PRIOn knowledge basePRION:CVE-2010-2226Arbitrary file deletion
The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.
References
archives.free.net.ph/message/20100616.130710.301704aa.en.html
archives.free.net.ph/message/20100616.135735.40f53a32.en.html
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1817176a86352f65210139d4c794ad2d19fc6b63
lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html
lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
secunia.com/advisories/43315
www.debian.org/security/2010/dsa-2094
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35
www.mandriva.com/security/advisories?name=MDVSA-2010:198
www.redhat.com/support/errata/RHSA-2010-0610.html
www.securityfocus.com/archive/1/516397/100/0/threaded
www.securityfocus.com/bid/40920
www.ubuntu.com/usn/USN-1000-1
www.vmware.com/security/advisories/VMSA-2011-0003.html
www.vupen.com/english/advisories/2011/0298
bugzilla.redhat.com/show_bug.cgi?id=605158
marc.info/?l=oss-security&m=127677135609357&w=2
marc.info/?l=oss-security&m=127687486331790&w=2
Related
