The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Nov 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | () http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767 - Broken Link | |
References | () http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768 - Broken Link | |
References | () http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769 - Broken Link | |
References | () http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771 - Broken Link | |
References | () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188 - | |
References | () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d - | |
References | () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa - | |
References | () http://oss.sgi.com/archives/xfs/2010-06/msg00191.html - Broken Link | |
References | () http://oss.sgi.com/archives/xfs/2010-06/msg00198.html - Broken Link | |
References | () http://secunia.com/advisories/42758 - Broken Link | |
References | () http://secunia.com/advisories/43161 - Broken Link | |
References | () http://secunia.com/advisories/46397 - Broken Link | |
References | () http://support.avaya.com/css/P8/documents/100113326 - Third Party Advisory | |
References | () http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 - Broken Link | |
References | () http://www.openwall.com/lists/oss-security/2010/08/18/2 - Mailing List, Patch, Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2010/08/19/5 - Mailing List, Patch, Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2010-0723.html - Broken Link | |
References | () http://www.securityfocus.com/archive/1/520102/100/0/threaded - Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/42527 - Exploit, Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/USN-1041-1 - Third Party Advisory | |
References | () http://www.ubuntu.com/usn/USN-1057-1 - Third Party Advisory | |
References | () http://www.vmware.com/security/advisories/VMSA-2011-0012.html - Third Party Advisory | |
References | () http://www.vupen.com/english/advisories/2011/0070 - Broken Link | |
References | () http://www.vupen.com/english/advisories/2011/0280 - Broken Link | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=624923 - Issue Tracking, Patch, Third Party Advisory |
Information
Published : 2010-09-30 15:00
Updated : 2024-11-21 01:17
NVD link : CVE-2010-2943
Mitre link : CVE-2010-2943
CVE.ORG link : CVE-2010-2943
JSON object : View
Products Affected
avaya
- aura_system_platform
- iq
- aura_voice_portal
- aura_communication_manager
- aura_session_manager
- aura_presence_services
- aura_system_manager
canonical
- ubuntu_linux
linux
- linux_kernel
vmware
- esx
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor