X11R6 3.3.3 Symlink Vulnerability

info
discussion
exploit
solution
references

X11R6 3.3.3 Symlink Vulnerability

There is a symlink vulnerability known to exist under most modern linux and NetBSD distributions. It involves /tmp/.X11-unix and the tendency to follow to/overwrite the file pointed to if a symlink. It may be possible for a regular user to write arbritrary data to a file they normally have no write access to resulting in a root compromise.