Mandrake Linux Security Advisory : xfsdump (MDKSA-2003:047)

High Nessus Plugin ID 14031


The remote Mandrake Linux host is missing one or more security updates.


A vulnerability was discovered in xfsdump by Ethan Benson related to filesystem quotas on the XFS filesystem. When xfsdump runs xfsdq to save the quota information into a file at the root of the filesystem being dumped, the file is created in an unsafe manner.

A new option to xfsdq was added when fixing this vulnerability: '-f path'. This specifies an output file to use instead of the default output stream. If the file exists already, xfsdq will abort and if the file doesn't already exist, it will be created with more appropriate access permissions.


Update the affected libdm0, libdm0-devel and / or xfsdump packages.

Plugin Details

Severity: High

ID: 14031

File Name: mandrake_MDKSA-2003-047.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:libdm0, p-cpe:/a:mandriva:linux:libdm0-devel, p-cpe:/a:mandriva:linux:xfsdump, cpe:/o:mandrakesoft:mandrake_linux:8.2, cpe:/o:mandrakesoft:mandrake_linux:9.0, cpe:/o:mandrakesoft:mandrake_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2003/04/16

Reference Information

CVE: CVE-2003-0173

MDKSA: 2003:047