Mandrake Linux Security Advisory : xfsdump (MDKSA-2003:047)

2004-07-3100:00:00

www.tenable.com

A vulnerability was discovered in xfsdump by Ethan Benson related to filesystem quotas on the XFS filesystem. When xfsdump runs xfsdq to save the quota information into a file at the root of the filesystem being dumped, the file is created in an unsafe manner.

A new option to xfsdq was added when fixing this vulnerability: ‘-f path’. This specifies an output file to use instead of the default output stream. If the file exists already, xfsdq will abort and if the file doesn’t already exist, it will be created with more appropriate access permissions.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2003:047. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14031);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2003-0173");
  script_xref(name:"MDKSA", value:"2003:047");

  script_name(english:"Mandrake Linux Security Advisory : xfsdump (MDKSA-2003:047)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability was discovered in xfsdump by Ethan Benson related to
filesystem quotas on the XFS filesystem. When xfsdump runs xfsdq to
save the quota information into a file at the root of the filesystem
being dumped, the file is created in an unsafe manner.

A new option to xfsdq was added when fixing this vulnerability: '-f
path'. This specifies an output file to use instead of the default
output stream. If the file exists already, xfsdq will abort and if the
file doesn't already exist, it will be created with more appropriate
access permissions."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libdm0, libdm0-devel and / or xfsdump packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libdm0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libdm0-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xfsdump");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/04/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"xfsdump-2.0.0-2.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"xfsdump-2.0.3-1.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libdm0-2.0.5-1.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libdm0-devel-2.0.5-1.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"xfsdump-2.0.3-1.1mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
mandrivalinuxlibdm0p-cpe:/a:mandriva:linux:libdm0
mandrivalinuxlibdm0-develp-cpe:/a:mandriva:linux:libdm0-devel
mandrivalinuxxfsdumpp-cpe:/a:mandriva:linux:xfsdump
mandrakesoftmandrake_linux8.2cpe:/o:mandrakesoft:mandrake_linux:8.2
mandrakesoftmandrake_linux9.0cpe:/o:mandrakesoft:mandrake_linux:9.0
mandrakesoftmandrake_linux9.1cpe:/o:mandrakesoft:mandrake_linux:9.1

Vendor	Product	Version	CPE
mandriva	linux	libdm0	p-cpe:/a:mandriva:linux:libdm0
mandriva	linux	libdm0-devel	p-cpe:/a:mandriva:linux:libdm0-devel
mandriva	linux	xfsdump	p-cpe:/a:mandriva:linux:xfsdump
mandrakesoft	mandrake_linux	8.2	cpe:/o:mandrakesoft:mandrake_linux:8.2
mandrakesoft	mandrake_linux	9.0	cpe:/o:mandrakesoft:mandrake_linux:9.0
mandrakesoft	mandrake_linux	9.1	cpe:/o:mandrakesoft:mandrake_linux:9.1

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0173

JSON

Related for MANDRAKE_MDKSA-2003-047.NASL