Lucene search
HistoryJun 01, 2010 - 8:30 p.m.
CVE-2010-1641
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.4
Confidence
High
EPSS
0
Percentile
10.1%
The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request.
Affected configurations
Node
linuxlinux_kernelRange≤2.6.34git9
ORlinuxlinux_kernelMatch2.6.0
ORlinuxlinux_kernelMatch2.6.1
ORlinuxlinux_kernelMatch2.6.2
ORlinuxlinux_kernelMatch2.6.3
ORlinuxlinux_kernelMatch2.6.4
ORlinuxlinux_kernelMatch2.6.5
ORlinuxlinux_kernelMatch2.6.6
ORlinuxlinux_kernelMatch2.6.7
ORlinuxlinux_kernelMatch2.6.8
ORlinuxlinux_kernelMatch2.6.8.1
ORlinuxlinux_kernelMatch2.6.9
ORlinuxlinux_kernelMatch2.6.10
ORlinuxlinux_kernelMatch2.6.11
ORlinuxlinux_kernelMatch2.6.11.1
ORlinuxlinux_kernelMatch2.6.11.2
ORlinuxlinux_kernelMatch2.6.11.3
ORlinuxlinux_kernelMatch2.6.11.4
ORlinuxlinux_kernelMatch2.6.11.5
ORlinuxlinux_kernelMatch2.6.11.6
ORlinuxlinux_kernelMatch2.6.11.7
ORlinuxlinux_kernelMatch2.6.11.8
ORlinuxlinux_kernelMatch2.6.11.9
ORlinuxlinux_kernelMatch2.6.11.10
ORlinuxlinux_kernelMatch2.6.11.11
ORlinuxlinux_kernelMatch2.6.11.12
ORlinuxlinux_kernelMatch2.6.12
ORlinuxlinux_kernelMatch2.6.12.1
ORlinuxlinux_kernelMatch2.6.12.2
ORlinuxlinux_kernelMatch2.6.12.3
ORlinuxlinux_kernelMatch2.6.12.4
ORlinuxlinux_kernelMatch2.6.12.5
ORlinuxlinux_kernelMatch2.6.12.6
ORlinuxlinux_kernelMatch2.6.13
ORlinuxlinux_kernelMatch2.6.13.1
ORlinuxlinux_kernelMatch2.6.13.2
ORlinuxlinux_kernelMatch2.6.13.3
ORlinuxlinux_kernelMatch2.6.13.4
ORlinuxlinux_kernelMatch2.6.13.5
ORlinuxlinux_kernelMatch2.6.14
ORlinuxlinux_kernelMatch2.6.14.1
ORlinuxlinux_kernelMatch2.6.14.3
ORlinuxlinux_kernelMatch2.6.14.4
ORlinuxlinux_kernelMatch2.6.14.5
ORlinuxlinux_kernelMatch2.6.14.6
ORlinuxlinux_kernelMatch2.6.14.7
ORlinuxlinux_kernelMatch2.6.15
ORlinuxlinux_kernelMatch2.6.15.1
ORlinuxlinux_kernelMatch2.6.15.2
ORlinuxlinux_kernelMatch2.6.15.3
ORlinuxlinux_kernelMatch2.6.15.4
ORlinuxlinux_kernelMatch2.6.15.5
ORlinuxlinux_kernelMatch2.6.15.6
ORlinuxlinux_kernelMatch2.6.15.7
ORlinuxlinux_kernelMatch2.6.16
ORlinuxlinux_kernelMatch2.6.16.1
ORlinuxlinux_kernelMatch2.6.16.2
ORlinuxlinux_kernelMatch2.6.16.3
ORlinuxlinux_kernelMatch2.6.16.4
ORlinuxlinux_kernelMatch2.6.16.5
ORlinuxlinux_kernelMatch2.6.16.6
ORlinuxlinux_kernelMatch2.6.16.7
ORlinuxlinux_kernelMatch2.6.16.8
ORlinuxlinux_kernelMatch2.6.16.9
ORlinuxlinux_kernelMatch2.6.16.10
ORlinuxlinux_kernelMatch2.6.16.11
ORlinuxlinux_kernelMatch2.6.16.12
ORlinuxlinux_kernelMatch2.6.16.13
ORlinuxlinux_kernelMatch2.6.16.14
ORlinuxlinux_kernelMatch2.6.16.15
ORlinuxlinux_kernelMatch2.6.16.16
ORlinuxlinux_kernelMatch2.6.16.17
ORlinuxlinux_kernelMatch2.6.16.18
ORlinuxlinux_kernelMatch2.6.16.19
ORlinuxlinux_kernelMatch2.6.16.20
ORlinuxlinux_kernelMatch2.6.16.21
ORlinuxlinux_kernelMatch2.6.16.22
ORlinuxlinux_kernelMatch2.6.16.23
ORlinuxlinux_kernelMatch2.6.16.24
ORlinuxlinux_kernelMatch2.6.16.25
ORlinuxlinux_kernelMatch2.6.16.26
ORlinuxlinux_kernelMatch2.6.16.27
ORlinuxlinux_kernelMatch2.6.16.28
ORlinuxlinux_kernelMatch2.6.16.29
ORlinuxlinux_kernelMatch2.6.16.30
ORlinuxlinux_kernelMatch2.6.16.31
ORlinuxlinux_kernelMatch2.6.17
ORlinuxlinux_kernelMatch2.6.17.1
ORlinuxlinux_kernelMatch2.6.17.2
ORlinuxlinux_kernelMatch2.6.17.3
ORlinuxlinux_kernelMatch2.6.17.4
ORlinuxlinux_kernelMatch2.6.17.5
ORlinuxlinux_kernelMatch2.6.17.6
ORlinuxlinux_kernelMatch2.6.17.7
ORlinuxlinux_kernelMatch2.6.17.8
ORlinuxlinux_kernelMatch2.6.17.9
ORlinuxlinux_kernelMatch2.6.17.10
ORlinuxlinux_kernelMatch2.6.17.11
ORlinuxlinux_kernelMatch2.6.17.12
ORlinuxlinux_kernelMatch2.6.17.13
ORlinuxlinux_kernelMatch2.6.17.14
ORlinuxlinux_kernelMatch2.6.18.1
ORlinuxlinux_kernelMatch2.6.18.2
ORlinuxlinux_kernelMatch2.6.18.3
ORlinuxlinux_kernelMatch2.6.18.4
ORlinuxlinux_kernelMatch2.6.18.5
ORlinuxlinux_kernelMatch2.6.18.6
ORlinuxlinux_kernelMatch2.6.18.7
ORlinuxlinux_kernelMatch2.6.18.8
ORlinuxlinux_kernelMatch2.6.22
ORlinuxlinux_kernelMatch2.6.22.2
ORlinuxlinux_kernelMatch2.6.22.3
ORlinuxlinux_kernelMatch2.6.22.4
ORlinuxlinux_kernelMatch2.6.22.5
ORlinuxlinux_kernelMatch2.6.22.6
ORlinuxlinux_kernelMatch2.6.22.7
ORlinuxlinux_kernelMatch2.6.23
ORlinuxlinux_kernelMatch2.6.23rc1
ORlinuxlinux_kernelMatch2.6.23rc2
ORlinuxlinux_kernelMatch2.6.23.1
ORlinuxlinux_kernelMatch2.6.23.2
ORlinuxlinux_kernelMatch2.6.23.3
ORlinuxlinux_kernelMatch2.6.23.4
ORlinuxlinux_kernelMatch2.6.23.5
ORlinuxlinux_kernelMatch2.6.23.6
ORlinuxlinux_kernelMatch2.6.23.7
ORlinuxlinux_kernelMatch2.6.24rc1
ORlinuxlinux_kernelMatch2.6.24rc2
ORlinuxlinux_kernelMatch2.6.24rc3
ORlinuxlinux_kernelMatch2.6.24rc4
ORlinuxlinux_kernelMatch2.6.24rc5
ORlinuxlinux_kernelMatch2.6.32
ORlinuxlinux_kernelMatch2.6.32.1
ORlinuxlinux_kernelMatch2.6.32.2
ORlinuxlinux_kernelMatch2.6.32.3
ORlinuxlinux_kernelMatch2.6.32.4
ORlinuxlinux_kernelMatch2.6.33
ORlinuxlinux_kernelMatch2.6.33rc1
ORlinuxlinux_kernelMatch2.6.33rc2
ORlinuxlinux_kernelMatch2.6.33rc3
ORlinuxlinux_kernelMatch2.6.33rc4
ORlinuxlinux_kernelMatch2.6.33rc5
ORlinuxlinux_kernelMatch2.6.33rc6
ORlinuxlinux_kernelMatch2.6.33.1
ORlinuxlinux_kernelMatch2.6.33.2
ORlinuxlinux_kernelMatch2.6.34git1
ORlinuxlinux_kernelMatch2.6.34git2
ORlinuxlinux_kernelMatch2.6.34git3
ORlinuxlinux_kernelMatch2.6.34git4
ORlinuxlinux_kernelMatch2.6.34git5
ORlinuxlinux_kernelMatch2.6.34git6
ORlinuxlinux_kernelMatch2.6.34git7
ORlinuxlinux_kernelMatch2.6.34git8
ORlinuxlinux_kernelMatch2.6.34rc1
ORlinuxlinux_kernelMatch2.6.34rc2
ORlinuxlinux_kernelMatch2.6.34rc3
ORlinuxlinux_kernelMatch2.6.34rc4
ORlinuxlinux_kernelMatch2.6.34rc5
ORlinuxlinux_kernelMatch2.6.34rc6
ORlinuxlinux_kernelMatch2.6.34rc7
References
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7df0e0397b9a18358573274db9fdab991941062f
lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html
lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html
secunia.com/advisories/40645
secunia.com/advisories/43315
www.kernel.org/pub/linux/kernel/v2.6/snapshots/incr/patch-2.6.34-git9-git10.bz2
www.openwall.com/lists/oss-security/2010/05/25/1
www.openwall.com/lists/oss-security/2010/05/25/12
www.openwall.com/lists/oss-security/2010/05/26/1
www.securityfocus.com/archive/1/516397/100/0/threaded
www.securityfocus.com/bid/40356
www.vmware.com/security/advisories/VMSA-2011-0003.html
www.vupen.com/english/advisories/2010/1857
bugzilla.redhat.com/show_bug.cgi?id=595579
exchange.xforce.ibmcloud.com/vulnerabilities/58926
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9916
www.redhat.com/archives/cluster-devel/2010-May/msg00049.html
Related
prion
prion
Design/Logic Flaw
2010-06-01 20:30:00
cvelist
cvelist
CVE-2010-1641
2010-06-01 20:00:00
ubuntucve
ubuntucve
CVE-2010-1641
2010-06-01 00:00:00
cve
cve
CVE-2010-1641
2010-06-01 20:30:02
veracode
veracode
Authorization Bypass
2020-04-10 00:51:24
nessus
nessus
openSUSE Security Update : kernel (openSUSE-SU-2010:0397-1)
2010-07-21 00:00:00
suse
suse
local privilege escalation in kernel
2010-08-02 13:03:12
remote denial of service in kernel
2010-07-20 16:48:50
local privilege escalation in kernel
2010-09-23 16:37:26
openvas
openvas
SuSE Update for kernel SUSE-SA:2010:031
2010-07-23 00:00:00
SuSE Update for kernel SUSE-SA:2010:031
2010-07-23 00:00:00
Oracle: Security Advisory (ELSA-2010-0504)
2015-10-06 00:00:00
redhat
redhat
(RHSA-2010:0504) Important: kernel security and bug fix update
2010-07-01 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2010-07-01 00:00:00
Oracle Linux 5.6 kernel security and bug fix update
2011-01-20 00:00:00
centos
centos
kernel security update
2010-07-02 11:14:40
ubuntu
ubuntu
Linux kernel vulnerabilities
2010-08-04 00:00:00
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.4
Confidence
High
EPSS
0
Percentile
10.1%
Related for NVD:CVE-2010-1641