Subject: New thing...
To: None <>
From: Mason Loring Bliss <>
List: tech-security
Date: 03/29/1999 15:28:28
This just came across a company list. I haven't checked it for applicability
to us, and I haven't seen a "formal" warning as yet, but here it is anyway:

Vulnerability in XFree86
   scoop - March 28th 1999, 23:15 EST

   A new vulnerability has been found in XFree86. XFree86 creates a
   directory in /tmp with the name .X11-unix for the X sockets and sets
   the directory to mode 1777. If an attacker creates a symlink with that
   filename and points it to another directory (e.g. /root), the permissions
   of the target directory is set to 1777, thus a local attacker may create
   files with any contents in any directory. The original SuSe security is
   available at the Bugtraq archive. Updated packages for SuSe Linux are
   available on the SuSe FTP Server.

Mason Loring Bliss             ((  "In the drowsy dark cave of the mind dreams  ))  build  their nest  with fragments  dropped ((   from day's caravan." - Rabindranath Tagore