Lucene search

Veracode Vulnerability DatabaseVERACODE:24293

HistoryApr 10, 2020 - 12:51 a.m.

Authorization Bypass

2020-04-1000:51:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

JSON

kernel is vulnerable to authorization bypass. A flaw was found in the Linux kernel’s XFS file system implementation. The file handle lookup could return an invalid inode as valid. If an XFS file system was mounted via NFS (Network File System), a local attacker could access stale data or overwrite existing data that reused the inodes.

CPENameOperatorVersion
kerneleq2.6.18__92.1.6.el5
kerneleq2.6.18__92.1.26.el5
kerneleq2.6.18__92.1.18.el5
kerneleq2.6.18__92.1.13.el5
kerneleq2.6.18__194.el5
kerneleq2.6.18__128.1.10.el5
kerneleq2.6.18__164.el5
kerneleq2.6.18__92.el5
kerneleq2.6.18__128.1.1.el5
kerneleq2.6.18__8.1.6.el5

Name	Operator	Version
kernel	eq	2.6.18__92.1.6.el5
kernel	eq	2.6.18__92.1.26.el5
kernel	eq	2.6.18__92.1.18.el5
kernel	eq	2.6.18__92.1.13.el5
kernel	eq	2.6.18__194.el5
kernel	eq	2.6.18__128.1.10.el5
kernel	eq	2.6.18__164.el5
kernel	eq	2.6.18__92.el5
kernel	eq	2.6.18__128.1.1.el5
kernel	eq	2.6.18__8.1.6.el5

Rows per page:

1-10 of 1021

References

article.gmane.org/gmane.comp.file-systems.xfs.general/33767

article.gmane.org/gmane.comp.file-systems.xfs.general/33768

article.gmane.org/gmane.comp.file-systems.xfs.general/33769

article.gmane.org/gmane.comp.file-systems.xfs.general/33771

docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.5_Technical_Notes/kernel.html#id3512212

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1920779e67cbf5ea8afef317777c5bf2b8096188

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7124fe0a5b619d65b739477b3b55a20bf805b06d

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7b6259e7a83647948fa33a736cc832310c8d85aa

oss.sgi.com/archives/xfs/2010-06/msg00191.html

oss.sgi.com/archives/xfs/2010-06/msg00198.html

secunia.com/advisories/42758

secunia.com/advisories/43161

secunia.com/advisories/46397

support.avaya.com/css/P8/documents/100113326

www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35

www.openwall.com/lists/oss-security/2010/08/18/2

www.openwall.com/lists/oss-security/2010/08/19/5

www.redhat.com/security/updates/classification/#important

www.redhat.com/support/errata/RHSA-2010-0723.html

www.securityfocus.com/archive/1/520102/100/0/threaded

www.securityfocus.com/bid/42527

www.ubuntu.com/usn/USN-1041-1

www.ubuntu.com/usn/USN-1057-1

www.vmware.com/security/advisories/VMSA-2011-0012.html

www.vupen.com/english/advisories/2011/0070

www.vupen.com/english/advisories/2011/0280

access.redhat.com/errata/RHSA-2010:0723

bugzilla.redhat.com/show_bug.cgi?id=624923

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

JSON

Related for VERACODE:24293