Bug 391841 - (CVE-2007-5958) CVE-2007-5958 Xorg / XFree86 file existence disclosure vulnerability
CVE-2007-5958 Xorg / XFree86 file existence disclosure vulnerability
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
source=secalert,reported=20071119,pub...
: Security
Depends On: 419451 419461 419481 419501 419521 419531 429125 429126 429127
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-20 05:17 EST by Tomas Hoger
Modified: 2016-06-17 17:13 EDT (History)
5 users (show)

See Also:
Fixed In Version: 1.3.0.0-39.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-22 10:31:45 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
cve-2007-5958.patch (1.30 KB, patch)
2007-12-13 16:16 EST, Adam Jackson
no flags Details | Diff
Alternate patch proposed by Matthieu Herrb (657 bytes, patch)
2008-01-02 10:46 EST, Tomas Hoger
no flags Details | Diff

  None (edit)
Comment 2 Tomas Hoger 2007-11-20 09:59:13 EST
Following vulnerability in Xorg / XFree86 X servers has been reported to us:

I have found a small vulnerability on Xorg (tested on xorg-x11-server-Xorg
version 1.1.1-48.13.el5) that can be exploited by a malicious user to disclose
the existence of files in directories not accessible by the user.

By looking at the error messages returned when supplying an arbitrary file or
directory in the "X :1 -sp <file>" command, a malicious user can identify the
existence of files and directories in access restricted directories.
If the user receives a "error opening security policy file <file>" the
file/directory is not present on the system.
However, if a "<file>: invalid security policy file version, ignoring file"
error message is returned, the file/directory is present on the system.
Comment 4 Adam Jackson 2007-12-13 16:16:46 EST
Created attachment 288001 [details]
cve-2007-5958.patch

Simple fix, just issue the same error message no matter what the failure mode
is.

No upstream bug yet.  Should I file one?
Comment 5 Tomas Hoger 2007-12-14 03:57:33 EST
(In reply to comment #4)
> No upstream bug yet.  Should I file one?

Yes, feel free to do so while respecting current embargo dates.
Comment 9 Tomas Hoger 2008-01-02 10:46:18 EST
Created attachment 290666 [details]
Alternate patch proposed by Matthieu Herrb

Uses Fopen (fopen that drops privileges) and Fclose.
Comment 12 Yan Tian 2008-01-15 03:51:59 EST
Verified the patch of comment #9 was included in xorg-x11-6.8.2-1.EL.33.0.1.src.rpm.
Comment 16 Josh Bressers 2008-01-17 09:41:53 EST
Lifting embargo:
http://lists.freedesktop.org/archives/xorg/2008-January/031918.html
Comment 18 Fedora Update System 2008-01-22 10:31:34 EST
xorg-x11-server-1.3.0.0-39.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 19 Fedora Update System 2008-01-22 10:49:05 EST
xorg-x11-server-1.3.0.0-15.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.