CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
9.7%
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
Vendor | Product | Version | CPE |
---|---|---|---|
xfree86_project | x11r6 | 3.3.3 | cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:* |
netbsd | netbsd | 1.3.2 | cpe:2.3:o:netbsd:netbsd:1.3.2:*:*:*:*:*:*:* |
netbsd | netbsd | 1.3.3 | cpe:2.3:o:netbsd:netbsd:1.3.3:*:*:*:*:*:*:* |
redhat | linux | 5.1 | cpe:2.3:o:redhat:linux:5.1:*:*:*:*:*:*:* |
redhat | linux | 5.2 | cpe:2.3:o:redhat:linux:5.2:*:i386:*:*:*:*:* |
slackware | slackware_linux | 3.3 | cpe:2.3:o:slackware:slackware_linux:3.3:*:*:*:*:*:*:* |
slackware | slackware_linux | 3.4 | cpe:2.3:o:slackware:slackware_linux:3.4:*:*:*:*:*:*:* |
slackware | slackware_linux | 3.5 | cpe:2.3:o:slackware:slackware_linux:3.5:*:*:*:*:*:*:* |
slackware | slackware_linux | 3.6 | cpe:2.3:o:slackware:slackware_linux:3.6:*:*:*:*:*:*:* |
slackware | slackware_linux | 4.0 | cpe:2.3:o:slackware:slackware_linux:4.0:*:*:*:*:*:*:* |