Vulnerabilities > CVE-2003-0173
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
xfsdq in xfsdump does not create quota information files securely, which allows local users to gain root privileges.
Vulnerable Configurations
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-047.NASL description A vulnerability was discovered in xfsdump by Ethan Benson related to filesystem quotas on the XFS filesystem. When xfsdump runs xfsdq to save the quota information into a file at the root of the filesystem being dumped, the file is created in an unsafe manner. A new option to xfsdq was added when fixing this vulnerability: last seen 2020-06-01 modified 2020-06-02 plugin id 14031 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14031 title Mandrake Linux Security Advisory : xfsdump (MDKSA-2003:047) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:047. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14031); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2003-0173"); script_xref(name:"MDKSA", value:"2003:047"); script_name(english:"Mandrake Linux Security Advisory : xfsdump (MDKSA-2003:047)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability was discovered in xfsdump by Ethan Benson related to filesystem quotas on the XFS filesystem. When xfsdump runs xfsdq to save the quota information into a file at the root of the filesystem being dumped, the file is created in an unsafe manner. A new option to xfsdq was added when fixing this vulnerability: '-f path'. This specifies an output file to use instead of the default output stream. If the file exists already, xfsdq will abort and if the file doesn't already exist, it will be created with more appropriate access permissions." ); script_set_attribute( attribute:"solution", value:"Update the affected libdm0, libdm0-devel and / or xfsdump packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libdm0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libdm0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xfsdump"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2003/04/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"xfsdump-2.0.0-2.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"xfsdump-2.0.3-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libdm0-2.0.5-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libdm0-devel-2.0.5-1.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"xfsdump-2.0.3-1.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-283.NASL description Ethan Benson discovered a problem in xfsdump, that contains administrative utilities for the XFS filesystem. When filesystem quotas are enabled xfsdump runs xfsdq to save the quota information into a file at the root of the filesystem being dumped. The manner in which this file is created is unsafe. While fixing this, a new option last seen 2020-06-01 modified 2020-06-02 plugin id 15120 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15120 title Debian DSA-283-1 : xfsdump - insecure file creation code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-283. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15120); script_version("1.22"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2003-0173"); script_bugtraq_id(7321); script_xref(name:"CERT", value:"111673"); script_xref(name:"DSA", value:"283"); script_name(english:"Debian DSA-283-1 : xfsdump - insecure file creation"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Ethan Benson discovered a problem in xfsdump, that contains administrative utilities for the XFS filesystem. When filesystem quotas are enabled xfsdump runs xfsdq to save the quota information into a file at the root of the filesystem being dumped. The manner in which this file is created is unsafe. While fixing this, a new option '-f path' has been added to xfsdq(8) to specify an output file instead of using the standard output stream. This file is created by xfsdq and xfsdq will fail to run if it exists already. The file is also created with a more appropriate mode than whatever the umask happened to be when xfsdump(8) was run." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2003/dsa-283" ); script_set_attribute( attribute:"solution", value: "Upgrade the xfsdump package immediately. For the stable distribution (woody) this problem has been fixed in version 2.0.1-2. The old stable distribution (potato) is not affected since it doesn't contain xfsdump packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xfsdump"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2003/04/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"xfsdump", reference:"2.0.1-2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");