CVE-2007-3103
published 2007-07-15CVE-2007-3103: The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a…
PriorityP421medium6.2CVSS 2.0
AVLACHAuNCCICAC
EXPLOIT
EPSS
0.90%
55.2th percentile
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora_core | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
CVSS provenance
nvdv2.06.2MEDIUMAV:L/AC:H/Au:N/C:C/I:C/A:C
vendor_redhat6.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2007-07-11·CVSS 6.2
CVE-2007-3103 [MEDIUM] security flaw
security flaw
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.
GHSA
GHSA-9vrx-rxrx-2pgp: The init
ghsa_unreviewed·2022-05-01
CVE-2007-3103 [MEDIUM] CWE-59 GHSA-9vrx-rxrx-2pgp: The init
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.
No detection rules found.
Bugzilla
CVE-2007-3103 security flaw
bugzilla·2018-08-16·CVSS 6.2
CVE-2007-3103 [MEDIUM] CVE-2007-3103 security flaw
CVE-2007-3103 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.
Bugzilla
CVE-2007-3103 init.d xfs script chown race condition vulnerability
bugzilla·2009-03-27·CVSS 6.2
CVE-2007-3103 [MEDIUM] CVE-2007-3103 init.d xfs script chown race condition vulnerability
CVE-2007-3103 init.d xfs script chown race condition vulnerability
+++ This bug was initially created as a clone of Bug #242903 +++
From iDefense:
Local exploitation of a race condition vulnerability in init.d XFS (X Font
Server) script allows an attacker to elevate their privileges to root.
The XFS script is vulnerable to a race condition when it is started by init, or
by a system administrator. Specifically, it insecurely changes the file
permissions of a temporary file. This allows an attacker to make any file on the
system world writable.
Successful exploitation of this vulnerability results in an attacker gaining
root privileges on the affected system. However, in order to exploit this, it is
necessary for either the system to be rebooted, or for the administrator to
manually res
Bugzilla
XFree86-xfs, xorg-x11-xfs: Unsafe usage of temporary file
bugzilla·2009-03-25·CVSS 6.2
[MEDIUM] XFree86-xfs, xorg-x11-xfs: Unsafe usage of temporary file
XFree86-xfs, xorg-x11-xfs: Unsafe usage of temporary file
A security flaw was found in the start() initscript of font server for XFree86/X.Org server. An attacker could use this flaw to cause
a symlink attack.
References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521107
https://bugs.launchpad.net/ubuntu/+source/xfs/+bug/299560
Discussion:
The Red Hat Security Response Team has rated this issue as having
low security impact, a future update may address this flaw.
More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
---
Doesn't apply to our xfs init script. The debian script tries to save the contents of a non-directory /tmp/.font-unix file if it exists, which is pretty stupid. The only reason that file would exists
Bugzilla
CVE-2007-3103 init.d xfs script chown race condition vulnerability
bugzilla·2007-06-06·CVSS 6.2
CVE-2007-3103 [MEDIUM] CVE-2007-3103 init.d xfs script chown race condition vulnerability
CVE-2007-3103 init.d xfs script chown race condition vulnerability
From iDefense:
Local exploitation of a race condition vulnerability in init.d XFS (X Font
Server) script allows an attacker to elevate their privileges to root.
The XFS script is vulnerable to a race condition when it is started by init, or
by a system administrator. Specifically, it insecurely changes the file
permissions of a temporary file. This allows an attacker to make any file on the
system world writable.
Successful exploitation of this vulnerability results in an attacker gaining
root privileges on the affected system. However, in order to exploit this, it is
necessary for either the system to be rebooted, or for the administrator to
manually restart the XFS.
Discussion:
removing embargo
---
An advisory has
Bugzilla
CVE-2007-3103 init.d xfs script chown race condition vulnerability
bugzilla·2007-06-06·CVSS 6.2
CVE-2007-3103 [MEDIUM] CVE-2007-3103 init.d xfs script chown race condition vulnerability
CVE-2007-3103 init.d xfs script chown race condition vulnerability
From iDefense:
Local exploitation of a race condition vulnerability in init.d XFS (X Font
Server) script allows an attacker to elevate their privileges to root.
The XFS script is vulnerable to a race condition when it is started by init, or
by a system administrator. Specifically, it insecurely changes the file
permissions of a temporary file. This allows an attacker to make any file on the
system world writable.
Successful exploitation of this vulnerability results in an attacker gaining
root privileges on the affected system. However, in order to exploit this, it is
necessary for either the system to be rebooted, or for the administrator to
manually restart the XFS.
Discussion:
Kristian,
Can you figure out where in
http://bugs.gentoo.org/show_bug.cgi?id=185660http://bugzilla.redhat.com/242903http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=557http://osvdb.org/40945http://secunia.com/advisories/26056http://secunia.com/advisories/26081http://secunia.com/advisories/26282http://secunia.com/advisories/27240http://secunia.com/advisories/35674http://security.gentoo.org/glsa/glsa-200710-11.xmlhttp://www.debian.org/security/2007/dsa-1342http://www.redhat.com/support/errata/RHSA-2007-0519.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0520.htmlhttp://www.securityfocus.com/archive/1/473869/100/0/threadedhttp://www.securityfocus.com/bid/24888http://www.securitytracker.com/id?1018375https://exchange.xforce.ibmcloud.com/vulnerabilities/35375https://issues.rpath.com/browse/RPL-1485https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10802https://www.exploit-db.com/exploits/5167https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00095.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00096.htmlhttp://bugs.gentoo.org/show_bug.cgi?id=185660http://bugzilla.redhat.com/242903http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=557http://osvdb.org/40945http://secunia.com/advisories/26056http://secunia.com/advisories/26081http://secunia.com/advisories/26282http://secunia.com/advisories/27240http://secunia.com/advisories/35674http://security.gentoo.org/glsa/glsa-200710-11.xmlhttp://www.debian.org/security/2007/dsa-1342http://www.redhat.com/support/errata/RHSA-2007-0519.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0520.htmlhttp://www.securityfocus.com/archive/1/473869/100/0/threadedhttp://www.securityfocus.com/bid/24888http://www.securitytracker.com/id?1018375https://exchange.xforce.ibmcloud.com/vulnerabilities/35375https://issues.rpath.com/browse/RPL-1485https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10802https://www.exploit-db.com/exploits/5167https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00095.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg00096.html
2007-07-15
Published