CVE-2007-2654

xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:8.0:*:retail_solution:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:personal:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:professional:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.1:*:personal:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.1:*:professional:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.2:*:personal:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.2:*:professional:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.3:*:personal:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.3:*:professional:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:9.3:*:x86_64:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:10:*:enterprise_desktop:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:10:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:10.0:*:oss:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:10.1:*:personal:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:10.1:*:professional:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:10.2:*:professional:*:*:*:*:*
cpe:2.3:o:suse:suse_linux:10.2:*:x86_64:*:*:*:*:*
cpe:2.3:o:suse:suse_united_linux:1.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:suse:suse_linux_openexchange_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:suse:suse_linux_school_server:gold:*:i386:*:*:*:*:*
cpe:2.3:a:suse:suse_linux_standard_server:8.0:*:*:*:*:*:*:*
cpe:2.3:a:suse:suse_open_enterprise_server:9:*:*:*:*:*:*:*
cpe:2.3:a:xfsdump:xfsdump:2.2.38:*:*:*:*:*:*:*
cpe:2.3:o:suse:opensuse:10.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-05-14 21:19

Updated : 2024-02-28 11:01


NVD link : CVE-2007-2654

Mitre link : CVE-2007-2654

CVE.ORG link : CVE-2007-2654


JSON object : View

Products Affected

suse

  • suse_linux_standard_server
  • suse_linux
  • suse_united_linux
  • opensuse
  • suse_linux_school_server
  • suse_open_enterprise_server
  • suse_linux_openexchange_server

xfsdump

  • xfsdump
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')