7.8

CVE-2010-4210

Exploit
The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service (kernel panic), overwrite arbitrary memory locations, and possibly execute arbitrary code via vectors related to opening a file on a file system that uses pseudofs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreebsdFreebsd Version >= 7.0 < 7.3
FreebsdFreebsd Version8.0 Updatep1
FreebsdFreebsd Version8.0 Updatep2
FreebsdFreebsd Version8.0 Updatep3
FreebsdFreebsd Version8.0 Updatep4
FreebsdFreebsd Version8.0 Updatep5
FreebsdFreebsd Version8.0 Updatep6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.13% 0.622
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

http://secunia.com/advisories/42200
Vendor Advisory
Broken Link
http://security.FreeBSD.org/advisories/FreeBSD-SA-10:09.pseudofs.asc
Vendor Advisory
http://www.securitytracker.com/id?1024724
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2010/2956
Vendor Advisory
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/63218
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/15206/
Third Party Advisory
Exploit
VDB Entry