First published: Mon May 14 2007(Updated: )
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SUSE Linux | =9.0 | |
SUSE Linux | =8.0 | |
SUSE Linux | =9.0 | |
SUSE Linux | =9.1 | |
SUSE Linux | =9.0 | |
SUSE Linux | =10.2 | |
SUSE Linux | =10.0 | |
SUSE Linux | =9.3 | |
SUSE Linux | =8 | |
SUSE Linux | =9.3 | |
SUSE Linux | =1.0 | |
SUSE Linux | =10.2 | |
SUSE Linux | =9.0 | |
SUSE Linux | =10 | |
SUSE Linux | =9.2 | |
SUSE Linux | =10.1 | |
SUSE Linux | =10.1 | |
SUSE Linux | =10 | |
SUSE Linux | =9.0 | |
SUSE Linux | =9.1 | |
SUSE Linux | =9.3 | |
SUSE Linux | =9.2 | |
SUSE Linux | =9.2 | |
suse suse united linux | =1.0 | |
SUSE Linux | =9.1 | |
SUSE Linux Standard Server | =8.0 | |
SUSE Linux School Server | =gold | |
openSUSE | =10.2 | |
SUSE Linux Openexchange Server | =4.0 | |
xfsdump | =2.2.38 | |
SUSE Open Enterprise Server | =9 | |
SUSE Linux | =8.0 | |
SUSE Linux | =9.0 | |
SUSE Linux | =9.0 | |
SUSE Linux | =9.0 | |
SUSE Linux | =9.0 | |
SUSE Linux | =9.1 | |
SUSE Linux | =9.1 | |
SUSE Linux | =9.1 | |
SUSE Linux | =9.2 | |
SUSE Linux | =9.2 | |
SUSE Linux | =9.2 | |
SUSE Linux | =9.3 | |
SUSE Linux | =9.3 | |
SUSE Linux | =9.3 | |
SUSE Linux | =10 | |
SUSE Linux | =10 | |
SUSE Linux | =10.0 | |
SUSE Linux | =10.1 | |
SUSE Linux | =10.1 | |
SUSE Linux | =10.2 | |
SUSE Linux | =10.2 | |
suse suse united linux | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2007-2654 is considered high due to insecure permissions in the .fsr temporary directory allowing local users to read or overwrite files.
To fix CVE-2007-2654, you should update the affected SUSE Linux versions to a patched release that resolves the permission issue.
CVE-2007-2654 affects several versions of SUSE Linux including 8.0, 9.0, 9.1, 9.2, 9.3, and 10.x.
The risks of CVE-2007-2654 include potential data breaches or alteration of sensitive files by local users due to improper directory permissions.
A temporary workaround for CVE-2007-2654 includes restricting user access to the xfs_fsr command until the system is updated.