Description
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
Affected products
- SUSE / openSUSE10.2 – 10.2
- SUSE / suse_linux8 – 8
- SUSE / suse_linux9.0 – 9.0
- SUSE / suse_linux1.0 – 1.0
- SUSE / suse_linux_openexchange_server4.0 – 4.0
- SUSE / suse_linux_school_servergold – gold
- SUSE / suse_linux_standard_server8.0 – 8.0
- SUSE / suse_open_enterprise_server9 – 9
- xfsdump / xfsdump2.2.38 – 2.2.38
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/25761
- MISChttp://www.securityfocus.com/bid/23922
- MISChttp://osvdb.org/36716
- VENDOR_ADVISORYhttp://secunia.com/advisories/26867
- VENDOR_ADVISORYhttp://www.ubuntu.com/usn/usn-516-1
- VENDOR_ADVISORYhttp://secunia.com/advisories/25425
- VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2007_10_sr.html
- VENDOR_ADVISORYhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417894
- VENDOR_ADVISORYhttp://secunia.com/advisories/25220
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:134