Published: 14/05/2007 Updated: 13/11/2008

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

VMScore: 392

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.

Vulnerable Product	Search on Vulmon	Subscribe to Product
suse suse linux 9.0
suse suse linux 8
suse suse linux 1.0
suse suse linux openexchange server 4.0
suse suse linux school server gold
suse suse linux standard server 8.0
xfsdump xfsdump 2.2.38
suse suse open enterprise server 9
suse opensuse 10.2

Paul Martin discovered that xfs_fsr creates a temporary directory with insecure permissions This allows a local attacker to exploit a race condition in xfs_fsr to read or overwrite arbitrary files on xfs filesystems ...

CWE-362 http://www.novell.com/linux/security/advisories/2007_10_sr.html http://www.securityfocus.com/bid/23922 http://secunia.com/advisories/25220 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417894 http://www.mandriva.com/security/advisories?name=MDKSA-2007:134 http://www.ubuntu.com/usn/usn-516-1 http://secunia.com/advisories/25425 http://secunia.com/advisories/25761 http://secunia.com/advisories/26867 http://osvdb.org/36716 https://usn.ubuntu.com/516-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-2654

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect