TUCoPS :: SGI :: a6138.htm

xfsdump insecure file creation
11th Apr 2003 [SBWID-6138]

	xfsdump insecure file creation


	IRIX versions prior to 6.5.20 (6.5.20 is immune)


	In SGI Security Advisory 20030404-01-P:
	It's  been  reported  that  xfsdump  creates  quota  information   files
	insecurely, possibly leading to a root exploit by a local user.
	See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0173
	SGI has investigated the issue and recommends the  following  steps  for
	neutralizing the exposure. It is HIGHLY RECOMMENDED that these  measures
	be implemented on ALL vulnerable SGI systems.
	These issues have been corrected with patches and in future releases  of


	There is no effective workaround available for  these  problems  if  you
	need to use xfsdump on  xfs  filesystems  with  quotas.  SGI  recommends
	either upgrading to IRIX 6.5.20  (when  available),  or  installing  the
	appropriate patch available from vendor.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH