[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-2943Date: (C)2010-09-30   (M)2024-02-22


The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 8.1CVSS Score : 6.4
Exploit Score: 2.8Exploit Score: 10.0
Impact Score: 5.2Impact Score: 4.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: NONE
Integrity: HIGH 
Availability: NONE 
  
Reference:
http://www.securityfocus.com/archive/1/520102/100/0/threaded
BID-42527
SECUNIA-42758
SECUNIA-43161
SECUNIA-46397
ADV-2011-0070
ADV-2011-0280
RHSA-2010:0723
USN-1041-1
USN-1057-1
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769
http://www.openwall.com/lists/oss-security/2010/08/18/2
http://www.openwall.com/lists/oss-security/2010/08/19/5
http://oss.sgi.com/archives/xfs/2010-06/msg00191.html
http://oss.sgi.com/archives/xfs/2010-06/msg00198.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa
http://support.avaya.com/css/P8/documents/100113326
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://bugzilla.redhat.com/show_bug.cgi?id=624923

CWE    1
CWE-200
OVAL    10
oval:org.secpod.oval:def:201819
oval:org.secpod.oval:def:700253
oval:org.secpod.oval:def:700243
oval:org.secpod.oval:def:700246
...

© SecPod Technologies