CVE-2010-2226low
Description
The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.
References
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35
https://bugzilla.redhat.com/show_bug.cgi?id=605158
http://archives.free.net.ph/message/20100616.130710.301704aa.en.html
http://archives.free.net.ph/message/20100616.135735.40f53a32.en.html
http://www.securityfocus.com/bid/40920
http://marc.info/?l=oss-security&m=127677135609357&w=2
http://marc.info/?l=oss-security&m=127687486331790&w=2
http://www.redhat.com/support/errata/RHSA-2010-0610.html
http://www.debian.org/security/2010/dsa-2094
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
http://www.ubuntu.com/usn/USN-1000-1
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
http://www.vupen.com/english/advisories/2011/0298
http://secunia.com/advisories/43315
http://www.securityfocus.com/archive/1/516397/100/0/threaded