Computer Security
[EN] securityvulns.ru no-pyccku


XFS rc script race conditions
Published:13.07.2007
Source:
SecurityVulns ID:7933
Type:local
Threat Level:
6/10
Description:Insecure usage of chown for temporary file allows to change ownersip of arbitrary file.
CVE:CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on Red Hat Enterprise Linux (RHEL) 4 and 5 before 20070712, and Fedora Core 6, might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 07.12.07: Red Hat Enterprise Linux init.d XFS Script chown Race Condition Vulnerability (13.07.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod