8.1
CVE-2010-2943
- EPSS 17.01%
- Veröffentlicht 30.09.2010 15:00:01
- Zuletzt bearbeitet 16.06.2026 23:21:48
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 2.6.35
Canonical ≫ Ubuntu Linux Version6.06 SwEdition-
Canonical ≫ Ubuntu Linux Version9.10
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version10.10
Avaya ≫ Aura Communication Manager Version5.2
Avaya ≫ Aura Presence Services Version6.0
Avaya ≫ Aura Presence Services Version6.1
Avaya ≫ Aura Presence Services Version6.1.1
Avaya ≫ Aura Session Manager Version1.1
Avaya ≫ Aura Session Manager Version5.2
Avaya ≫ Aura Session Manager Version6.0
Avaya ≫ Aura System Manager Version5.2
Avaya ≫ Aura System Manager Version6.0
Avaya ≫ Aura System Manager Version6.1
Avaya ≫ Aura System Manager Version6.1.1
Avaya ≫ Aura System Platform Version1.1
Avaya ≫ Aura System Platform Version6.0 Update-
Avaya ≫ Aura System Platform Version6.0 Updatesp1
Avaya ≫ Aura Voice Portal Version5.0
Avaya ≫ Aura Voice Portal Version5.1 Update-
Avaya ≫ Aura Voice Portal Version5.1 Updatesp1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 17.01% | 0.967 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://secunia.com/advisories/46397
http://support.avaya.com/css/P8/documents/100113326
http://www.redhat.com/support/errata/RHSA-2010-0723.html
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35
http://secunia.com/advisories/42758
http://www.ubuntu.com/usn/USN-1041-1
http://www.vupen.com/english/advisories/2011/0070
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa
http://oss.sgi.com/archives/xfs/2010-06/msg00191.html
http://oss.sgi.com/archives/xfs/2010-06/msg00198.html
http://secunia.com/advisories/43161
http://www.openwall.com/lists/oss-security/2010/08/18/2
http://www.openwall.com/lists/oss-security/2010/08/19/5
http://www.securityfocus.com/bid/42527
http://www.ubuntu.com/usn/USN-1057-1
http://www.vupen.com/english/advisories/2011/0280
https://bugzilla.redhat.com/show_bug.cgi?id=624923