8.1

CVE-2010-2943

Exploit

EPSS 3.82%
Veröffentlicht 30.09.2010 15:00:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 28

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 2.6.35

Canonical ≫ Ubuntu Linux Version6.06 SwEdition-

Canonical ≫ Ubuntu Linux Version9.10

Canonical ≫ Ubuntu Linux Version10.04 SwEdition-

Canonical ≫ Ubuntu Linux Version10.10

VMware ≫ Esx Version4.0

VMware ≫ Esx Version4.1

Avaya ≫ Aura Communication Manager Version5.2

Avaya ≫ Aura Presence Services Version6.0

Avaya ≫ Aura Presence Services Version6.1

Avaya ≫ Aura Presence Services Version6.1.1

Avaya ≫ Aura Session Manager Version1.1

Avaya ≫ Aura Session Manager Version5.2

Avaya ≫ Aura Session Manager Version6.0

Avaya ≫ Aura System Manager Version5.2

Avaya ≫ Aura System Manager Version6.0

Avaya ≫ Aura System Manager Version6.1

Avaya ≫ Aura System Manager Version6.1.1

Avaya ≫ Aura System Platform Version1.1

Avaya ≫ Aura System Platform Version6.0 Update-

Avaya ≫ Aura System Platform Version6.0 Updatesp1

Avaya ≫ Aura Voice Portal Version5.0

Avaya ≫ Aura Voice Portal Version5.1 Update-

Avaya ≫ Aura Voice Portal Version5.1 Updatesp1

Avaya ≫ Iq Version5.0

Avaya ≫ Iq Version5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.82%	0.877

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://secunia.com/advisories/46397

Broken Link

http://support.avaya.com/css/P8/documents/100113326

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2010-0723.html

Broken Link

http://www.securityfocus.com/archive/1/520102/100/0/threaded

Third Party Advisory

VDB Entry

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35

Broken Link

http://secunia.com/advisories/42758

Broken Link

http://www.ubuntu.com/usn/USN-1041-1

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0070

Broken Link

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767

Broken Link

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768

Broken Link

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769

Broken Link

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771

Broken Link

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa

http://oss.sgi.com/archives/xfs/2010-06/msg00191.html

Broken Link

http://oss.sgi.com/archives/xfs/2010-06/msg00198.html

Broken Link

http://secunia.com/advisories/43161

Broken Link

http://www.openwall.com/lists/oss-security/2010/08/18/2

Patch

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2010/08/19/5

Patch

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/42527

Third Party Advisory

Exploit

VDB Entry

http://www.ubuntu.com/usn/USN-1057-1

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0280

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=624923

Patch

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2010-2943

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2943

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2943

EUVD