CVE-2011-4029

X.Org xserver <1.11.2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4029.

AI-analyzed exploit summary This PoC exploits a race condition in Xorg (CVE-2011-4029) to change file permissions on arbitrary files (default: /etc/shadow) by manipulating symlinks and process signals. It uses inotify to detect file creation and SIGSTOP/SIGCONT to pause/resume the Xorg process during the vulnerable chmod operation.

Description

The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.

Exploits (1)

exploitdb WORKING POC

clocallinux

https://www.exploit-db.com/exploits/18040

View Code ZIP pw:eip

This PoC exploits a race condition in Xorg (CVE-2011-4029) to change file permissions on arbitrary files (default: /etc/shadow) by manipulating symlinks and process signals. It uses inotify to detect file creation and SIGSTOP/SIGCONT to pause/resume the Xorg process during the vulnerable chmod operation.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Complex

Reliability

Racy

Target: Xorg 1.4 to 1.11.2 (and earlier with USE_CHMOD)

No auth needed

Prerequisites: Access to a system with vulnerable Xorg · Ability to execute binaries · TTY access (on some configurations)

MITRE ATT&CK