CVE-2007-5958

Description

X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.

How to fix CVE-2007-5958

To remediate CVE-2007-5958, upgrade the affected package to a fixed version below.

• Debian/xorg-server—upgrade to 2:1.4.1~git20080105-2 or later

Is CVE-2007-5958 being exploited?

Low — EPSS is 3.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2:1.4.1~git20080105-2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-5958