This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-201110-19
(X.Org X Server: Multiple vulnerabilities)
vladz reported the following vulnerabilities in the X.Org X server:
The X.Org X server follows symbolic links when trying to access the
lock file for a X display, showing a predictable behavior depending on
the file type of the link target (CVE-2011-4028).
The X.Org X server lock file mechanism allows for a race condition to
cause the X server to modify the file permissions of an arbitrary file
to 0444 (CVE-2011-4029).
A local attacker could exploit these vulnerabilities to disclose
information by making arbitrary files on a system world-readable or gain
information whether a specified file exists on the system and whether it
is a file, directory, or a named pipe.
There is no known workaround at this time.
See also :
All X.Org X Server 1.9 users should upgrade to the latest 1.9 version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=x11-base/xorg-server-1.9.5-r1'
All X.Org X Server 1.10 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=x11-base/xorg-server-1.10.4-r1'
Risk factor :
Low / CVSS Base Score : 1.9
CVSS Temporal Score : 1.4
Public Exploit Available : false
Family: Gentoo Local Security Checks
Nessus Plugin ID: 56594 ()
CVE ID: CVE-2011-4028CVE-2011-4029
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.