exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2007-3103

Status Candidate

Overview

The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.

Related Files

Gentoo Linux Security Advisory 200710-11
Posted Oct 13, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-11 - iDefense reported that the xfs init script does not correctly handle a race condition when setting permissions of a temporary file. Sean Larsson discovered an integer overflow vulnerability in the build_range() function possibly leading to a heap-based buffer overflow when handling QueryXBitmaps and QueryXExtents protocol requests. Sean Larsson also discovered an error in the swap_char2b() function possibly leading to a heap corruption when handling the same protocol requests. Versions less than 1.0.5 are affected.

tags | advisory, overflow, protocol
systems | linux, gentoo
advisories | CVE-2007-3103, CVE-2007-4568, CVE-2007-4990
SHA-256 | 511f463b3188bb6e41c1e0acef1a8578132acf147999f05fdb2f1f68b185056e
Debian Linux Security Advisory 1342-1
Posted Jul 31, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1342-1 - It was discovered that a race condition in the init.d script of the X Font Server allows the modification of file permissions of arbitrary files if the local administrator can be tricked into restarting the X font server.

tags | advisory, arbitrary, local
systems | linux, debian
advisories | CVE-2007-3103
SHA-256 | 74f07a9a1e40524a44f01816569d7cd3125eb33ab433f9b3200ad7ccf0f74ee3
iDEFENSE Security Advisory 2007-07-12.1
Posted Jul 13, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 07.12.07 - Local exploitation of a race condition vulnerability in Red Hat Inc.'s Enterprise Linux init.d XFS script allows an attacker to elevate their privileges to root. iDefense has confirmed the existence of this vulnerability in Red Hat Enterprise Linux version 4, and Fedora Core 6. Other versions may also be affected.

tags | advisory, local, root
systems | linux, redhat, fedora
advisories | CVE-2007-3103
SHA-256 | 2666c40511f0350e401c36cdc9f97d433ab4c36b57b8e529c7c0a2a02b5b980c
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close