Debian Security Advisory
XFree86 -- symbolic link can be used to make any file world readable
- Date Reported:
- 31 Mar 1999
- Affected Packages:
- Security database references:
- In the Bugtraq database (at SecurityFocus): BugTraq ID 326.
In Mitre's CVE dictionary: CVE-1999-0433.
- More information:
- Some versions of the X windowing system will make
/tmp/.X11-unix world readable, even if that location is a symbolic
another file on the system. Debian 2.1 (slink) is not affected by this
It appears that the bug was originally reported for a NetBSD system on Packetstorm - March 1999 exploits, the page has a reference showing that Linux is also vulnerable. Additionally, SUSE Security Announcement for this vulnerability is available on this BugTraq list - 1999 Mar (0216) page.