X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| X_file_explorer | X_file_explorer_project | 1.32.5 (including) | 1.32.5 (including) |
| Xfe | Ubuntu | artful | * |
| Xfe | Ubuntu | lucid | * |
| Xfe | Ubuntu | precise | * |
| Xfe | Ubuntu | quantal | * |
| Xfe | Ubuntu | saucy | * |
| Xfe | Ubuntu | trusty | * |
| Xfe | Ubuntu | utopic | * |
| Xfe | Ubuntu | vivid | * |
| Xfe | Ubuntu | wily | * |
| Xfe | Ubuntu | yakkety | * |
| Xfe | Ubuntu | zesty | * |
References
- http://www.openwall.com/lists/oss-security/2014/02/24/5
- http://www.securityfocus.com/bid/65748
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739536
- https://bugzilla.redhat.com/show_bug.cgi?id=1069066
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91519
- http://www.openwall.com/lists/oss-security/2014/02/24/5
- http://www.securityfocus.com/bid/65748
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739536
- https://bugzilla.redhat.com/show_bug.cgi?id=1069066
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91519