Xorg: Two vulnerabilities (CVE-2011-4028 and CVE-2011-4029)

Tue, 18 Oct 2011 20:25:44 +0200
Tags: security

I recently discovered two vulnerabilities in the X server Xorg. The first one is a file existence disclosure flaw (CVE-2011-4028) and the second one is a file permission change vulnerability (CVE-2011-4029):

Here is the associated exploit (it uses Inotify, process priority, X wrapper permission bypass, etc.):

Related links on the subject:

(Updated the 20/03/2012) Those vulnerabilities were covered in the french magazine MISC number 60.

MISC 60

MISC 60