The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Fedora_core | Fedoraproject | 6.0 (including) | 6.0 (including) |
Enterprise_linux | Redhat | 4.0 (including) | 4.0 (including) |
Enterprise_linux_desktop | Redhat | 4.0 (including) | 4.0 (including) |
Linux | Redhat | * | * |