what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2007-3103

Status Candidate

Overview

The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.

Related Files

Gentoo Linux Security Advisory 200710-11
Posted Oct 13, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-11 - iDefense reported that the xfs init script does not correctly handle a race condition when setting permissions of a temporary file. Sean Larsson discovered an integer overflow vulnerability in the build_range() function possibly leading to a heap-based buffer overflow when handling QueryXBitmaps and QueryXExtents protocol requests. Sean Larsson also discovered an error in the swap_char2b() function possibly leading to a heap corruption when handling the same protocol requests. Versions less than 1.0.5 are affected.

tags | advisory, overflow, protocol
systems | linux, gentoo
advisories | CVE-2007-3103, CVE-2007-4568, CVE-2007-4990
SHA-256 | 511f463b3188bb6e41c1e0acef1a8578132acf147999f05fdb2f1f68b185056e
Debian Linux Security Advisory 1342-1
Posted Jul 31, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1342-1 - It was discovered that a race condition in the init.d script of the X Font Server allows the modification of file permissions of arbitrary files if the local administrator can be tricked into restarting the X font server.

tags | advisory, arbitrary, local
systems | linux, debian
advisories | CVE-2007-3103
SHA-256 | 74f07a9a1e40524a44f01816569d7cd3125eb33ab433f9b3200ad7ccf0f74ee3
iDEFENSE Security Advisory 2007-07-12.1
Posted Jul 13, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 07.12.07 - Local exploitation of a race condition vulnerability in Red Hat Inc.'s Enterprise Linux init.d XFS script allows an attacker to elevate their privileges to root. iDefense has confirmed the existence of this vulnerability in Red Hat Enterprise Linux version 4, and Fedora Core 6. Other versions may also be affected.

tags | advisory, local, root
systems | linux, redhat, fedora
advisories | CVE-2007-3103
SHA-256 | 2666c40511f0350e401c36cdc9f97d433ab4c36b57b8e529c7c0a2a02b5b980c
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close