Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в X.Org
Опубликовано:20 октября 2011 г.
Источник:
SecurityVulns ID:11984
Тип:локальная
Уровень опасности:
6/10
Описание:Повреждение памяти, проблемы при создании лок-файла.
Затронутые продукты:XORG : X11 7.6
CVE:CVE-2011-4029 (The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.)
 CVE-2011-4028 (The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists.)
 CVE-2010-4819 (The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw.")
 CVE-2010-4818 (The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted length or (3) a negative value in the screen field in a request to glx/glxcmds.c.)
Оригинальный текстdocumentUBUNTU, [USN-1232-1] X.Org X server vulnerabilities (20.10.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород