XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
1999-03-21T05:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 4.6 (MEDIUM)
AV:L/AC:L/Au:N/C:P/I:P/A:P
3.9
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | xfree86_project | x11r6 | 3.3.3 | Yes |
| Operating System | netbsd | netbsd | 1.3.2 | Yes |
| Operating System | netbsd | netbsd | 1.3.3 | Yes |
| Operating System | redhat | linux | 5.1 | Yes |
| Operating System | redhat | linux | 5.2 | Yes |
| Operating System | slackware | slackware_linux | 3.3 | Yes |
| Operating System | slackware | slackware_linux | 3.4 | Yes |
| Operating System | slackware | slackware_linux | 3.5 | Yes |
| Operating System | slackware | slackware_linux | 3.6 | Yes |
| Operating System | slackware | slackware_linux | 4.0 | Yes |
| Operating System | suse | suse_linux | 5.1 | Yes |
| Operating System | suse | suse_linux | 5.2 | Yes |
| Operating System | suse | suse_linux | 6.0 | Yes |
| Operating System | suse | suse_linux | 6.1 | Yes |