[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-2226Date: (C)2010-09-03   (M)2024-02-22


The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
http://www.securityfocus.com/archive/1/516397/100/0/threaded
BID-40920
SECUNIA-43315
ADV-2011-0298
DSA-2094
MDVSA-2010:198
RHSA-2010:0610
SUSE-SA:2010:060
SUSE-SA:2011:007
USN-1000-1
http://marc.info/?l=oss-security&m=127677135609357&w=2
http://marc.info/?l=oss-security&m=127687486331790&w=2
http://archives.free.net.ph/message/20100616.135735.40f53a32.en.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1817176a86352f65210139d4c794ad2d19fc6b63
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
https://bugzilla.redhat.com/show_bug.cgi?id=605158

CWE    1
CWE-200
OVAL    12
oval:org.secpod.oval:def:700253
oval:org.secpod.oval:def:700243
oval:org.secpod.oval:def:700246
oval:org.secpod.oval:def:700015
...

© SecPod Technologies