Debian Security Advisory

xfs -- symbolic link can be used to change file permissions

Date Reported:
31 Mar 1999
Affected Packages:
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 359.
In Mitre's CVE dictionary: CVE-1999-0434.
More information:
Some implementations of xfs incorrectly set the permissions of /tmp/.font-unix even if that location is a symbolic link to another file. Debian 2.1 (slink) is not vulnerable to this problem.

This ISS Security - X-Force Alerts - xfree86-xfs-symlink-dos page provides a good summary of the xfs vulnerability.

The vulnerability can be used to change the permissions of the /etc/shadow file, as shown in Neohapsis Archives (BugTraq) 1999 "bugs in xfs". The InDenial BugTraq Archives - 1999 Mar "bugs in xfs" shows the thread.