Vulnerability Note VU#111673

SGI IRIX "xfsdump" creates quota information files insecurely

Original Release date: 10 Apr 2003 | Last revised: 16 Jun 2003

Overview

A vulnerability exists in xfsdump on SGI IRIX. Exploitation of this vulnerability may allow a local attacker to gain root privileges. Because other operating systems ship with xfsdump, vendors other than SGI may be affected.

Description

From the xfsdump man page:

    xfsdump backs up files and their attributes in a filesystem. The files are dumped to storage media, a regular file, or standard output. Options allow the operator to have all files dumped, just files that have changed since a previous dump, or just files contained in a list of pathnames.

xfsdump does not create quota files in a secure manner. As a result, a local attacker may be able to gain superuser privileges on a vulnerable system. For more details, please see SGI Security Advisory 20030404-01-P.

Impact

A local attacker may be able to gain superuser privileges.

Solution

Apply a patch from your vendor.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
DebianAffected10 Apr 200311 Apr 2003
MandrakeSoftAffected10 Apr 200316 Apr 2003
SGIAffected-10 Apr 2003
Apple Computer Inc.Not Affected10 Apr 200314 Apr 2003
Foundry Networks Inc.Not Affected10 Apr 200311 Apr 2003
HitachiNot Affected10 Apr 200314 Apr 2003
IBMNot Affected10 Apr 200316 Jun 2003
Ingrian NetworksNot Affected10 Apr 200310 Apr 2003
NetBSDNot Affected10 Apr 200311 Apr 2003
Red Hat Inc.Not Affected10 Apr 200310 Apr 2003
Xerox CorporationNot Affected10 Apr 200330 May 2003
3ComUnknown10 Apr 200310 Apr 2003
AlcatelUnknown10 Apr 200310 Apr 2003
AT&TUnknown10 Apr 200310 Apr 2003
AvayaUnknown10 Apr 200310 Apr 2003
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was discovered by Ethan Benson.

This document was written by Ian A Finlay.

Other Information

  • CVE IDs: CAN-2003-0173
  • Date Public: 10 Apr 2003
  • Date First Published: 10 Apr 2003
  • Date Last Updated: 16 Jun 2003
  • Severity Metric: 6.75
  • Document Revision: 5

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.