CVE-2007-5958

X.Org Xserver <1.4.1 - Info Disclosure

Title source: llm

Description

X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.

Exploits (1)

exploitdb WORKING POC VERIFIED

by vl4dZ · bashdosmultiple

https://www.exploit-db.com/exploits/5152

View Code ZIP pw:eip

References (61)

[Issue Tracking] https://issues.rpath.com/browse/RPL-1970

[Issue Tracking] http://bugs.gentoo.org/show_bug.cgi?id=204362

[Vendor Advisory] http://docs.info.apple.com/article.html?artnum=307562

[Vendor Advisory] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321

[Mailing List] http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

[Various Sources] http://lists.freedesktop.org/archives/xorg/2008-January/031918.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html

[Patch] http://sunsolve.sun.com/search/document.do?assetkey=1-26-103205-1

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-230901-1

[Vendor Advisory] http://support.avaya.com/elmodocs2/security/ASA-2008-084.htm

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2008:021

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2008:022

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2008:023

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2008:025

[Various Sources] http://www.openbsd.org/errata41.html#012_xorg

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0029.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0030.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0031.html

... and 41 more

Scores

EPSS 0.0360

EPSS Percentile 87.8%

Details

CWE

CWE-200

Status published

Products (1)

x.org/xserver < 1.4

Published Jan 18, 2008

Tracked Since Feb 18, 2026