Computer Security
[EN] no-pyccku

XFS rc script race conditions
SecurityVulns ID:7933
Threat Level:
Description:Insecure usage of chown for temporary file allows to change ownersip of arbitrary file.
CVE:CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on Red Hat Enterprise Linux (RHEL) 4 and 5 before 20070712, and Fedora Core 6, might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 07.12.07: Red Hat Enterprise Linux init.d XFS Script chown Race Condition Vulnerability (13.07.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod