aru Posted April 16, 2003 Report Share Posted April 16, 2003 MandrakeSoft Security Advisory MDKSA-2003:047 : xfsdump April 16th, 2003 Updated xfsdump packages fix insecure file creation A vulnerability was discovered in xfsdump by Ethan Benson related to filesystem quotas on the XFS filesystem. When xfsdump runs xfsdq to save the quota information into a file at the root of the filesystem being dumped, the file is created in an unsafe manner. A new option to xfsdq was added when fixing this vulnerability: '-f path'. This specifies an output file to use instead of the default output stream. If the file exists already, xfsdq will abort and if the file doesn't already exist, it will be created with more appropriate access permissions. The released versions of Mandrake GNU/Linux affected are: 8.2 [*] 8.2/PPC [*] 9.0 [*] 9.1 [*] 9.1/PPC [*] Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:047 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0173 Posted automatically by aru (mdksec2mub v0.0.5) Link to comment Share on other sites More sharing options...
Recommended Posts