Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

XFS rc script race conditions
Published: 13.07.2007
Source: BUGTRAQ
SecurityVulns ID: 7933
Type: local
Level: 6/10
Description: Insecure usage of chown for temporary file allows to change ownersip of arbitrary file.

CVE: CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on Red Hat Enterprise Linux (RHEL) 4 and 5 before 20070712, and Fedora Core 6, might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.)

Original document IDEFENSE, iDefense Security Advisory 07.12.07: Red Hat Enterprise Linux init.d XFS Script chown Race Condition Vulnerability (13.07.2007)

Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)