// For flags

CVE-2007-3103

X.Org xorg-x11-xfs 1.0.2-3.1 - Local Race Condition

Severity Score

6.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.

El script init.d para el servidor de fuentes xfs de X.Org X11 en varias distribuciones de Linux podrĂ­a permitir a los usuarios locales cambiar los permisos de archivos arbitrarios por medio de un ataque de tipo symlink en el archivo temporal /tmp/.font-unix.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-06-07 CVE Reserved
  • 2007-07-13 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (24)
URL Tag Source
http://bugs.gentoo.org/show_bug.cgi?id=185660 X_refsource_confirm
http://bugzilla.redhat.com/242903 X_refsource_confirm
http://osvdb.org/40945 Vdb Entry
http://www.securityfocus.com/archive/1/473869/100/0/threaded Mailing List
http://www.securityfocus.com/bid/24888 Vdb Entry
http://www.securitytracker.com/id?1018375 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/35375 Vdb Entry
https://issues.rpath.com/browse/RPL-1485 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10802 Signature
URL Date SRC
https://www.exploit-db.com/exploits/5167 2024-08-07
URL Date SRC
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=557 2018-10-16
URL Date SRC
http://secunia.com/advisories/26056 2018-10-16
http://secunia.com/advisories/26081 2018-10-16
http://secunia.com/advisories/26282 2018-10-16
http://secunia.com/advisories/27240 2018-10-16
http://secunia.com/advisories/35674 2018-10-16
http://security.gentoo.org/glsa/glsa-200710-11.xml 2018-10-16
http://www.debian.org/security/2007/dsa-1342 2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0519.html 2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0520.html 2018-10-16
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00095.html 2018-10-16
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00096.html 2018-10-16
https://access.redhat.com/security/cve/CVE-2007-3103 2007-07-12
https://bugzilla.redhat.com/show_bug.cgi?id=1618310 2007-07-12
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Fedoraproject
Search vendor "Fedoraproject"
 Fedora Core
Search vendor "Fedoraproject" for product "Fedora Core"
 6.0
Search vendor "Fedoraproject" for product "Fedora Core" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 4.0
Search vendor "Redhat" for product "Enterprise Linux" and version "4.0"
as
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 4.0
Search vendor "Redhat" for product "Enterprise Linux" and version "4.0"
es
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 4.0
Search vendor "Redhat" for product "Enterprise Linux" and version "4.0"
ws
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
 4.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "4.0"
-
Affected
Redhat
Search vendor "Redhat"
 Linux
Search vendor "Redhat" for product "Linux"
*-
Affected