Lucene search

[email protected]NVD:CVE-2010-2943

HistorySep 30, 2010 - 3:00 p.m.

CVE-2010-2943

2010-09-3015:00:01

CWE-200

[email protected]

web.nvd.nist.gov

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

7.5 High

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

89.0%

JSON

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.

Affected configurations

NVD

Node

linuxlinux_kernelRange<2.6.35

Node

canonicalubuntu_linuxMatch6.06-

canonicalubuntu_linuxMatch9.10

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch10.10

Node

vmwareesxMatch4.0

vmwareesxMatch4.1

Node

avayaaura_communication_managerMatch5.2

avayaaura_presence_servicesMatch6.0

avayaaura_presence_servicesMatch6.1

avayaaura_presence_servicesMatch6.1.1

avayaaura_session_managerMatch1.1

avayaaura_session_managerMatch5.2

avayaaura_session_managerMatch6.0

avayaaura_system_managerMatch5.2

avayaaura_system_managerMatch6.0

avayaaura_system_managerMatch6.1

avayaaura_system_managerMatch6.1.1

avayaaura_system_platformMatch1.1

avayaaura_system_platformMatch6.0-

avayaaura_system_platformMatch6.0sp1

avayaaura_voice_portalMatch5.0

avayaaura_voice_portalMatch5.1-

avayaaura_voice_portalMatch5.1sp1

avayaiqMatch5.0

avayaiqMatch5.1

References

article.gmane.org/gmane.comp.file-systems.xfs.general/33767

article.gmane.org/gmane.comp.file-systems.xfs.general/33768

article.gmane.org/gmane.comp.file-systems.xfs.general/33769

article.gmane.org/gmane.comp.file-systems.xfs.general/33771

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa

oss.sgi.com/archives/xfs/2010-06/msg00191.html

oss.sgi.com/archives/xfs/2010-06/msg00198.html

secunia.com/advisories/42758

secunia.com/advisories/43161

secunia.com/advisories/46397

support.avaya.com/css/P8/documents/100113326

www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35

www.openwall.com/lists/oss-security/2010/08/18/2

www.openwall.com/lists/oss-security/2010/08/19/5

www.redhat.com/support/errata/RHSA-2010-0723.html

www.securityfocus.com/archive/1/520102/100/0/threaded

www.securityfocus.com/bid/42527

www.ubuntu.com/usn/USN-1041-1

www.ubuntu.com/usn/USN-1057-1

www.vmware.com/security/advisories/VMSA-2011-0012.html

www.vupen.com/english/advisories/2011/0070

www.vupen.com/english/advisories/2011/0280

bugzilla.redhat.com/show_bug.cgi?id=624923

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

7.5 High

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

89.0%

JSON

Related for NVD:CVE-2010-2943

ubuntucve1 cve1 cvelist1 veracode1 prion1 nessus12 oraclelinux2 openvas19 ubuntu7 centos1 redhat1 suse1 vmware2