6.2 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
It was discovered that a race condition in the init.d script of the X Font
Server allows the modification of file permissions of arbitrary files if
the local administrator can be tricked into restarting the X font server.
For the oldstable distribution (sarge) xfs is present as part of the
monolithic xfree86 package. A fix will be provided along with a future
security update.
For the stable distribution (etch) this problem has been fixed in
version 1.0.1-6.
For the unstable distribution (sid) this problem has been fixed in
version 1.0.4-2.
We recommend that you upgrade your xfs package.