Vulnerability Description
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Fedora Core | 6.0 |
| Redhat | Enterprise Linux | 4.0 |
| Redhat | Enterprise Linux Desktop | 4.0 |
| Redhat | Linux | All versions |
Related Weaknesses (CWE)
References
- http://bugs.gentoo.org/show_bug.cgi?id=185660
- http://bugzilla.redhat.com/242903
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=557Patch
- http://osvdb.org/40945
- http://secunia.com/advisories/26056Vendor Advisory
- http://secunia.com/advisories/26081Vendor Advisory
- http://secunia.com/advisories/26282Vendor Advisory
- http://secunia.com/advisories/27240Vendor Advisory
- http://secunia.com/advisories/35674Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200710-11.xml
- http://www.debian.org/security/2007/dsa-1342
- http://www.redhat.com/support/errata/RHSA-2007-0519.html
- http://www.redhat.com/support/errata/RHSA-2007-0520.html
- http://www.securityfocus.com/archive/1/473869/100/0/threaded
- http://www.securityfocus.com/bid/24888
FAQ
What is CVE-2007-3103?
CVE-2007-3103 is a vulnerability with a CVSS score of 6.2 (MEDIUM). The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temp...
How severe is CVE-2007-3103?
CVE-2007-3103 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3103?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora Core, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Linux.