CVE-2010-2943
XFS - Deleted Inode Local Information Disclosure
Severity Score
8.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.
La implementación xfs en el kernel Linux, en versiones anteriores a la 2.6.35, no busca la asignación de inodes btrees antes de leer los búfer inode, lo que permite a atacantes remotos autenticados leer ficheros no enlazados o leer o sobreescribir bloques de disco que están asignados actualmente a un fichero activo pero que fueron previamente asignados a un fichero no enlazado, accediendo a un manejador de fichero NFS antiguo.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-08-04 CVE Reserved
- 2010-09-29 First Exploit
- 2010-09-30 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (27)
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/15155 | 2010-09-29 | |
| http://www.securityfocus.com/bid/42527 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2010/08/18/2 | 2023-02-13 | |
| http://www.openwall.com/lists/oss-security/2010/08/19/5 | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=624923 | 2010-09-29 |
| URL | Date | SRC |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2010-0723.html | 2023-02-13 | |
| http://www.ubuntu.com/usn/USN-1041-1 | 2023-02-13 | |
| http://www.ubuntu.com/usn/USN-1057-1 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2010-2943 | 2010-09-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 2.6.35 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.35" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 9.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.10" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esx Search vendor "Vmware" for product "Esx" | 4.0 Search vendor "Vmware" for product "Esx" and version "4.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esx Search vendor "Vmware" for product "Esx" | 4.1 Search vendor "Vmware" for product "Esx" and version "4.1" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Aura Communication Manager Search vendor "Avaya" for product "Aura Communication Manager" | 5.2 Search vendor "Avaya" for product "Aura Communication Manager" and version "5.2" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Aura Presence Services Search vendor "Avaya" for product "Aura Presence Services" | 6.0 Search vendor "Avaya" for product "Aura Presence Services" and version "6.0" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Aura Presence Services Search vendor "Avaya" for product "Aura Presence Services" | 6.1 Search vendor "Avaya" for product "Aura Presence Services" and version "6.1" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Aura Presence Services Search vendor "Avaya" for product "Aura Presence Services" | 6.1.1 Search vendor "Avaya" for product "Aura Presence Services" and version "6.1.1" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Aura Session Manager Search vendor "Avaya" for product "Aura Session Manager" | 1.1 Search vendor "Avaya" for product "Aura Session Manager" and version "1.1" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Aura Session Manager Search vendor "Avaya" for product "Aura Session Manager" | 5.2 Search vendor "Avaya" for product "Aura Session Manager" and version "5.2" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Aura Session Manager Search vendor "Avaya" for product "Aura Session Manager" | 6.0 Search vendor "Avaya" for product "Aura Session Manager" and version "6.0" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Aura System Manager Search vendor "Avaya" for product "Aura System Manager" | 5.2 Search vendor "Avaya" for product "Aura System Manager" and version "5.2" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Aura System Manager Search vendor "Avaya" for product "Aura System Manager" | 6.0 Search vendor "Avaya" for product "Aura System Manager" and version "6.0" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Aura System Manager Search vendor "Avaya" for product "Aura System Manager" | 6.1 Search vendor "Avaya" for product "Aura System Manager" and version "6.1" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Aura System Manager Search vendor "Avaya" for product "Aura System Manager" | 6.1.1 Search vendor "Avaya" for product "Aura System Manager" and version "6.1.1" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Aura System Platform Search vendor "Avaya" for product "Aura System Platform" | 1.1 Search vendor "Avaya" for product "Aura System Platform" and version "1.1" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Aura System Platform Search vendor "Avaya" for product "Aura System Platform" | 6.0 Search vendor "Avaya" for product "Aura System Platform" and version "6.0" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Aura System Platform Search vendor "Avaya" for product "Aura System Platform" | 6.0 Search vendor "Avaya" for product "Aura System Platform" and version "6.0" | sp1 |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Aura Voice Portal Search vendor "Avaya" for product "Aura Voice Portal" | 5.0 Search vendor "Avaya" for product "Aura Voice Portal" and version "5.0" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Aura Voice Portal Search vendor "Avaya" for product "Aura Voice Portal" | 5.1 Search vendor "Avaya" for product "Aura Voice Portal" and version "5.1" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Aura Voice Portal Search vendor "Avaya" for product "Aura Voice Portal" | 5.1 Search vendor "Avaya" for product "Aura Voice Portal" and version "5.1" | sp1 |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Iq Search vendor "Avaya" for product "Iq" | 5.0 Search vendor "Avaya" for product "Iq" and version "5.0" | - |
Affected
| ||||||
| Avaya Search vendor "Avaya" | Iq Search vendor "Avaya" for product "Iq" | 5.1 Search vendor "Avaya" for product "Iq" and version "5.1" | - |
Affected
| ||||||