CVE-2011-4028

Common Vulnerabilities and Exposures

Upstream information

CVE-2011-4028 at MITRE

Description

The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.

NVD CVSS v2 Base Score: 1.2 (AV:L/AC:H/Au:N/C:P/I:N/A:N)

Novell/SUSE information

Novell Bugzilla entry: 722944

SUSE Security Advisories:

SUSE-SU-2011:1292-1, published Fri, 2 Dec 2011 08:08:16 +0100 (CET)
openSUSE-SU-2012:0227-1, published Thu, 9 Feb 2012 19:10:34 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 11.3	`xorg-x11-Xvnc-debuginfo >= 7.5_1.8.0-10.15.2` `xorg-x11-server-debuginfo >= 7.5_1.8.0-10.15.2` `xorg-x11-server-debugsource >= 7.5_1.8.0-10.15.2` `xorg-x11-server-extra-debuginfo >= 7.5_1.8.0-10.15.2`
openSUSE 11.3	`xorg-x11-Xvnc >= 7.5_1.8.0-10.15.2` `xorg-x11-server >= 7.5_1.8.0-10.15.2` `xorg-x11-server-extra >= 7.5_1.8.0-10.15.2` `xorg-x11-server-sdk >= 7.5_1.8.0-10.15.2`
SLE 11 SP2 DEBUGINFO	`xorg-x11-server-rdp-debuginfo >= 7.3.99-3.18.2` `xorg-x11-server-rdp-debugsource >= 7.3.99-3.18.2`	Builds SAT Patch Nr: 6111
SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	`xorg-x11-server-rdp >= 7.3.99-3.18.2`	Builds SAT Patch Nr: 6111
SLE 11 SP1 DEBUGINFO	`xorg-x11-server-debuginfo >= 7.4-27.40.52.1` `xorg-x11-server-debugsource >= 7.4-27.40.52.1`	sle11-sp1-sdk.ppc sles11-sp1-vmware.x86-64 sles11-sp1.x86 sle11-sp1-sdk.x86 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sles11-sp1.ia64 sled11-sp1.x86 sle11-sp1-sdk.ia64 sled11-sp1.x86-64 sle11-sp1-sdk.s390x sles11-sp1.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ppc SAT Patch Nr: 5479
SUSE Linux Enterprise Software Development Kit 11 SP1	`xorg-x11-server-sdk >= 7.4-27.40.52.1`	sle11-sp1-sdk.ppc sles11-sp1-vmware.x86-64 sles11-sp1.x86 sle11-sp1-sdk.x86 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sles11-sp1.ia64 sled11-sp1.x86 sle11-sp1-sdk.ia64 sled11-sp1.x86-64 sle11-sp1-sdk.s390x sles11-sp1.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ppc SAT Patch Nr: 5479
SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware	`xorg-x11-Xvnc >= 7.4-27.40.52.1` `xorg-x11-server >= 7.4-27.40.52.1` `xorg-x11-server-extra >= 7.4-27.40.52.1`	sle11-sp1-sdk.ppc sles11-sp1-vmware.x86-64 sles11-sp1.x86 sle11-sp1-sdk.x86 sles11-sp1.s390x sle11-sp1-sdk.x86-64 sles11-sp1.ia64 sled11-sp1.x86 sle11-sp1-sdk.ia64 sled11-sp1.x86-64 sle11-sp1-sdk.s390x sles11-sp1.x86-64 sles11-sp1-vmware.x86 sles11-sp1.ppc SAT Patch Nr: 5479
SLE 11 SP1 DEBUGINFO	`xorg-x11-server-dmx-debuginfo >= 7.3.99-17.11.1` `xorg-x11-server-dmx-debugsource >= 7.3.99-17.11.1`	Builds SAT Patch Nr: 6112
SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware	`xorg-x11-server-dmx >= 7.3.99-17.11.1`	Builds SAT Patch Nr: 6112
SLE 11 SP1 DEBUGINFO	`xorg-x11-server-rdp-debuginfo >= 7.3.99-3.11.10.1` `xorg-x11-server-rdp-debugsource >= 7.3.99-3.11.10.1`	Builds SAT Patch Nr: 6113
SUSE Linux Enterprise Desktop 11 SP1	`xorg-x11-server-rdp >= 7.3.99-3.11.10.1`	Builds SAT Patch Nr: 6113

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy