CVE-2010-2798

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=728a756b8fcd22d80e2dbba8117a8a3aafd3f203

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html

http://secunia.com/advisories/46397

http://securitytracker.com/id?1024386

http://support.avaya.com/css/P8/documents/100113326

http://www.debian.org/security/2010/dsa-2094

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35

http://www.mandriva.com/security/advisories?name=MDVSA-2010:198

http://www.openwall.com/lists/oss-security/2010/08/02/1

http://www.openwall.com/lists/oss-security/2010/08/02/10

http://www.redhat.com/support/errata/RHSA-2010-0660.html

http://www.redhat.com/support/errata/RHSA-2010-0670.html

http://www.redhat.com/support/errata/RHSA-2010-0723.html

http://www.securityfocus.com/archive/1/520102/100/0/threaded

http://www.securityfocus.com/bid/42124

http://www.ubuntu.com/usn/USN-1000-1

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

https://bugzilla.redhat.com/show_bug.cgi?id=620300

Details

Source: MITRE

Published: 2010-09-08

Updated: 2020-08-14

Type: CWE-476

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*

cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:avaya:aura_communication_manager:5.2:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_presence_services:6.0:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_presence_services:6.1:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_presence_services:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_session_manager:1.1:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_session_manager:5.2:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_session_manager:6.0:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_system_manager:5.2:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_system_manager:6.0:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_system_manager:6.1:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_system_manager:6.1.1:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_system_platform:1.1:*:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_system_platform:6.0:-:*:*:*:*:*:*

cpe:2.3:a:avaya:aura_system_platform:6.0:sp1:*:*:*:*:*:*

cpe:2.3:a:avaya:iq:5.0:*:*:*:*:*:*:*

cpe:2.3:a:avaya:iq:5.1:*:*:*:*:*:*:*

cpe:2.3:a:avaya:voice_portal:5.0:*:*:*:*:*:*:*

cpe:2.3:a:avaya:voice_portal:5.1:-:*:*:*:*:*:*

cpe:2.3:a:avaya:voice_portal:5.1:sp1:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:-:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:-:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux_enterprise_server:11:-:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
89680VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0012) (remote check)NessusMisc.
high
79507OracleVM 2.2 : kernel (OVMSA-2013-0039)NessusOracleVM Local Security Checks
high
75548openSUSE Security Update : Kernel (openSUSE-SU-2010:0592-1)NessusSuSE Local Security Checks
high
68106Oracle Linux 5 : kernel (ELSA-2010-0723)NessusOracle Linux Local Security Checks
high
68092Oracle Linux 5 : kernel (ELSA-2010-0661)NessusOracle Linux Local Security Checks
high
67080CentOS 5 : kernel (CESA-2010:0723)NessusCentOS Local Security Checks
high
67079CentOS 5 : kernel (CESA-2010:0661)NessusCentOS Local Security Checks
high
65101Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1083-1)NessusUbuntu Local Security Checks
critical
63951RHEL 5 : kernel (RHSA-2010:0670)NessusRed Hat Local Security Checks
high
63950RHEL 5 : kernel (RHSA-2010:0660)NessusRed Hat Local Security Checks
high
56508VMSA-2011-0012 : VMware ESXi and ESX updates to third-party libraries and ESX Service ConsoleNessusVMware ESX Local Security Checks
high
53669openSUSE Security Update : kernel (openSUSE-SU-2010:0895-2)NessusSuSE Local Security Checks
high
51610SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 3068 / 3069 / 3070)NessusSuSE Local Security Checks
critical
50925SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 3358 / 3361 / 3362)NessusSuSE Local Security Checks
high
50044Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : linux, linux-ec2, linux-source-2.6.15 vulnerabilities (USN-1000-1)NessusUbuntu Local Security Checks
critical
49795Mandriva Linux Security Advisory : kernel (MDVSA-2010:198)NessusMandriva Local Security Checks
critical
49746RHEL 5 : kernel (RHSA-2010:0723)NessusRed Hat Local Security Checks
high
49671openSUSE Security Update : kernel (openSUSE-SU-2010:0664-1)NessusSuSE Local Security Checks
critical
49666Mandriva Linux Security Advisory : kernel (MDVSA-2010:188)NessusMandriva Local Security Checks
critical
48935RHEL 5 : kernel (RHSA-2010:0661)NessusRed Hat Local Security Checks
high
48415Fedora 12 : kernel-2.6.32.19-163.fc12 (2010-13110)NessusFedora Local Security Checks
high
48414Fedora 13 : kernel-2.6.33.8-149.fc13 (2010-13058)NessusFedora Local Security Checks
high
48387Debian DSA-2094-1 : linux-2.6 - privilege escalation/denial of service/information leakNessusDebian Local Security Checks
critical