Following vulnerability in Xorg / XFree86 X servers has been reported to us: I have found a small vulnerability on Xorg (tested on xorg-x11-server-Xorg version 1.1.1-48.13.el5) that can be exploited by a malicious user to disclose the existence of files in directories not accessible by the user. By looking at the error messages returned when supplying an arbitrary file or directory in the "X :1 -sp <file>" command, a malicious user can identify the existence of files and directories in access restricted directories. If the user receives a "error opening security policy file <file>" the file/directory is not present on the system. However, if a "<file>: invalid security policy file version, ignoring file" error message is returned, the file/directory is present on the system.
Created attachment 288001 [details] cve-2007-5958.patch Simple fix, just issue the same error message no matter what the failure mode is. No upstream bug yet. Should I file one?
(In reply to comment #4) > No upstream bug yet. Should I file one? Yes, feel free to do so while respecting current embargo dates.
Created attachment 290666 [details] Alternate patch proposed by Matthieu Herrb Uses Fopen (fopen that drops privileges) and Fclose.
Verified the patch of comment #9 was included in xorg-x11-6.8.2-1.EL.33.0.1.src.rpm.
Lifting embargo: http://lists.freedesktop.org/archives/xorg/2008-January/031918.html
xorg-x11-server-1.3.0.0-39.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
xorg-x11-server-1.3.0.0-15.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0031.html http://rhn.redhat.com/errata/RHSA-2008-0030.html http://rhn.redhat.com/errata/RHSA-2008-0029.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-0831 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-0760