4.6

CVE-2010-2071

Exploit

EPSS 0.06%
Veröffentlicht 16.06.2010 20:30:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 2.6.34

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.19

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=2f26afba

http://lkml.org/lkml/2010/5/17/544

Patch

Third Party Advisory

Exploit

http://www.openwall.com/lists/oss-security/2010/06/11/3

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2010/06/14/2

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2010-2071

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2071

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2071

EUVD