CVE-2010-2071

{"id": "CVE-2010-2071", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-06-16T20:30:02.513", "references": [{"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=2f26afba", "source": "secalert@redhat.com"}, {"url": "http://lkml.org/lkml/2010/5/17/544", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2010/06/11/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2010/06/14/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=2f26afba", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lkml.org/lkml/2010/5/17/544", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2010/06/11/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2010/06/14/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl."}, {"lang": "es", "value": "La funci\u00f3n btrfs_xattr_set_acl en fs/btrfs/acl.c en btrfs en el kernel de linux v2.6.34 y anteriores no valida quien es el propietario de un archivo antes de establecer una ACL, lo que permite a usuarios locales evitar los permisos de fichero estableciendo ACLs de su elecci\u00f3n como se ha demostrado usando setfacl."}], "lastModified": "2024-11-21T01:15:50.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F9C2DD4-F6BE-4F83-BF87-CEFC4C8771D1", "versionEndIncluding": "2.6.34"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}