A security flaw was found in the start() initscript of font server for XFree86/X.Org server. An attacker could use this flaw to cause a symlink attack. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521107 https://bugs.launchpad.net/ubuntu/+source/xfs/+bug/299560
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Doesn't apply to our xfs init script. The debian script tries to save the contents of a non-directory /tmp/.font-unix file if it exists, which is pretty stupid. The only reason that file would exists would be an exploit attempt. We just delete it if it's not a directory.
See also bug #242903.
(In reply to comment #4) > See also bug #242903. Right, this indeed looks like Debian specific. Our init script issues were addressed via CVE-2007-3103. The only question that remains is why that issue is not fixed in Fedora? We seem to have changed init script in Red Hat Enterprise Linux 4 and 5 to not do chmod/chown, but that change did not make it to Fedora...