Vulnerability Details CVE-2007-2654
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.8%
CVSS Severity
CVSS v2 Score 4.4
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417894
- http://osvdb.org/36716
- http://secunia.com/advisories/25220
- http://secunia.com/advisories/25425
- http://secunia.com/advisories/25761
- http://secunia.com/advisories/26867
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:134
- http://www.novell.com/linux/security/advisories/2007_10_sr.html
- http://www.securityfocus.com/bid/23922
- http://www.ubuntu.com/usn/usn-516-1
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417894
- http://osvdb.org/36716
- http://secunia.com/advisories/25220
- http://secunia.com/advisories/25425
- http://secunia.com/advisories/25761
- http://secunia.com/advisories/26867
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:134
- http://www.novell.com/linux/security/advisories/2007_10_sr.html
- http://www.securityfocus.com/bid/23922
- http://www.ubuntu.com/usn/usn-516-1
Products affected by CVE-2007-2654
-
cpe:2.3:a:suse:suse_linux_openexchange_server:4.0
-
cpe:2.3:a:suse:suse_linux_school_server:gold
-
cpe:2.3:a:suse:suse_linux_standard_server:8.0
-
cpe:2.3:a:suse:suse_open_enterprise_server:9
-
cpe:2.3:a:xfsdump:xfsdump:2.2.38
-
cpe:2.3:o:suse:opensuse:10.2
-
cpe:2.3:o:suse:suse_linux:1.0
-
cpe:2.3:o:suse:suse_linux:10
-
cpe:2.3:o:suse:suse_linux:10.0
-
cpe:2.3:o:suse:suse_linux:10.1
-
cpe:2.3:o:suse:suse_linux:10.2
-
cpe:2.3:o:suse:suse_linux:8
-
cpe:2.3:o:suse:suse_linux:8.0
-
cpe:2.3:o:suse:suse_linux:9.0
-
cpe:2.3:o:suse:suse_linux:9.1
-
cpe:2.3:o:suse:suse_linux:9.2
-
cpe:2.3:o:suse:suse_linux:9.3
-
cpe:2.3:o:suse:suse_united_linux:1.0