Test ID:	1.3.6.1.4.1.25623.1.0.120267
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2012-104)
Summary:	The remote host is missing an update for the 'xorg-x11-server' package(s) announced via the ALAS-2012-104 advisory.
Description:	Summary: The remote host is missing an update for the 'xorg-x11-server' package(s) announced via the ALAS-2012-104 advisory. Vulnerability Insight: A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028) A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information. (CVE-2011-4029) Affected Software/OS: 'xorg-x11-server' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 1.9 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4028 http://lists.freedesktop.org/archives/xorg/2011-October/053680.html RedHat Security Advisories: RHSA-2012:0939 http://rhn.redhat.com/errata/RHSA-2012-0939.html http://secunia.com/advisories/46460 http://secunia.com/advisories/49579 Common Vulnerability Exposure (CVE) ID: CVE-2011-4029
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.