In message <19990329152828.J428@acheron.middleboro.ma.us>, Mason Loring Bliss w
rites:
>This just came across a company list. I haven't checked it for applicability
>to us, and I haven't seen a "formal" warning as yet, but here it is anyway:

This was first pointed out on BugTraq by someone who made it sound
like a NetBSD-specific problem... a fix was committed and posted to
BugTraq shortly thereafter.

>Vulnerability in XFree86
>   scoop - March 28th 1999, 23:15 EST
>
>   A new vulnerability has been found in XFree86. XFree86 creates a
>   directory in /tmp with the name .X11-unix for the X sockets and sets
>   the directory to mode 1777. If an attacker creates a symlink with that
>   filename and points it to another directory (e.g. /root), the permissions
>   of the target directory is set to 1777, thus a local attacker may create
>   files with any contents in any directory. The original SuSe security is
>   available at the Bugtraq archive. Updated packages for SuSe Linux are
>   available on the SuSe FTP Server.
>
>
>-- 
>Mason Loring Bliss             ((  "In the drowsy dark cave of the mind dreams
>mason@acheron.middleboro.ma.us  ))  build  their nest  with fragments  dropped
>http://acheron.ne.mediaone.net ((   from day's caravan." - Rabindranath Tagore