DescriptionX File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: local)
Debian Bugs739536

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xfe (PTS)jessie1.37-4fixed
buster, sid1.43.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[wheezy] - xfe <no-dsa> (Minor issue)
[squeeze] - xfe <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems