CVE-2010-2071

Опубликовано: 16 июн. 2010

Источник: nvd

CVSS2: 4.6

EPSS Низкий

Описание

The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl.

Ссылки

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=2f26afba
http://lkml.org/lkml/2010/5/17/544
Exploit
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/06/11/3
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/06/14/2
Mailing List
Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=2f26afba
http://lkml.org/lkml/2010/5/17/544
Exploit
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/06/11/3
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/06/14/2
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 2.6.34 (включая)

EPSS

Процентиль: 19%

0.00061

Низкий

4.6 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2010-2071

ubuntu

больше 15 лет назад

CVE-2010-2071

debian

больше 15 лет назад

The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Lin ...

GHSA-8qmq-69vr-c6cq

github

больше 3 лет назад

EPSS

Процентиль: 19%

0.00061

Низкий

4.6 Medium

CVSS2

Дефекты

CWE-264