Bug 212166 - CVE-2006-5214 Xsession problems (CVE-2006-5215)
Summary: CVE-2006-5214 Xsession problems (CVE-2006-5215)
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: kdebase
Version: 6
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Than Ngo
QA Contact: Ben Levenson
URL:
Whiteboard: reported=20061010,source=cve,impact=l...
Depends On:
Blocks: CVE-2006-5214
TreeView+ depends on / blocked
 
Reported: 2006-10-25 14:07 UTC by Mark J. Cox
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-11-15 11:22:43 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Mark J. Cox 2006-10-25 14:07:28 UTC 
+++ This bug was initially created as a clone of Bug #210312 +++

Two issues in XFree86/xorg Xsession were reported and fixed upstream.  Both
relate to the handling of the xsession file.  

CVE-2006-5214: A local attacker could open for reading a users
~/.xsession-errors file if they are able to win a race during it's creation and
have sufficient privileges (+x) to the victims home directory already.

CVE-2006-5215: A local attacker could perform a temporary file attack on the
xsession error file created in /tmp and cause it to overwrite particular files
of the victim.  However this file is only created if the ability to create
~/.xsession-errors in the victims home directory fails, (something the attacker
has no control over).  The upstream Xsession code was different (and worse) than
our xinitrc code, but we should use mkstemp.

We've rated these issues as low severity and they can be deferred until a future
update for some other reason.

Affects: FC6, FC5
Note also affects xinitrc (bz#210311)
Comment 1 Mark J. Cox 2006-11-15 11:22:43 UTC 
kdebase (at least 3.5.5) just uses a symlink to xinit Xsession.
Note You need to log in before you can comment on or make changes to this bug.