The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Debian_linux | Debian | 8.0 | 8.0 |
Debian_linux | Debian | 9.0 | 9.0 |
Debian_linux | Debian | 10.0 | 10.0 |
X11-common | Debian | * | * |