MiracleLinux 7 : xdg-user-dirs-0.15-5.el7 (AXSA:2018-2892:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-2892:01 advisory. xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy CVE-2017-15131 Tenable has extracted the preceding...

EUVD-1999-1328

Malware in sbrugna...

EUVD-2000-1046

Malware in sbrugna...

EUVD-2006-5199

Malware in sbrugna...

EUVD-2005-0820

Malware in sbrugna...

The vulnerability of the windowing system for building the graphical user interface of the xorg operating system in Astra Linux allows a hacker to alter the settings of the X-Session.

The vulnerability of the window system for creating a graphical user interface in the Astra Linux operating system’s xorg lies in an incorrect setting of the allow-user-xsession parameter in "/etc/X11/Xsession.options". Exploiting this vulnerability could allow a hacker to alter the default...

MGASA-2018-0215 Updated xdg-user-dirs packages fix security vulnerability

Xsession creation of XDG user directories does not honour system umask policy CVE-2017-15131...

xdg security update

CentOS Errata and Security Advisory CESA-2018:0842 An update for xdg-user-dirs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2017-15131

It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux...

Code injection

It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux...

UBUNTU-CVE-2017-15131

It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux...

XSession race conditions

Race conditions allows different user to see error messages...

CVE-2006-5214

Race condition in the Xsession script, as used by X Display Manager xdm in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession...

CVE-2006-5214

Race condition in the Xsession script, as used by X Display Manager xdm in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession...

CVE-2006-5215

The Xsession script, as used by X Display Manager xdm in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file...

CVE-2006-5214

Race condition in the Xsession script, as used by X Display Manager xdm in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession...

DEBIAN-CVE-2006-5215

The Xsession script, as used by X Display Manager xdm in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file...

CVE-2006-5215

The Xsession script, as used by X Display Manager xdm in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file...

CVE-2006-5215

CVE-2006-5215 describes a local vulnerability in the Xsession script used by XDM across NetBSD, X.Org, and Solaris up to certain dates. The issue arises from a symlink attack on /tmp/xses-$USER, allowing a local user to overwrite arbitrary files or read another user’s Xsession errors file. Connec...

CVE-2006-5214

Race condition in the Xsession script, as used by X Display Manager xdm in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession...