PT-2017-4221 · X.Org Foundation+2 · Libxfont+3

Johannes Segitz

Publicado

2017-11-06

Atualizado

2024-06-15

CVE-2017-16611

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libXfont versions prior to 1.5.4 libXfont2 versions prior to 2.0.3

Description The issue is related to incorrect handling of symbolic links before accessing a file, allowing a local attacker to open files on the system as root. This can trigger mechanisms such as tape rewinds or watchdogs. The exploitation of this issue can lead to a denial of service.

Recommendations For libXfont versions prior to 1.5.4, update to version 1.5.4 or later. For libXfont2 versions prior to 2.0.3, update to version 2.0.3 or later.

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

ALT-PU-2017-2728

ALT-PU-2017-2729

BDU:2022-06035

CVE-2017-16611

DLA-2901-1

MGASA-2017-0442

OPENSUSE-SU-2024:10921-1

OPENSUSE-SU-2024:10922-1

USN-3500-1

Produtos afetados

Alt Linux

Ubuntu

Libxfont

Libxfont2

PT-2017-4221 · X.Org Foundation+2 · Libxfont+3

CVE-2017-16611

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 43