CVE-2007-2654: Race Condition
First published: Mon May 14 2007(Updated: )
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Suse Suse Linux | =9.0 | |
| Suse Suse Linux | =8.0 | |
| Suse Suse Linux | =9.0 | |
| Suse Suse Linux | =9.1 | |
| Suse Suse Linux | =9.0 | |
| Suse Suse Linux | =10.2 | |
| Suse Suse Linux | =10.0 | |
| Suse Suse Linux | =9.3 | |
| Suse Suse Linux | =8 | |
| Suse Suse Linux | =9.3 | |
| Suse Suse Linux | =1.0 | |
| Suse Suse Linux | =10.2 | |
| Suse Suse Linux | =9.0 | |
| Suse Suse Linux | =10 | |
| Suse Suse Linux | =9.2 | |
| Suse Suse Linux | =10.1 | |
| Suse Suse Linux | =10.1 | |
| Suse Suse Linux | =10 | |
| Suse Suse Linux | =9.0 | |
| Suse Suse Linux | =9.1 | |
| Suse Suse Linux | =9.3 | |
| Suse Suse Linux | =9.2 | |
| Suse Suse Linux | =9.2 | |
| Suse Suse United Linux | =1.0 | |
| Suse Suse Linux | =9.1 | |
| Suse Suse Linux Standard Server | =8.0 | |
| Suse Suse Linux School Server | =gold | |
| SUSE openSUSE | =10.2 | |
| Suse Suse Linux Openexchange Server | =4.0 | |
| Xfsdump Xfsdump | =2.2.38 | |
| Suse Suse Open Enterprise Server | =9 | |
| Suse Suse Linux | =8.0 | |
| Suse Suse Linux | =9.0 | |
| Suse Suse Linux | =9.0 | |
| Suse Suse Linux | =9.0 | |
| Suse Suse Linux | =9.0 | |
| Suse Suse Linux | =9.1 | |
| Suse Suse Linux | =9.1 | |
| Suse Suse Linux | =9.1 | |
| Suse Suse Linux | =9.2 | |
| Suse Suse Linux | =9.2 | |
| Suse Suse Linux | =9.2 | |
| Suse Suse Linux | =9.3 | |
| Suse Suse Linux | =9.3 | |
| Suse Suse Linux | =9.3 | |
| Suse Suse Linux | =10 | |
| Suse Suse Linux | =10 | |
| Suse Suse Linux | =10.0 | |
| Suse Suse Linux | =10.1 | |
| Suse Suse Linux | =10.1 | |
| Suse Suse Linux | =10.2 | |
| Suse Suse Linux | =10.2 | |
| Suse Suse United Linux | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.novell.com/linux/security/advisories/2007_10_sr.html
- http://www.securityfocus.com/bid/23922
- http://secunia.com/advisories/25220
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417894
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:134
- http://www.ubuntu.com/usn/usn-516-1
- http://secunia.com/advisories/25425
- http://secunia.com/advisories/25761
- http://secunia.com/advisories/26867
- http://osvdb.org/36716
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/suse
- canonical/suse suse linux
- version/suse suse linux/9.0
- version/suse suse linux/8.0
- version/suse suse linux/9.1
- version/suse suse linux/10.2
- version/suse suse linux/10.0
- version/suse suse linux/9.3
- version/suse suse linux/8
- version/suse suse linux/1.0
- version/suse suse linux/10
- version/suse suse linux/9.2
- version/suse suse linux/10.1
- canonical/suse suse united linux
- version/suse suse united linux/1.0
- canonical/suse suse linux standard server
- version/suse suse linux standard server/8.0
- canonical/suse suse linux school server
- version/suse suse linux school server/gold
- canonical/suse opensuse
- version/suse opensuse/10.2
- canonical/suse suse linux openexchange server
- version/suse suse linux openexchange server/4.0
- vendor/xfsdump
- canonical/xfsdump xfsdump
- version/xfsdump xfsdump/2.2.38
- canonical/suse suse open enterprise server
- version/suse suse open enterprise server/9