CVE-2007-2654

2007-05-1421:19:00

CWE-362

[email protected]

web.nvd.nist.gov

cve-2007-2654

xfs_fsr

xfsdump

insecure permissions

local users

arbitrary files

xfs filesystems

nvd

6.1 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.

CPENameOperatorVersion
suse:suse_linuxsuse suse linuxeq9.0
suse:suse_linuxsuse suse linuxeq8
suse:suse_linuxsuse suse linuxeq1.0
suse:suse_linux_standard_serversuse suse linux standard servereq8.0
suse:suse_linux_school_serversuse suse linux school servereqgold
suse:opensusesuse opensuseeq10.2
suse:suse_linux_openexchange_serversuse suse linux openexchange servereq4.0
xfsdump:xfsdumpxfsdumpeq2.2.38
suse:suse_open_enterprise_serversuse suse open enterprise servereq9

CPE	Name	Operator	Version
suse:suse_linux	suse suse linux	eq	9.0
suse:suse_linux	suse suse linux	eq	8
suse:suse_linux	suse suse linux	eq	1.0
suse:suse_linux_standard_server	suse suse linux standard server	eq	8.0
suse:suse_linux_school_server	suse suse linux school server	eq	gold
suse:opensuse	suse opensuse	eq	10.2
suse:suse_linux_openexchange_server	suse suse linux openexchange server	eq	4.0
xfsdump:xfsdump	xfsdump	eq	2.2.38
suse:suse_open_enterprise_server	suse suse open enterprise server	eq	9