4.4

CVE-2007-2654

Exploit
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
   SuseSuse Linux Version1.0 Editiondesktop
SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
   SuseSuse Linux Version8 Editionenterprise_server
SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
   SuseSuse Linux Version9.0 Editionenterprise_server
SuseSuse Linux School Server Versiongold Editioni386
XfsdumpXfsdump Version2.2.38
SuseOpensuse Version10.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.34% 0.251
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://secunia.com/advisories/25220
Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_10_sr.html
Vendor Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417894
Exploit
http://osvdb.org/36716
http://secunia.com/advisories/25425
Vendor Advisory
http://secunia.com/advisories/25761
Vendor Advisory
http://secunia.com/advisories/26867
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:134
http://www.securityfocus.com/bid/23922
http://www.ubuntu.com/usn/usn-516-1