Mandrake Linux Security Advisory : xfsdump (MDKSA-2003:047)
High Nessus Plugin ID 14031
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA vulnerability was discovered in xfsdump by Ethan Benson related to filesystem quotas on the XFS filesystem. When xfsdump runs xfsdq to save the quota information into a file at the root of the filesystem being dumped, the file is created in an unsafe manner.
A new option to xfsdq was added when fixing this vulnerability: '-f path'. This specifies an output file to use instead of the default output stream. If the file exists already, xfsdq will abort and if the file doesn't already exist, it will be created with more appropriate access permissions.
SolutionUpdate the affected libdm0, libdm0-devel and / or xfsdump packages.