Multiple Vendor xfs Symlink Vulnerability

info
discussion
exploit
solution
references

Multiple Vendor xfs Symlink Vulnerability

Xfs, the Xfree86 font server included with RedHat 5.1 is vulnerable to a /tmp symbolic link attack. Xfs creates a file in /tmp called .font-unix that will be followed if a symlink. Any file pointed to by the symbolic link will be overwritten.