Oracle Solaris Third-Party Patch Update : xorg (cve_2011_4028_information_disclosure)
Low Nessus Plugin ID 80818
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to determine the existence of arbitrary files via a symlink attack on a temporary lock file, which is handled differently if the file exists. (CVE-2011-4028)
- The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file. (CVE-2011-4029)
SolutionUpgrade to Solaris 11/11 SRU 6.6.