Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 14, 2003
Not Affected
xfsdump is not shipped with Mac OS X.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 11, 2003
Affected
Debian fixed this problen in DSA 283 http://www.debian.org/security/2003/dsa-283.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 11, 2003
Not Affected
Foundry Networks is not affected by this vulnerability. Foundry does not use IRIX in any of its products.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 14, 2003
Not Affected
Hitachi's HI-UX/WE2 is NOT vulnerable, because it does not have xfsdump.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: June 16, 2003
Not Affected
The issues discussed in CERT Vulnerability Note VU#111673 do not pertain to the AIX operating system.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Not Affected
Ingrian platforms do not include xfsdump and thus are not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 16, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Mandrake Linux Security Update Advisory Package name: xfsdump
Advisory ID: MDKSA-2003:047
Date: April 16th, 2003 Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1 Problem Description: A vulnerability was discovered in xfsdump by Ethan Benson related to
filesystem quotas on the XFS filesystem. When xfsdump runs xfsdq to
save the quota information into a file at the root of the filesystem
being dumped, the file is created in an unsafe manner. A new option to xfsdq was added when fixing this vulnerability: '-f path'. This specifies an output file to use instead of the
default output stream. If the file exists already, xfsdq will
abort and if the file doesn't already exist, it will be created
with more appropriate access permissions. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0173 Updated Packages: Corporate Server 2.1: b97c19f2073ca9a620f2f8820aba28f6 corporate/2.1/RPMS/xfsdump-2.0.3-1.1mdk.i586.rpm
da0d22ec03d3d6f7b35f2e36c8b1f0e2 corporate/2.1/SRPMS/xfsdump-2.0.3-1.1mdk.src.rpm Mandrake Linux 8.2: 73e9c500cd5bbec4f145727725c5c789 8.2/RPMS/xfsdump-2.0.0-2.1mdk.i586.rpm
5ee2db1da3118a3c70c9f7174ca0e552 8.2/SRPMS/xfsdump-2.0.0-2.1mdk.src.rpm Mandrake Linux 8.2/PPC: 499c9f059274ecad092fdcff10dab1db ppc/8.2/RPMS/xfsdump-2.0.0-2.1mdk.ppc.rpm
5ee2db1da3118a3c70c9f7174ca0e552 ppc/8.2/SRPMS/xfsdump-2.0.0-2.1mdk.src.rpm Mandrake Linux 9.0: b97c19f2073ca9a620f2f8820aba28f6 9.0/RPMS/xfsdump-2.0.3-1.1mdk.i586.rpm
da0d22ec03d3d6f7b35f2e36c8b1f0e2 9.0/SRPMS/xfsdump-2.0.3-1.1mdk.src.rpm Mandrake Linux 9.1: f125c26a70fff7b65be5ba7ebefbc8fb 9.1/RPMS/libdm0-2.0.5-1.2mdk.i586.rpm
752075a8a8489ee1961fb107ea9e2b25 9.1/RPMS/libdm0-devel-2.0.5-1.2mdk.i586.rpm
6a0820484e07e3f002758d76e59ace68 9.1/RPMS/xfsdump-2.0.3-1.1mdk.i586.rpm
b2e1d875fc760138b77cb15716724a49 9.1/SRPMS/dmapi-2.0.5-1.2mdk.src.rpm
da0d22ec03d3d6f7b35f2e36c8b1f0e2 9.1/SRPMS/xfsdump-2.0.3-1.1mdk.src.rpm Mandrake Linux 9.1/PPC: dd663695c076b47cd234bfa5a82d6b6e ppc/9.1/RPMS/libdm0-2.0.5-1.2mdk.ppc.rpm
d660f273f56ddfacae43471f466d42d8 ppc/9.1/RPMS/libdm0-devel-2.0.5-1.2mdk.ppc.rpm
f8f7274e7d7c8e8ad6717edcd28a6898 ppc/9.1/RPMS/xfsdump-2.0.3-1.1mdk.ppc.rpm
b2e1d875fc760138b77cb15716724a49 ppc/9.1/SRPMS/dmapi-2.0.5-1.2mdk.src.rpm
da0d22ec03d3d6f7b35f2e36c8b1f0e2 ppc/9.1/SRPMS/xfsdump-2.0.3-1.1mdk.src.rpm Bug IDs fixed (see https://qa.mandrakesoft.com for more information): To upgrade automatically, use MandrakeUpdate. The verification of md5
checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of
FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of
the downloaded package. You can do this with the command: rpm --checksig
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 11, 2003
Not Affected
The NetBSD Project does not supply code for mounting or maintaining XFS filesystems.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Not Affected
Red Hat does not ship xfsdump in any version of Red Hat Linux or Red Hat Enterprise Linux.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: April 10, 2003
Affected
Please see SGI Security Advisory 20030404-01-P.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: May 30, 2003
Not Affected
A response to this vulnerability is available from our web site: http://www.xerox.com/security.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 10, 2003 Updated: April 10, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.