Jeremy C. Reed

**Name of the Vulnerable Software and Affected Versions** X Display Manager (xdm) in NetBSD versions prior to 20060212 X.Org versions prior to 20060225 Solaris versions 8 through 10 prior to 20061006 **Description** A race condition in the Xsession script causes a user's Xsession errors file to have weak permissions before a chmod is performed. This allows local users to read Xsession errors files of other users. **Recommendations** For NetBSD versions prior to 20060212, update to a version after 20060212 to resolve the issue. For X.Org versions prior to 20060225, update to a version after 20060225 to resolve the issue. For Solaris versions 8 through 10 prior to 20061006, update to a version after 20061006 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** X Display Manager (xdm) in NetBSD versions prior to 20060212 X.Org versions prior to 20060317 Solaris versions 8 through 10 prior to 20061006 **Description** The issue allows local users to overwrite arbitrary files or read another user's Xsession errors file via a symlink attack on a /tmp/xses-$USER file. This is a result of a flaw in the Xsession script used by the affected software. **Recommendations** For X Display Manager (xdm) in NetBSD versions prior to 20060212, update to a version released after 20060212. For X.Org versions prior to 20060317, update to a version released after 20060317. For Solaris versions 8 through 10 prior to 20061006, update to a version released after 20061006.