XFSDump XFS_FSR Insecure Temporary File Creation Vulnerability
BID:23922
Info
XFSDump XFS_FSR Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 23922 |
| Class: | Race Condition Error |
| CVE: |
CVE-2007-2654 |
| Remote: | No |
| Local: | Yes |
| Published: | May 11 2007 12:00AM |
| Updated: | Mar 19 2015 09:41AM |
| Credit: | Paul Martin reported this vulnerability. |
| Vulnerable: |
xfsdump xfsdump 2.2.38 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise Desktop 10 SuSE Linux Professional 10.2 x86_64 SuSE Linux Personal 10.2 x86_64 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Desktop 1.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 |
| Not Vulnerable: |
xfsdump xfsdump 2.2.45 |
Discussion
XFSDump XFS_FSR Insecure Temporary File Creation Vulnerability
The xfsdump 'xfs_fsr' utility creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully exploiting a symlink attack may allow the attacker to overwrite or corrupt sensitive files. This may result in a denial of service; other attacks may also be possible.
This issue affects xfsdump 2.2.38; other versions may be affected as well.
The xfsdump 'xfs_fsr' utility creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully exploiting a symlink attack may allow the attacker to overwrite or corrupt sensitive files. This may result in a denial of service; other attacks may also be possible.
This issue affects xfsdump 2.2.38; other versions may be affected as well.
Exploit / POC
XFSDump XFS_FSR Insecure Temporary File Creation Vulnerability
An attacker uses readily available commands to exploit the issue.
An attacker uses readily available commands to exploit the issue.
Solution / Fix
XFSDump XFS_FSR Insecure Temporary File Creation Vulnerability
Solution:
Please see the references for more information.
Solution:
Please see the references for more information.
References
XFSDump XFS_FSR Insecure Temporary File Creation Vulnerability
References:
References: