7.5

CVE-2005-2801

Exploit
xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when sharing xattr blocks, which could prevent default ACLs from being applied.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version2.6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.37% 0.872
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-697 Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect.

http://www.securityfocus.com/archive/1/427980/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://secunia.com/advisories/17826
Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
Broken Link
http://www.novell.com/linux/security/advisories/2005_18_kernel.html
Patch
Vendor Advisory
Broken Link
http://secunia.com/advisories/18056
Broken Link
http://www.debian.org/security/2005/dsa-922
Third Party Advisory
http://secunia.com/advisories/18059
Broken Link
http://www.debian.org/security/2005/dsa-921
Third Party Advisory
http://secunia.com/advisories/17073
Broken Link
http://www.redhat.com/support/errata/RHSA-2005-514.html
Broken Link
http://secunia.com/advisories/19252
Broken Link
http://www.redhat.com/support/errata/RHSA-2006-0144.html
Broken Link
http://acl.bestbits.at/pipermail/acl-devel/2005-February/001848.html
Exploit
Broken Link
http://lists.debian.org/debian-kernel/2005/08/msg00238.html
Patch
Mailing List
http://www.securityfocus.com/bid/14793
Third Party Advisory
Broken Link
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10495
Broken Link