Aquaboutic | Focus Security Research | Vulnerability Exploit | POC


xtel user temporary file condition competition vulnerability

Posted by barkins at 2020-04-05

Xtel user temporary file condition competition vulnerability

Issued on: December 5, 2001 updated on: December 14, 2001

Affected system:



Xtel is a free, open source software package similar to Linux X.

There are security issues with this software, which may result in overwriting arbitrary system files.

When a user executes xtel, a temporary file ". Xtel - $user" will be generated under the directory "/ tmp", where "$user" is the user account for executing xtel. Since the temporary file is not checked before execution of xtel, or whether it is a normal file, a malicious attacker uses this vulnerability to launch a conditional competition attack, thus overwriting arbitrary system files and potentially gaining root privileges.


Temporary solution:

If you cannot install a patch or upgrade immediately, NSFocus recommends that you take the following steps to reduce the threat:

*Temporarily switch to other safe x software

Vendor patch:

Debian has released Security Bulletin (dsa-090-1) and corresponding patches:

Number of Views: 2975 severity: 0 (netizens vote)