Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 4 product line. The current stable release is 4.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 210312

Summary: CVE-2006-5214 Xsession problems (CVE-2006-5215)
Product: Red Hat Enterprise Linux 4 Reporter: Mark J. Cox <mjc>
Component: kdebaseAssignee: Than Ngo <than>
Status: CLOSED NOTABUG QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: reported=20061010,source=cve,impact=low,public=20060212,versions=2.1AS:3:4
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-02-26 16:00:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 230007, 230008    

Description Mark J. Cox 2006-10-11 14:31:09 UTC 
Two issues in XFree86/xorg Xsession were reported and fixed upstream.  Both
relate to the handling of the xsession file.  

CVE-2006-5214: A local attacker could open for reading a users
~/.xsession-errors file if they are able to win a race during it's creation and
have sufficient privileges (+x) to the victims home directory already.

CVE-2006-5215: A local attacker could perform a temporary file attack on the
xsession error file created in /tmp and cause it to overwrite particular files
of the victim.  However this file is only created if the ability to create
~/.xsession-errors in the victims home directory fails, (something the attacker
has no control over).  The upstream Xsession code was different (and worse) than
our xinitrc code, but we should use mkstemp.

We've rated these issues as low severity and they can be deferred until a future
update for some other reason.

Affects: RHEL4, RHEL3, RHEL2.1
Note also affects xinitrc (bz#210311)
Comment 1 Than Ngo 2007-02-26 16:00:09 UTC 
Mark, the kdebase package only includes the symlinks to Xsession scripts in
xinitrc. It's not affected in kdebase.