Computer Security

XFS rc script race conditions
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



XFS rc script race conditions
Published:13.07.2007
Source:BUGTRAQ
SecurityVulns ID:7933
Type:local
Level:6/10
Description:Insecure usage of chown for temporary file allows to change ownersip of arbitrary file.
CVE:CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on Red Hat Enterprise Linux (RHEL) 4 and 5 before 20070712, and Fedora Core 6, might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 07.12.07: Red Hat Enterprise Linux init.d XFS Script chown Race Condition Vulnerability (13.07.2007)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru