CVE-2007-2654
SUSE Linux - Race Condition in xfs_fsr Temporary Directory Creation
Title source: llmDescription
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
References (10)
Core 10
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25761
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23922
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36716
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26867
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-516-1
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25425
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_10_sr.html
Exploit x_refsource_misc
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417894
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25220
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:134
Scores
EPSS
0.0004
EPSS Percentile
13.1%
Details
CWE
CWE-362
Status
published
Products (9)
suse/opensuse
10.2
suse/suse_linux
1.0
suse/suse_linux
8
suse/suse_linux
9.0
suse/suse_linux_openexchange_server
4.0
suse/suse_linux_school_server
gold
suse/suse_linux_standard_server
8.0
suse/suse_open_enterprise_server
9
xfsdump/xfsdump
2.2.38
Published
May 14, 2007
Tracked Since
Feb 18, 2026