Vulnerability Note VU#111673
SGI IRIX "xfsdump" creates quota information files insecurely
Overview
A vulnerability exists in xfsdump on SGI IRIX. Exploitation of this vulnerability may allow a local attacker to gain root privileges. Because other operating systems ship with xfsdump, vendors other than SGI may be affected.
Description
From the xfsdump man page: xfsdump backs up files and their attributes in a filesystem. The files are dumped to storage media, a regular file, or standard output. Options allow the operator to have all files dumped, just files that have changed since a previous dump, or just files contained in a list of pathnames. |
Impact
A local attacker may be able to gain superuser privileges. |
Solution
Apply a patch from your vendor. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Debian | Affected | 10 Apr 2003 | 11 Apr 2003 |
| MandrakeSoft | Affected | 10 Apr 2003 | 16 Apr 2003 |
| SGI | Affected | - | 10 Apr 2003 |
| Apple Computer Inc. | Not Affected | 10 Apr 2003 | 14 Apr 2003 |
| Foundry Networks Inc. | Not Affected | 10 Apr 2003 | 11 Apr 2003 |
| Hitachi | Not Affected | 10 Apr 2003 | 14 Apr 2003 |
| IBM | Not Affected | 10 Apr 2003 | 16 Jun 2003 |
| Ingrian Networks | Not Affected | 10 Apr 2003 | 10 Apr 2003 |
| NetBSD | Not Affected | 10 Apr 2003 | 11 Apr 2003 |
| Red Hat Inc. | Not Affected | 10 Apr 2003 | 10 Apr 2003 |
| Xerox Corporation | Not Affected | 10 Apr 2003 | 30 May 2003 |
| 3Com | Unknown | 10 Apr 2003 | 10 Apr 2003 |
| Alcatel | Unknown | 10 Apr 2003 | 10 Apr 2003 |
| AT&T | Unknown | 10 Apr 2003 | 10 Apr 2003 |
| Avaya | Unknown | 10 Apr 2003 | 10 Apr 2003 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://lists.netsys.com/pipermail/full-disclosure/2003-April/009167.html
- http://www.mcsr.olemiss.edu/cgi-bin/man-cgi?xfsdump+1
Credit
This vulnerability was discovered by Ethan Benson.
This document was written by Ian A Finlay.
Other Information
- CVE IDs: CAN-2003-0173
- Date Public: 10 Apr 2003
- Date First Published: 10 Apr 2003
- Date Last Updated: 16 Jun 2003
- Severity Metric: 6.75
- Document Revision: 5
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.