Local Permission Escalation in X.Org X11 Font Server for Linux Distributions
CVE-2007-3103

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: Fedora Core; Linux; Enterprise Linux Desktop; Enterprise Linux
Vendor: CVE Published:; 15 July 2007

Summary

The init.d script for the X.Org X11 font server on multiple Linux distributions is susceptible to a local user privilege escalation. This vulnerability can be exploited through a symlink attack targeting the /tmp/.font-unix temporary file, enabling unauthorized users to modify the permissions of arbitrary files. Such an exploit can lead to significant security risks within affected systems, allowing malicious actors to gain access to sensitive information or resources.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://secunia.com/advisories/35674

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/24888

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 15, 2007
Vulnerability Reserved
Jun 7, 2007