CVE-2007-2654

CWE-362Race Condition7 documents7 sources
Severity
4.4MEDIUM
EPSS
0.0%
top 87.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Suse OpensuseSuse Suse LinuxSuse Suse Linux Openexchange Server+4 more
Timeline
PublishedMay 14
Latest updateMay 1

Description

xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages8 packages

Debianxfsdump< 2.2.45-1+3
NVDxfsdump/xfsdump2.2.38
NVDsuse/opensuse10.2
NVDsuse/suse_linux1.0, 8, 9.0+2

🔴Vulnerability Details

3
GHSA
GHSA-9gpj-6mg9-3q6q: xfs_fsr in xfsdump creates a2022-05-01
OSV
CVE-2007-2654: xfs_fsr in xfsdump creates a2007-05-14
CVEList
CVE-2007-2654: xfs_fsr in xfsdump creates a2007-05-14

📋Vendor Advisories

2
Ubuntu
xfsdump vulnerability2007-09-20
Debian
CVE-2007-2654: xfsdump - xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions,...2007

💬Community

1
Bugzilla
CVE-2007-2654: xfsdump file permissions issue2007-05-17