CVE-2010-2943

MEDIUM

Description

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.

References

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1920779e67cbf5ea8afef317777c5bf2b8096188

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7124fe0a5b619d65b739477b3b55a20bf805b06d

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7b6259e7a83647948fa33a736cc832310c8d85aa

http://oss.sgi.com/archives/xfs/2010-06/msg00191.html

http://oss.sgi.com/archives/xfs/2010-06/msg00198.html

http://secunia.com/advisories/42758

http://secunia.com/advisories/43161

http://secunia.com/advisories/46397

http://support.avaya.com/css/P8/documents/100113326

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35

http://www.openwall.com/lists/oss-security/2010/08/18/2

http://www.openwall.com/lists/oss-security/2010/08/19/5

http://www.redhat.com/support/errata/RHSA-2010-0723.html

http://www.securityfocus.com/archive/1/520102/100/0/threaded

http://www.securityfocus.com/bid/42527

http://www.ubuntu.com/usn/USN-1041-1

http://www.ubuntu.com/usn/USN-1057-1

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

http://www.vupen.com/english/advisories/2011/0070

http://www.vupen.com/english/advisories/2011/0280

https://bugzilla.redhat.com/show_bug.cgi?id=624923

Details

Source: MITRE

Published: 2010-09-30

Updated: 2020-08-10

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 6.4

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Impact Score: 5.2

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
89680VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0012) (remote check)NessusMisc.
high
68172Oracle Linux 5 : Unbreakable Enterprise kernel (ELSA-2010-2008)NessusOracle Linux Local Security Checks
high
68106Oracle Linux 5 : kernel (ELSA-2010-0723)NessusOracle Linux Local Security Checks
high
67080CentOS 5 : kernel (CESA-2010:0723)NessusCentOS Local Security Checks
high
65101Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1083-1)NessusUbuntu Local Security Checks
critical
65103Ubuntu 10.04 LTS / 10.10 : linux-mvl-dove vulnerabilities (USN-1093-1)NessusUbuntu Local Security Checks
high
56508VMSA-2011-0012 : VMware ESXi and ESX updates to third-party libraries and ESX Service ConsoleNessusVMware ESX Local Security Checks
high
52597SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 4039 / 4042 / 4043)NessusSuSE Local Security Checks
high
52475Ubuntu 8.04 LTS : linux vulnerabilities (USN-1072-1)NessusUbuntu Local Security Checks
high
51870Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerabilities (USN-1057-1)NessusUbuntu Local Security Checks
high
51453Ubuntu 9.10 / 10.04 LTS / 10.10 : linux, linux-ec2 vulnerabilities (USN-1041-1)NessusUbuntu Local Security Checks
high
49746RHEL 5 : kernel (RHSA-2010:0723)NessusRed Hat Local Security Checks
high