Mandrake Linux Security Advisory : xfsdump (MDKSA-2003:047)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A vulnerability was discovered in xfsdump by Ethan Benson related to
filesystem quotas on the XFS filesystem. When xfsdump runs xfsdq to
save the quota information into a file at the root of the filesystem
being dumped, the file is created in an unsafe manner.

A new option to xfsdq was added when fixing this vulnerability: '-f
path'. This specifies an output file to use instead of the default
output stream. If the file exists already, xfsdq will abort and if the
file doesn't already exist, it will be created with more appropriate
access permissions.

Solution :

Update the affected libdm0, libdm0-devel and / or xfsdump packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14031 (mandrake_MDKSA-2003-047.nasl)

Bugtraq ID:

CVE ID: CVE-2003-0173

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now