Vulnerability CVE-2007-3103


Published: 2007-07-15   Modified: 2012-02-12

Description:
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.

Type:

CWE-59

(Improper Link Resolution Before File Access ('Link Following'))

Vendor: Fedoraproject
Product: Fedora core 
Version: 6.0;
Vendor: Redhat
Product: Enterprise linux desktop 
Version: 4.0;
Product: Enterprise linux 
Version: 4.0;
Product: Linux 

CVSS2 => (AV:L/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.2/10
10/10
1.9/10
Exploit range
Attack complexity
Authentication
Local
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://bugs.gentoo.org/show_bug.cgi?id=185660
http://bugzilla.redhat.com/242903
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=557
http://security.gentoo.org/glsa/glsa-200710-11.xml
http://www.debian.org/security/2007/dsa-1342
http://www.redhat.com/support/errata/RHSA-2007-0519.html
http://www.redhat.com/support/errata/RHSA-2007-0520.html
http://www.securityfocus.com/archive/1/473869/100/0/threaded
http://www.securityfocus.com/bid/24888
http://www.securitytracker.com/id?1018375
https://exchange.xforce.ibmcloud.com/vulnerabilities/35375
https://issues.rpath.com/browse/RPL-1485
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10802
https://www.exploit-db.com/exploits/5167
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00095.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00096.html

Related CVE
CVE-2019-13314
virt-bootstrap 1.1.0 allows local users to discover a root password by listing a process, because this password may be present in the --root-password option to virt_bootstrap.py.
CVE-2019-10183
Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the s...
CVE-2019-10137
A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to...
CVE-2019-10136
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity witho...
CVE-2019-10177
A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attac...
CVE-2019-10164
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often su...
CVE-2019-3896
A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS).
CVE-2019-11479
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial ...

Copyright 2019, cxsecurity.com

 

Back to Top