Mandrake Linux Security Advisory : xfsdump (MDKSA-2003:047)

high Nessus Plugin ID 14031

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A vulnerability was discovered in xfsdump by Ethan Benson related to filesystem quotas on the XFS filesystem. When xfsdump runs xfsdq to save the quota information into a file at the root of the filesystem being dumped, the file is created in an unsafe manner.

A new option to xfsdq was added when fixing this vulnerability: '-f path'. This specifies an output file to use instead of the default output stream. If the file exists already, xfsdq will abort and if the file doesn't already exist, it will be created with more appropriate access permissions.

Solution

Update the affected libdm0, libdm0-devel and / or xfsdump packages.

Plugin Details

Severity: High

ID: 14031

File Name: mandrake_MDKSA-2003-047.nasl

Version: 1.18

Type: local

Family: Mandriva Local Security Checks

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:libdm0, p-cpe:/a:mandriva:linux:libdm0-devel, p-cpe:/a:mandriva:linux:xfsdump, cpe:/o:mandrakesoft:mandrake_linux:8.2, cpe:/o:mandrakesoft:mandrake_linux:9.0, cpe:/o:mandrakesoft:mandrake_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 4/16/2003

Reference Information

CVE: CVE-2003-0173

MDKSA: 2003:047

Detections

Analytics