CVE-2007-3103

EPSS 0.08%
Veröffentlicht 15.07.2007 22:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 25

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fedoraproject ≫ Fedora Core Version6.0

Redhat ≫ Enterprise Linux Version4.0 Editionas

Redhat ≫ Enterprise Linux Version4.0 Editiones

Redhat ≫ Enterprise Linux Version4.0 Editionws

Redhat ≫ Enterprise Linux Desktop Version4.0

Redhat ≫ Linux

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.204

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.2	1.9	10	AV:L/AC:H/Au:N/C:C/I:C/A:C

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://bugs.gentoo.org/show_bug.cgi?id=185660

http://bugzilla.redhat.com/242903

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=557

Patch

http://osvdb.org/40945

http://secunia.com/advisories/26056

Vendor Advisory

http://secunia.com/advisories/26081

Vendor Advisory

http://secunia.com/advisories/26282

Vendor Advisory

http://secunia.com/advisories/27240