CVE-2007-3103

EPSS 0.08%
Published 15.07.2007 22:30:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.

Affected products Warnungen 0 Metrics 2 CWE 1 References 25

Data is provided by the National Vulnerability Database (NVD)

Fedoraproject ≫ Fedora Core Version6.0

Redhat ≫ Enterprise Linux Version4.0 Editionas

Redhat ≫ Enterprise Linux Version4.0 Editiones

Redhat ≫ Enterprise Linux Version4.0 Editionws

Redhat ≫ Enterprise Linux Desktop Version4.0

Redhat ≫ Linux

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.204

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.2	1.9	10	AV:L/AC:H/Au:N/C:C/I:C/A:C

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://bugs.gentoo.org/show_bug.cgi?id=185660

http://bugzilla.redhat.com/242903

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=557

Patch

http://osvdb.org/40945

http://secunia.com/advisories/26056

Vendor Advisory

http://secunia.com/advisories/26081

Vendor Advisory

http://secunia.com/advisories/26282

Vendor Advisory

http://secunia.com/advisories/27240