CVE-2011-4029 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2011-4029 Interim 1 17 2023-06-02T01:42:55Z current 2021-05-30T13:00:20Z 2023-06-02T01:42:55Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2011-4029 The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2011-12/msg00002.html E-Mail link for SUSE-SU-2011:1292-1 https://lists.suse.com/pipermail/sle-security-updates/2012-May/000117.html E-Mail link for SUSE-SU-2012:0640-1 https://lists.suse.com/pipermail/sle-security-updates/2012-May/000121.html E-Mail link for SUSE-SU-2012:0644-1 https://lists.opensuse.org/opensuse-security-announce/2012-02/msg00008.html E-Mail link for openSUSE-SU-2012:0227-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP1-TERADATA SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP4 xorg-x11-Xvnc-7.4-27.105.1 xorg-x11-Xvnc-7.4-27.40.52.1 xorg-x11-Xvnc-7.4-27.60.5 xorg-x11-Xvnc-7.4-27.81.7 xorg-x11-server-7.4-27.105.1 xorg-x11-server-7.4-27.40.52.1 xorg-x11-server-7.4-27.60.5 xorg-x11-server-7.4-27.81.7 xorg-x11-server-dmx-7.3.99-17.11.1 xorg-x11-server-extra-7.4-27.105.1 xorg-x11-server-extra-7.4-27.40.52.1 xorg-x11-server-extra-7.4-27.60.5 xorg-x11-server-extra-7.4-27.81.7 xorg-x11-server-rdp-7.3.99-3.18.2 xorg-x11-server-rdp-7.3.99-3.20.1 xorg-x11-server-rdp-7.3.99-3.22.1 xorg-x11-server-sdk-7.4-27.105.1 xorg-x11-server-rdp-7.3.99-3.18.2 as a component of SUSE Linux Enterprise Desktop 11 SP2 xorg-x11-Xvnc-7.4-27.40.52.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA xorg-x11-server-7.4-27.40.52.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA xorg-x11-server-dmx-7.3.99-17.11.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA xorg-x11-server-extra-7.4-27.40.52.1 as a component of SUSE Linux Enterprise Server 11 SP1-TERADATA xorg-x11-Xvnc-7.4-27.60.5 as a component of SUSE Linux Enterprise Server 11 SP2 xorg-x11-server-7.4-27.60.5 as a component of SUSE Linux Enterprise Server 11 SP2 xorg-x11-server-extra-7.4-27.60.5 as a component of SUSE Linux Enterprise Server 11 SP2 xorg-x11-server-rdp-7.3.99-3.18.2 as a component of SUSE Linux Enterprise Server 11 SP2 xorg-x11-Xvnc-7.4-27.81.7 as a component of SUSE Linux Enterprise Server 11 SP3 xorg-x11-server-7.4-27.81.7 as a component of SUSE Linux Enterprise Server 11 SP3 xorg-x11-server-dmx-7.3.99-17.11.1 as a component of SUSE Linux Enterprise Server 11 SP3 xorg-x11-server-extra-7.4-27.81.7 as a component of SUSE Linux Enterprise Server 11 SP3 xorg-x11-server-rdp-7.3.99-3.20.1 as a component of SUSE Linux Enterprise Server 11 SP3 xorg-x11-Xvnc-7.4-27.105.1 as a component of SUSE Linux Enterprise Server 11 SP4 xorg-x11-server-7.4-27.105.1 as a component of SUSE Linux Enterprise Server 11 SP4 xorg-x11-server-dmx-7.3.99-17.11.1 as a component of SUSE Linux Enterprise Server 11 SP4 xorg-x11-server-extra-7.4-27.105.1 as a component of SUSE Linux Enterprise Server 11 SP4 xorg-x11-server-rdp-7.3.99-3.22.1 as a component of SUSE Linux Enterprise Server 11 SP4 xorg-x11-server-rdp-7.3.99-3.18.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP2 xorg-x11-server-sdk-7.4-27.105.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file. CVE-2011-4029 SUSE Linux Enterprise Desktop 11 SP2:xorg-x11-server-rdp-7.3.99-3.18.2 SUSE Linux Enterprise Server 11 SP1-TERADATA:xorg-x11-Xvnc-7.4-27.40.52.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:xorg-x11-server-7.4-27.40.52.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:xorg-x11-server-dmx-7.3.99-17.11.1 SUSE Linux Enterprise Server 11 SP1-TERADATA:xorg-x11-server-extra-7.4-27.40.52.1 SUSE Linux Enterprise Server 11 SP2:xorg-x11-Xvnc-7.4-27.60.5 SUSE Linux Enterprise Server 11 SP2:xorg-x11-server-7.4-27.60.5 SUSE Linux Enterprise Server 11 SP2:xorg-x11-server-extra-7.4-27.60.5 SUSE Linux Enterprise Server 11 SP2:xorg-x11-server-rdp-7.3.99-3.18.2 SUSE Linux Enterprise Server 11 SP3:xorg-x11-Xvnc-7.4-27.81.7 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-7.4-27.81.7 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-dmx-7.3.99-17.11.1 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-extra-7.4-27.81.7 SUSE Linux Enterprise Server 11 SP3:xorg-x11-server-rdp-7.3.99-3.20.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-Xvnc-7.4-27.105.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-server-7.4-27.105.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-server-dmx-7.3.99-17.11.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-server-extra-7.4-27.105.1 SUSE Linux Enterprise Server 11 SP4:xorg-x11-server-rdp-7.3.99-3.22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP2:xorg-x11-server-rdp-7.3.99-3.18.2 SUSE Linux Enterprise Software Development Kit 11 SP4:xorg-x11-server-sdk-7.4-27.105.1 low 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N