Bug#646156: pu: package xorg-server/2:1.7.7-14
On Fri, Oct 21, 2011 at 3:12 PM, Julien Cristau wrote:
> +commit 03ff880e8bf20cdecaf27f03391ea31545ecc22c
> +Author: Matthieu Herrb <matthieu.herrb@laas.fr>
> +Date: Mon Oct 17 22:27:35 2011 +0200
> +
> + Fix CVE-2011-4029: File permission change vulnerability.
> +
> + Use fchmod() to change permissions of the lock file instead
> + of chmod(), thus avoid the race that can be exploited to set
> + a symbolic link to any file or directory in the system.
I wonder if at least this one should be treated with a real urgency?
On the surface its an info disclosure issue, which tend to be very low
urgency, but it's a pretty bad once since its actually a disclosure of
any file on the system (e.g. /etc/shadown), and there is an existing
poc exploit:
http://vladz.devzero.fr/Xorg-CVE-2011-4029.txt
Best wishes,
Mike
Reply to: