2.1

CVE-2010-2946

fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 2.6.35.2
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version8.04 SwEditionlts
CanonicalUbuntu Linux Version9.04
CanonicalUbuntu Linux Version9.10
CanonicalUbuntu Linux Version10.04 SwEditionlts
CanonicalUbuntu Linux Version10.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.339
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
Third Party Advisory
Mailing List
http://www.ubuntu.com/usn/USN-1000-1
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0298
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html
Third Party Advisory
Mailing List
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/43291
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0375
Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=aca0fa34bdaba39bfddddba8ca70dba4782e8fe6
http://secunia.com/advisories/41321
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.10
Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.51
Vendor Advisory
http://www.openwall.com/lists/oss-security/2010/08/20/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2010/08/20/11
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/42589
Third Party Advisory
VDB Entry