Vulnerability Name:

CVE-2007-2654 (CCN-34585)

Assigned:2007-04-05
Published:2007-04-05
Updated:2008-11-13
Summary:xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-362
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: Debian Bug report logs - #417894
xfsdump: xfs_fsr makes world writeable temporary directories

Source: MISC
Type: Exploit
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417894

Source: MITRE
Type: CNA
CVE-2007-2654

Source: CCN
Type: SGI Web site
XFS: A high-performance journaling filesystem

Source: OSVDB
Type: UNKNOWN
36716

Source: SECUNIA
Type: Vendor Advisory
25220

Source: CCN
Type: SA25425
xfsdump "xfs_fsr" Insecure Temporary Directory Creation

Source: SECUNIA
Type: Vendor Advisory
25425

Source: SECUNIA
Type: Vendor Advisory
25761

Source: SECUNIA
Type: Vendor Advisory
26867

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:134

Source: SUSE
Type: Vendor Advisory
SUSE-SR:2007:010

Source: CCN
Type: OSVDB ID: 36716
xfsdump xfs_fsr Symlink Arbitrary File Manipulation

Source: BID
Type: UNKNOWN
23922

Source: CCN
Type: BID-23922
XFSDump XFS_FSR Insecure Temporary File Creation Vulnerability

Source: CCN
Type: USN-516-1
xfsdump vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-516-1

Source: XF
Type: UNKNOWN
xfsdump-tmpinit-insecure-permissions(34585)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:retail_solution:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:personal:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:professional:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:personal:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:professional:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:personal:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:professional:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:personal:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:professional:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10:*:enterprise_desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0:*:oss:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1:*:personal:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1:*:professional:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.2:*:professional:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.2:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_united_linux:1.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:suse:suse_linux_openexchange_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_school_server:gold:*:i386:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_standard_server:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_open_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/a:xfsdump:xfsdump:2.2.38:*:*:*:*:*:*:*
  • OR cpe:/o:suse:opensuse:10.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20072654
    V
    		CVE-2007-2654
    2015-11-16
    oval:org.mitre.oval:def:17695
    P
    		USN-516-1 -- xfsdump vulnerability
    2014-06-30
    BACK
    suse suse linux 1.0
    suse suse linux 8
    suse suse linux 8.0
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.1
    suse suse linux 9.1
    suse suse linux 9.1
    suse suse linux 9.2
    suse suse linux 9.2
    suse suse linux 9.2
    suse suse linux 9.3
    suse suse linux 9.3
    suse suse linux 9.3
    suse suse linux 10
    suse suse linux 10
    suse suse linux 10.0
    suse suse linux 10.1
    suse suse linux 10.1
    suse suse linux 10.2
    suse suse linux 10.2
    suse suse united linux 1.0
    suse suse linux openexchange server 4.0
    suse suse linux school server gold
    suse suse linux standard server 8.0
    suse suse open enterprise server 9
    xfsdump xfsdump 2.2.38
    suse opensuse 10.2