[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-1146Date: (C)2010-04-12   (M)2024-02-22


The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.9
Exploit Score: 3.4
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
EXPLOIT-DB-12130
SECUNIA-39316
BID-39344
OSVDB-63601
http://marc.info/?l=linux-kernel&m=127076012022155&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=568041
kernel-reiserfs-privilege-escalation(57782)

CPE    1
cpe:/o:linux:linux_kernel
CWE    1
CWE-264
OVAL    10
oval:org.secpod.oval:def:100944
oval:org.secpod.oval:def:100921
oval:org.secpod.oval:def:100554
oval:org.secpod.oval:def:101114
...

© SecPod Technologies