CVE-1999-0433

Description

XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

Affected products

• NetBSD / netbsd1.3.2 – 1.3.2
• NetBSD / netbsd1.3.3 – 1.3.3
• RedHat / linux5.1 – 5.1
• RedHat / linux5.2 – 5.2
• slackware / slackware_linux4.0 – 4.0
• slackware / slackware_linux3.6 – 3.6
• slackware / slackware_linux3.3 – 3.3
• slackware / slackware_linux3.4 – 3.4
• slackware / slackware_linux3.5 – 3.5
• SUSE / suse_linux6.1 – 6.1
• SUSE / suse_linux5.1 – 5.1
• SUSE / suse_linux5.2 – 5.2
• SUSE / suse_linux6.0 – 6.0
• xfree86_project / x11r63.3.3 – 3.3.3

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433