6.2 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
0.4%
CentOS Errata and Security Advisory CESA-2007:0520
The X.Org X11 xfs font server provides a standard mechanism for an X server
to communicate with a font renderer.
A temporary file flaw was found in the way the X.Org X11 xfs font server
startup script executes. A local user could modify the permissions of a
file of their choosing, possibly elevating their local privileges.
(CVE-2007-3103)
Users of the X.org X11 xfs font server should upgrade to these updated
packages, which contain a backported patch and are not vulnerable to this
issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-July/076191.html
https://lists.centos.org/pipermail/centos-announce/2007-July/076192.html
Affected packages:
xorg-x11-xfs
xorg-x11-xfs-utils
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0520
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | xorg-x11-xfs | < 1.0.2-4 | xorg-x11-xfs-1.0.2-4.i386.rpm |
CentOS | 5 | i386 | xorg-x11-xfs-utils | < 1.0.2-4 | xorg-x11-xfs-utils-1.0.2-4.i386.rpm |
CentOS | 5 | x86_64 | xorg-x11-xfs | < 1.0.2-4 | xorg-x11-xfs-1.0.2-4.x86_64.rpm |
CentOS | 5 | x86_64 | xorg-x11-xfs-utils | < 1.0.2-4 | xorg-x11-xfs-utils-1.0.2-4.x86_64.rpm |