ALAS-2012-104 --- xorg-x11-serverID: oval:org.secpod.oval:def:1601285 | Date: (C)2020-11-27 (M)2022-09-21 |
Class: PATCH | Family: unix |
A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information
Platform: |
Amazon Linux AMI |