reports:

It is possible to deduce if a file exists or not by exploiting the way that Xorg creates its lock files. This is caused by the fact that the X server is behaving differently if the lock file already exists as a symbolic link pointing to an existing or non-existing file.

It is possible for a non-root user to set the permissions for all users on any file or directory to 444, giving unwanted read access or causing denies of service (by removing execute permission). This is caused by a race between creating the lock file and setting its access modes.


CVE Name CVE-2011-4028
CVE Name CVE-2011-4029