xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
References
Link | Resource |
---|---|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417894 | Exploit |
http://osvdb.org/36716 | |
http://secunia.com/advisories/25220 | Vendor Advisory |
http://secunia.com/advisories/25425 | Vendor Advisory |
http://secunia.com/advisories/25761 | Vendor Advisory |
http://secunia.com/advisories/26867 | Vendor Advisory |
http://www.mandriva.com/security/advisories?name=MDKSA-2007:134 | |
http://www.novell.com/linux/security/advisories/2007_10_sr.html | Vendor Advisory |
http://www.securityfocus.com/bid/23922 | |
http://www.ubuntu.com/usn/usn-516-1 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2007-05-14 21:19
Updated : 2024-02-28 11:01
NVD link : CVE-2007-2654
Mitre link : CVE-2007-2654
CVE.ORG link : CVE-2007-2654
JSON object : View
Products Affected
suse
- suse_linux_standard_server
- suse_linux
- suse_united_linux
- opensuse
- suse_linux_school_server
- suse_open_enterprise_server
- suse_linux_openexchange_server
xfsdump
- xfsdump
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')