LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 28th, 2014
Linux Advisory Watch: November 21st, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: xfsdump vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Paul Martin discovered that xfs_fsr creates a temporary directory with insecure permissions. This allows a local attacker to exploit a race condition in xfs_fsr to read or overwrite arbitrary files on xfs filesystems.
=========================================================== 
Ubuntu Security Notice USN-516-1         September 20, 2007
xfsdump vulnerability
CVE-2007-2654
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  xfsdump                         2.2.30-1ubuntu0.1

Ubuntu 6.10:
  xfsdump                         2.2.38-1ubuntu0.6.10.1

Ubuntu 7.04:
  xfsdump                         2.2.38-1ubuntu0.7.04.1

In general, a standard system upgrade is sufficient to affect the
necessary changes.

Details follow:

Paul Martin discovered that xfs_fsr creates a temporary directory
with insecure permissions. This allows a local attacker to exploit a
race condition in xfs_fsr to read or overwrite arbitrary files on xfs
filesystems.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.30-1ubuntu0.1.dsc
      Size/MD5:      618 d4f3b9ad40143e751b220f726961ebba
    http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.30-1ubuntu0.1.tar.gz
      Size/MD5:   576453 0bdb54112e248aec97ec3f76e31db3bc

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.30-1ubuntu0.1_amd64.deb
      Size/MD5:   292386 0599bfb1c91ff8dd91092573aeddf7eb

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.30-1ubuntu0.1_i386.deb
      Size/MD5:   272798 24c9b70f6bc313fd74e1c796fc8275c3

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.30-1ubuntu0.1_powerpc.deb
      Size/MD5:   289254 2ca3f1498a821cedcdbbabb0e3e3024e

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.30-1ubuntu0.1_sparc.deb
      Size/MD5:   269570 90ccbc30495a8af38bbd12036a9f777d

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.6.10.1.dsc
      Size/MD5:      637 f531f5e74e784f3eed86079c4bb4a399
    http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.6.10.1.tar.gz
      Size/MD5:   566100 7b23a7834d606502d7a417c27c985cd9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.6.10.1_amd64.deb
      Size/MD5:   307830 073c61422d102e82e5c19d0a02efb31f

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.6.10.1_i386.deb
      Size/MD5:   297776 1f9d437502c787707a615370de257c03

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.6.10.1_powerpc.deb
      Size/MD5:   323958 2bb7d2a50cb420dba81a852ff82495ec

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.6.10.1_sparc.deb
      Size/MD5:   288660 33596c287661474fb78beb9501813657

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.7.04.1.dsc
      Size/MD5:      721 392609671d6695b02245178ea01bd755
    http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.7.04.1.tar.gz
      Size/MD5:   566169 665eca44b04dbcc7f753d59ff1e92997

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.7.04.1_amd64.deb
      Size/MD5:   308552 c61901d79e291f4ac7c64f0f721d02a8

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.7.04.1_i386.deb
      Size/MD5:   298510 d81af22139ffeefce8ef5979b4468773

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.7.04.1_powerpc.deb
      Size/MD5:   334954 d423004a9bf53ae41806902d1e80a1ee

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/x/xfsdump/xfsdump_2.2.38-1ubuntu0.7.04.1_sparc.deb
      Size/MD5:   291278 1bbe48738754e5a2c293723d8e3ef3e4


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.