CVE-2007-5958

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.

References

http://bugs.gentoo.org/show_bug.cgi?id=204362

http://docs.info.apple.com/article.html?artnum=307562

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

http://lists.freedesktop.org/archives/xorg/2008-January/031918.html

http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html

http://secunia.com/advisories/28273

http://secunia.com/advisories/28532

http://secunia.com/advisories/28535

http://secunia.com/advisories/28536

http://secunia.com/advisories/28539

http://secunia.com/advisories/28540

http://secunia.com/advisories/28542

http://secunia.com/advisories/28543

http://secunia.com/advisories/28550

http://secunia.com/advisories/28584

http://secunia.com/advisories/28592

http://secunia.com/advisories/28616

http://secunia.com/advisories/28718

http://secunia.com/advisories/28843

http://secunia.com/advisories/28885

http://secunia.com/advisories/28997

http://secunia.com/advisories/29420

http://secunia.com/advisories/29622

http://secunia.com/advisories/29707

http://secunia.com/advisories/30161

http://secunia.com/advisories/32545

http://security.gentoo.org/glsa/glsa-200801-09.xml

http://security.gentoo.org/glsa/glsa-200804-05.xml

http://securitytracker.com/id?1019232

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103205-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-230901-1

http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm

http://www.debian.org/security/2008/dsa-1466

http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2008:021

http://www.mandriva.com/security/advisories?name=MDVSA-2008:022

http://www.mandriva.com/security/advisories?name=MDVSA-2008:023

http://www.mandriva.com/security/advisories?name=MDVSA-2008:025

http://www.openbsd.org/errata41.html#012_xorg

http://www.openbsd.org/errata42.html#006_xorg

http://www.redhat.com/support/errata/RHSA-2008-0029.html

http://www.redhat.com/support/errata/RHSA-2008-0030.html

http://www.redhat.com/support/errata/RHSA-2008-0031.html

http://www.securityfocus.com/archive/1/487335/100/0/threaded

http://www.securityfocus.com/bid/27336

http://www.securityfocus.com/bid/27356

http://www.vupen.com/english/advisories/2008/0179

http://www.vupen.com/english/advisories/2008/0184

http://www.vupen.com/english/advisories/2008/0497/references

http://www.vupen.com/english/advisories/2008/0924/references

http://www.vupen.com/english/advisories/2008/3000

https://exchange.xforce.ibmcloud.com/vulnerabilities/39769

https://issues.rpath.com/browse/RPL-1970

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10991

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5393

https://usn.ubuntu.com/571-1/

https://www.exploit-db.com/exploits/5152

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html

Details

Source: MITRE

Published: 2008-01-18

Updated: 2018-10-15

Type: CWE-200

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:x.org:xserver:*:*:*:*:*:*:*:* versions up to 1.4 (inclusive)

Tenable Plugins

View all (40 total)

IDNameProductFamilySeverity
130509Solaris 10 (sparc) : 125719-60NessusSolaris Local Security Checks
high
107439Solaris 10 (sparc) : 125719-57NessusSolaris Local Security Checks
high
107438Solaris 10 (sparc) : 125719-56NessusSolaris Local Security Checks
high
107437Solaris 10 (sparc) : 125719-55NessusSolaris Local Security Checks
high
107436Solaris 10 (sparc) : 125719-54NessusSolaris Local Security Checks
high
107435Solaris 10 (sparc) : 125719-42NessusSolaris Local Security Checks
high
67636Oracle Linux 5 : xorg-x11-server (ELSA-2008-0031)NessusOracle Linux Local Security Checks
high
67635Oracle Linux 4 : xorg-x11 (ELSA-2008-0030)NessusOracle Linux Local Security Checks
high
67634Oracle Linux 3 : XFree86 (ELSA-2008-0029)NessusOracle Linux Local Security Checks
high
60349Scientific Linux Security Update : XFree86 on SL3.x i386/x86_64NessusScientific Linux Local Security Checks
high
60348Scientific Linux Security Update : xorg-x11-server on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
60347Scientific Linux Security Update : xorg-x11 on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
43668CentOS 5 : xorg-x11-server (CESA-2008:0031)NessusCentOS Local Security Checks
high
43667CentOS 4 : xorg-x11 (CESA-2008:0030)NessusCentOS Local Security Checks
high
41183SuSE9 Security Update : XFree86-Xnest (YOU Patch Number 12043)NessusSuSE Local Security Checks
high
41182SuSE9 Security Update : XFree86-libs (YOU Patch Number 12040)NessusSuSE Local Security Checks
high
37710Mandriva Linux Security Advisory : x11-server-xgl (MDVSA-2008:025)NessusMandriva Local Security Checks
high
37567Mandriva Linux Security Advisory : x11-server (MDVSA-2008:023)NessusMandriva Local Security Checks
high
34738HP-UX PHSS_38840 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)NessusHP-UX Local Security Checks
high
34737HP-UX PHSS_37972 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)NessusHP-UX Local Security Checks
high
34736HP-UX PHSS_34392 : HP-UX Running Xserver, Remote Execution of Arbitrary Code (HPSBUX02381 SSRT080083 rev.2)NessusHP-UX Local Security Checks
high
31780SuSE 10 Security Update : Xgl (ZYPP Patch Number 5100)NessusSuSE Local Security Checks
high
31779openSUSE 10 Security Update : xgl (xgl-5099)NessusSuSE Local Security Checks
high
31605Mac OS X Multiple Vulnerabilities (Security Update 2008-002)NessusMacOS X Local Security Checks
critical
30088FreeBSD : xorg -- multiple vulnerabilities (fe2b6597-c9a4-11dc-8da8-0008a18a9961)NessusFreeBSD Local Security Checks
high
30076Fedora 7 : xorg-x11-server-1.3.0.0-15.fc7 (2008-0831)NessusFedora Local Security Checks
high
30073Fedora 8 : xorg-x11-server-1.3.0.0-39.fc8 (2008-0760)NessusFedora Local Security Checks
high
30059Debian DSA-1466-1 : xorg-server - several vulnerabilitiesNessusDebian Local Security Checks
high
30042Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : xorg-server regression (USN-571-2)NessusUbuntu Local Security Checks
high
30041SuSE 10 Security Update : X11 libs and server (ZYPP Patch Number 4860)NessusSuSE Local Security Checks
high
30040SuSE 10 Security Update : xorg-x11-Xnest (ZYPP Patch Number 4875)NessusSuSE Local Security Checks
high
30033GLSA-200801-09 : X.Org X server and Xfont library: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
30022CentOS 3 : XFree86 (CESA-2008:0029)NessusCentOS Local Security Checks
high
30019Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libxfont, xorg-server vulnerabilities (USN-571-1)NessusUbuntu Local Security Checks
high
30017openSUSE 10 Security Update : xorg-x11-Xnest (xorg-x11-Xnest-4859)NessusSuSE Local Security Checks
high
30003RHEL 5 : xorg-x11-server (RHSA-2008:0031)NessusRed Hat Local Security Checks
high
30002RHEL 4 : xorg-x11 (RHSA-2008:0030)NessusRed Hat Local Security Checks
high
30001RHEL 2.1 / 3 : XFree86 (RHSA-2008:0029)NessusRed Hat Local Security Checks
high
26989Solaris 10 (sparc) : 125719-58 (deprecated)NessusSolaris Local Security Checks
high
23609Solaris 9 (x86) : 118908-06NessusSolaris Local Security Checks
high