Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Network
0

CVE-2010-2943

Disclosure Date: September 30, 2010
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
8.1 High
Impact Score:
5.2
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
None

General Information

Vendors

  • avaya,
  • canonical,
  • linux,
  • vmware

Products

  • aura communication manager 5.2,
  • aura presence services 6.0,
  • aura presence services 6.1,
  • aura presence services 6.1.1,
  • aura session manager 1.1,
  • aura session manager 5.2,
  • aura session manager 6.0,
  • aura system manager 5.2,
  • aura system manager 6.0,
  • aura system manager 6.1,
  • aura system manager 6.1.1,
  • aura system platform 1.1,
  • aura system platform 6.0,
  • aura voice portal 5.0,
  • aura voice portal 5.1,
  • esx 4.0,
  • esx 4.1,
  • iq 5.0,
  • iq 5.1,
  • linux kernel,
  • ubuntu linux 10.04,
  • ubuntu linux 10.10,
  • ubuntu linux 6.06,
  • ubuntu linux 9.10

References

Advisory

Additional Info

Technical Analysis