SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#111673

SGI IRIX "xfsdump" creates quota information files insecurely

Overview

A vulnerability exists in xfsdump on SGI IRIX. Exploitation of this vulnerability may allow a local attacker to gain root privileges. Because other operating systems ship with xfsdump, vendors other than SGI may be affected.

I. Description

From the xfsdump man page:

    xfsdump backs up files and their attributes in a filesystem. The files are dumped to storage media, a regular file, or standard output. Options allow the operator to have all files dumped, just files that have changed since a previous dump, or just files contained in a list of pathnames.

xfsdump does not create quota files in a secure manner. As a result, a local attacker may be able to gain superuser privileges on a vulnerable system. For more details, please see SGI Security Advisory 20030404-01-P.

II. Impact

A local attacker may be able to gain superuser privileges.

III. Solution

Apply a patch from your vendor.

Systems Affected

VendorStatusDate NotifiedDate Updated
3ComUnknown10-Apr-2003
AlcatelUnknown10-Apr-2003
Apple Computer Inc.Not Vulnerable14-Apr-2003
AT&TUnknown10-Apr-2003
AvayaUnknown10-Apr-2003
BSDIUnknown10-Apr-2003
Cisco Systems Inc.Unknown10-Apr-2003
Computer AssociatesUnknown10-Apr-2003
ConectivaUnknown10-Apr-2003
Cray Inc.Unknown10-Apr-2003
D-Link SystemsUnknown10-Apr-2003
Data GeneralUnknown10-Apr-2003
DebianVulnerable11-Apr-2003
EngardeUnknown10-Apr-2003
F5 NetworksUnknown10-Apr-2003
Foundry Networks Inc.Not Vulnerable11-Apr-2003
FreeBSDUnknown10-Apr-2003
FujitsuUnknown10-Apr-2003
Hewlett-Packard CompanyUnknown10-Apr-2003
HitachiNot Vulnerable14-Apr-2003
IBMNot Vulnerable16-Jun-2003
Ingrian NetworksNot Vulnerable10-Apr-2003
IntelUnknown10-Apr-2003
Juniper NetworksUnknown10-Apr-2003
LachmanUnknown10-Apr-2003
Lotus SoftwareUnknown10-Apr-2003
Lucent TechnologiesUnknown10-Apr-2003
MandrakeSoftVulnerable16-Apr-2003
Microsoft CorporationUnknown10-Apr-2003
MontaVista SoftwareUnknown10-Apr-2003
Multi-Tech Systems Inc.Unknown10-Apr-2003
MultinetUnknown10-Apr-2003
NEC CorporationUnknown10-Apr-2003
NetBSDNot Vulnerable11-Apr-2003
NetScreenUnknown10-Apr-2003
Network ApplianceUnknown10-Apr-2003
NeXTUnknown10-Apr-2003
NokiaUnknown10-Apr-2003
Nortel NetworksUnknown10-Apr-2003
OpenBSDUnknown10-Apr-2003
Openwall GNU/*/LinuxUnknown10-Apr-2003
Oracle CorporationUnknown10-Apr-2003
Red Hat Inc.Not Vulnerable10-Apr-2003
Riverstone NetworksUnknown10-Apr-2003
SCOUnknown10-Apr-2003
SequentUnknown10-Apr-2003
SGIVulnerable10-Apr-2003
Sony CorporationUnknown10-Apr-2003
Sun Microsystems Inc.Unknown10-Apr-2003
SuSE Inc.Unknown10-Apr-2003
UnisysUnknown10-Apr-2003
Wind River Systems Inc.Unknown10-Apr-2003
WirexUnknown10-Apr-2003
Xerox CorporationNot Vulnerable30-May-2003
ZyXELUnknown10-Apr-2003

References


http://lists.netsys.com/pipermail/full-disclosure/2003-April/009167.html
http://www.mcsr.olemiss.edu/cgi-bin/man-cgi?xfsdump+1

Credit

This vulnerability was discovered by Ethan Benson.

This document was written by Ian A Finlay.

Other Information

Date Public:2003-04-10
Date First Published:2003-04-10
Date Last Updated:2003-06-16
CERT Advisory: 
CVE-ID(s):CAN-2003-0173
NVD-ID(s):CAN-2003-0173
US-CERT Technical Alerts: 
Metric:6.75
Document Revision:5

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2003 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader