FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libXfont -- permission bypass when opening files through symlinks

Affected packages
libXfont < 1.5.4
libXfont2 < 2.0.3

Details

VuXML ID 08a125f3-e35a-11e7-a293-54e1ad3d6335
Discovery 2017-11-25
Entry 2017-12-17

the freedesktop.org project reports:

A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir", "fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue with special files such as /dev/watchdog.

References

CVE Name CVE-2017-16611
URL https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8