[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-2066Date: (C)2010-09-08   (M)2024-02-22


The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.5CVSS Score : 2.1
Exploit Score: 1.8Exploit Score: 3.9
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: NONEAvailability: NONE
Integrity: HIGH 
Availability: NONE 
  
Reference:
http://www.securityfocus.com/archive/1/516397/100/0/threaded
SECUNIA-43315
RHSA-2010:0610
SUSE-SA:2010:033
USN-1000-1
http://www.openwall.com/lists/oss-security/2010/06/07/1
http://www.openwall.com/lists/oss-security/2010/06/09/1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1f5a81e41f8b1a782c68d3843e9ec1bfaadf7d72
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
https://bugzilla.redhat.com/show_bug.cgi?id=601006

OVAL    13
oval:org.secpod.oval:def:700253
oval:org.secpod.oval:def:700243
oval:org.secpod.oval:def:700246
oval:org.secpod.oval:def:700015
...

© SecPod Technologies