Lucene search
HistoryJun 16, 2010 - 8:30 p.m.
CVE-2010-2071
linux
kernel
btrfs
vulnerability
file permissions
acl
nvd
cve-2010-2071
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl.
Affected configurations
Node
linuxlinux_kernelRange≤2.6.34
| CPE | Name | Operator | Version |
|---|---|---|---|
| linux:linux_kernel | linux linux kernel | le | 2.6.34 |
References
Social References
More
Related
prion
prion
Design/Logic Flaw
2010-06-16 20:30:00
nvd
nvd
CVE-2010-2071
2010-06-16 20:30:02
redhatcve
redhatcve
CVE-2010-2071
2019-10-04 21:50:57
cvelist
cvelist
CVE-2010-2071
2010-06-16 20:00:00
ubuntucve
ubuntucve
CVE-2010-2071
2010-06-16 00:00:00
nessus
nessus
fedora
fedora
[SECURITY] Fedora 13 Update: kernel-2.6.33.6-147.2.4.fc13
2010-08-03 01:11:50
[SECURITY] Fedora 13 Update: kernel-2.6.33.6-147.fc13
2010-07-08 18:24:53
[SECURITY] Fedora 13 Update: kernel-2.6.33.8-149.fc13
2010-08-23 22:09:13
openvas
openvas
Fedora Update for kernel FEDORA-2010-10876
2010-07-12 00:00:00
Fedora Update for kernel FEDORA-2010-11462
2010-08-06 00:00:00
Fedora Update for kernel FEDORA-2010-11462
2010-08-06 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2010-08-04 00:00:00
suse
suse
local privilege escalation in kernel
2010-09-23 16:37:26
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2010-2071