CVE-2010-1146
published 2010-04-12CVE-2010-1146: The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows…
PriorityP431medium6.9CVSS 2.0
AVLACMAuNCCICAC
EXPLOIT
EPSS
1.82%
76.1th percentile
The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | <= 2.6.33.2 | — |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat6.9MEDIUM
vendor_ubuntu4.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mhg9-c3jh-ww6w: The Linux kernel 2
ghsa_unreviewed·2022-05-02
CVE-2010-1146 [MEDIUM] GHSA-mhg9-c3jh-ww6w: The Linux kernel 2
The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/.
Ubuntu
Linux kernel regression
vendor_ubuntu·2010-06-04·CVSS 4.7
CVE-2010-0419 [MEDIUM] Linux kernel regression
Title: Linux kernel regression
Summary: KVM regressed under some conditions in the Linux kernel.
USN-947-1 fixed vulnerabilities in the Linux kernel. Fixes for
CVE-2010-0419 caused failures when using KVM in certain situations.
This update reverts that fix until a better solution can be found.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the Linux kernel did not correctly handle memory
protection of the Virtual Dynamic Shared Object page when running
a 32-bit application on a 64-bit kernel. A local attacker could
exploit this to cause a denial of service. (Only affected Ubuntu 6.06
LTS.) (CVE-2009-4271)
It was discovered that the r8169 network driver did not correctly check
the size of Ethernet frames. A remote attacker could send specially
cr
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2010-06-03·CVSS 4.7
CVE-2009-4271 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Multiple flaws in the Linux kernel.
It was discovered that the Linux kernel did not correctly handle memory
protection of the Virtual Dynamic Shared Object page when running
a 32-bit application on a 64-bit kernel. A local attacker could
exploit this to cause a denial of service. (Only affected Ubuntu 6.06
LTS.) (CVE-2009-4271)
It was discovered that the r8169 network driver did not correctly check
the size of Ethernet frames. A remote attacker could send specially
crafted traffic to crash the system, leading to a denial of service.
(CVE-2009-4537)
Wei Yongjun discovered that SCTP did not correctly validate certain
chunks. A remote attacker could send specially crafted traffic to
monopolize CPU resources, leading to a denial of service. (Onl
Red Hat
CVE-2010-1146 Kernel allows access to .reiserfs_priv
vendor_redhat·CVSS 6.9
CVE-2010-1146 [MEDIUM] CVE-2010-1146 Kernel allows access to .reiserfs_priv
CVE-2010-1146 Kernel allows access to .reiserfs_priv
The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/.
Statement: Not vulnerable. The Linux kernel as shipped with with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG did not include support for reiserfs and therefore are not affected by this issue.
No detection rules found.
Bugzilla
CVE-2010-1146 Kernel allows access to .reiserfs_priv
bugzilla·2010-02-24·CVSS 6.9
CVE-2010-1146 [MEDIUM] CVE-2010-1146 Kernel allows access to .reiserfs_priv
CVE-2010-1146 Kernel allows access to .reiserfs_priv
Description of problem:
The kernel allows processes to access the internal ".reiserfs_priv" directory at the top of a reiserfs filesystem which is used to store xattrs. Permissions are not enforced in that tree, so unprivileged users can view and potentially modify the xattrs on arbitrary files.
Version-Release number of selected component (if applicable):
kernel-2.6.31.12-174.2.22.fc12.x86_64
How reproducible:
Always
Steps to Reproduce:
As root:
truncate --size 64M test.reiserfs
mkreiserfs -f test.reiserfs
mkdir /mnt/test
mount -o loop,rw,user_xattr test.reiserfs /mnt/test
setfattr -n user.test -v myvalue /mnt/test
As an unprivileged user:
ls -l /mnt/test/.reiserfs_priv/xattrs/2.0
rm /mnt/test/.reiserfs_priv/xattrs/2.0/user.test #
arXiv
The Security War in File Systems: An Empirical Study from A Vulnerability-Centric Perspective
arxiv_fulltext·2022-04-26
The Security War in File Systems: An Empirical Study from A Vulnerability-Centric Perspective
The Security War in File Systems: An Empirical Study from A Vulnerability-Centric Perspective
## Abstract
This paper presents a systematic study on the security of modern file systems,
following a vulnerability-centric perspective. Specifically,
we collected 377 file system vulnerabilities committed to the CVE database in the past 20 years.
We characterize them from four dimensions that include why the vulnerabilities appear,
how the vulnerabilities can be exploited, what consequences can arise,
and how the vulnerabilities are fixed. This way, we build a deep understanding of
the attack surfaces faced by file systems, the threats imposed by the attack surfaces,
and the good and bad practices in mitigating the attacks in file systems. We envision that our study
will bring insights toward
http://marc.info/?l=linux-kernel&m=127076012022155&w=2http://osvdb.org/63601http://secunia.com/advisories/39316http://www.exploit-db.com/exploits/12130http://www.securityfocus.com/bid/39344https://bugzilla.redhat.com/show_bug.cgi?id=568041https://exchange.xforce.ibmcloud.com/vulnerabilities/57782http://marc.info/?l=linux-kernel&m=127076012022155&w=2http://osvdb.org/63601http://secunia.com/advisories/39316http://www.exploit-db.com/exploits/12130http://www.securityfocus.com/bid/39344https://bugzilla.redhat.com/show_bug.cgi?id=568041https://exchange.xforce.ibmcloud.com/vulnerabilities/57782
2010-04-12
Published