Vulnerability Details CVE-2007-2654
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 25.1%
CVSS Severity
CVSS v2 Score 4.4
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417894
- http://osvdb.org/36716
- http://secunia.com/advisories/25220
- http://secunia.com/advisories/25425
- http://secunia.com/advisories/25761
- http://secunia.com/advisories/26867
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:134
- http://www.novell.com/linux/security/advisories/2007_10_sr.html
- http://www.securityfocus.com/bid/23922
- http://www.ubuntu.com/usn/usn-516-1
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417894
- http://osvdb.org/36716
- http://secunia.com/advisories/25220
- http://secunia.com/advisories/25425
- http://secunia.com/advisories/25761
- http://secunia.com/advisories/26867
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:134
- http://www.novell.com/linux/security/advisories/2007_10_sr.html
- http://www.securityfocus.com/bid/23922
- http://www.ubuntu.com/usn/usn-516-1
Products affected by CVE-2007-2654
-
cpe:2.3:a:suse:suse_linux_openexchange_server:4.0
-
cpe:2.3:a:suse:suse_linux_school_server:gold
-
cpe:2.3:a:suse:suse_linux_standard_server:8.0
-
cpe:2.3:a:suse:suse_open_enterprise_server:9
-
cpe:2.3:a:xfsdump:xfsdump:2.2.38
-
cpe:2.3:o:suse:opensuse:10.2
-
cpe:2.3:o:suse:suse_linux:1.0
-
cpe:2.3:o:suse:suse_linux:10
-
cpe:2.3:o:suse:suse_linux:10.0
-
cpe:2.3:o:suse:suse_linux:10.1
-
cpe:2.3:o:suse:suse_linux:10.2
-
cpe:2.3:o:suse:suse_linux:8
-
cpe:2.3:o:suse:suse_linux:8.0
-
cpe:2.3:o:suse:suse_linux:9.0
-
cpe:2.3:o:suse:suse_linux:9.1
-
cpe:2.3:o:suse:suse_linux:9.2
-
cpe:2.3:o:suse:suse_linux:9.3
-
cpe:2.3:o:suse:suse_united_linux:1.0