8.1

CVE-2010-2943

Exploit
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 2.6.35
CanonicalUbuntu Linux Version6.06 SwEdition-
CanonicalUbuntu Linux Version9.10
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version10.10
VMwareEsx Version4.0
VMwareEsx Version4.1
AvayaAura Presence Services Version6.0
AvayaAura Presence Services Version6.1
AvayaAura Presence Services Version6.1.1
AvayaAura Session Manager Version1.1
AvayaAura Session Manager Version5.2
AvayaAura Session Manager Version6.0
AvayaAura System Manager Version5.2
AvayaAura System Manager Version6.0
AvayaAura System Manager Version6.1
AvayaAura System Manager Version6.1.1
AvayaAura System Platform Version1.1
AvayaAura System Platform Version6.0 Update-
AvayaAura System Platform Version6.0 Updatesp1
AvayaAura Voice Portal Version5.0
AvayaAura Voice Portal Version5.1 Update-
AvayaAura Voice Portal Version5.1 Updatesp1
AvayaIq Version5.0
AvayaIq Version5.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 17.01% 0.967
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://secunia.com/advisories/46397
Broken Link
http://support.avaya.com/css/P8/documents/100113326
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0723.html
Broken Link
http://www.securityfocus.com/archive/1/520102/100/0/threaded
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35
Broken Link
http://secunia.com/advisories/42758
Broken Link
http://www.ubuntu.com/usn/USN-1041-1
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0070
Broken Link
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767
Broken Link
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768
Broken Link
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769
Broken Link
http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771
Broken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa
http://oss.sgi.com/archives/xfs/2010-06/msg00191.html
Broken Link
http://oss.sgi.com/archives/xfs/2010-06/msg00198.html
Broken Link
http://secunia.com/advisories/43161
Broken Link
http://www.openwall.com/lists/oss-security/2010/08/18/2
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2010/08/19/5
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/42527
Third Party Advisory
Exploit
VDB Entry
http://www.ubuntu.com/usn/USN-1057-1
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0280
Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=624923
Patch
Third Party Advisory
Issue Tracking