CVE-2010-2943
Summary
| CVE | CVE-2010-2943 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-09-30 15:00:00 UTC |
| Updated | 2023-02-13 04:21:00 UTC |
| Description | The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Avaya | Aura Communication Manager | 5.2 | All | All | All |
| Application | Avaya | Aura Communication Manager | 5.2 | All | All | All |
| Application | Avaya | Aura Presence Services | 6.0 | All | All | All |
| Application | Avaya | Aura Presence Services | 6.1 | All | All | All |
| Application | Avaya | Aura Presence Services | 6.1.1 | All | All | All |
| Application | Avaya | Aura Presence Services | 6.0 | All | All | All |
| Application | Avaya | Aura Presence Services | 6.1 | All | All | All |
| Application | Avaya | Aura Presence Services | 6.1.1 | All | All | All |
| Application | Avaya | Aura Session Manager | 1.1 | All | All | All |
| Application | Avaya | Aura Session Manager | 5.2 | All | All | All |
| Application | Avaya | Aura Session Manager | 6.0 | All | All | All |
| Application | Avaya | Aura Session Manager | 1.1 | All | All | All |
| Application | Avaya | Aura Session Manager | 5.2 | All | All | All |
| Application | Avaya | Aura Session Manager | 6.0 | All | All | All |
| Application | Avaya | Aura System Manager | 5.2 | All | All | All |
| Application | Avaya | Aura System Manager | 6.0 | All | All | All |
| Application | Avaya | Aura System Manager | 6.1 | All | All | All |
| Application | Avaya | Aura System Manager | 6.1.1 | All | All | All |
| Application | Avaya | Aura System Manager | 5.2 | All | All | All |
| Application | Avaya | Aura System Manager | 6.0 | All | All | All |
| Application | Avaya | Aura System Manager | 6.1 | All | All | All |
| Application | Avaya | Aura System Manager | 6.1.1 | All | All | All |
| Application | Avaya | Aura System Platform | 1.1 | All | All | All |
| Application | Avaya | Aura System Platform | 6.0 | - | All | All |
| Application | Avaya | Aura System Platform | 6.0 | sp1 | All | All |
| Application | Avaya | Aura System Platform | 1.1 | All | All | All |
| Application | Avaya | Aura System Platform | 6.0 | - | All | All |
| Application | Avaya | Aura System Platform | 6.0 | sp1 | All | All |
| Application | Avaya | Aura Voice Portal | 5.0 | All | All | All |
| Application | Avaya | Aura Voice Portal | 5.1 | - | All | All |
| Application | Avaya | Aura Voice Portal | 5.1 | sp1 | All | All |
| Application | Avaya | Aura Voice Portal | 5.0 | All | All | All |
| Application | Avaya | Aura Voice Portal | 5.1 | - | All | All |
| Application | Avaya | Aura Voice Portal | 5.1 | sp1 | All | All |
| Application | Avaya | Iq | 5.0 | All | All | All |
| Application | Avaya | Iq | 5.1 | All | All | All |
| Application | Avaya | Iq | 5.0 | All | All | All |
| Application | Avaya | Iq | 5.1 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 10.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 10.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 6.06 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 9.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 10.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 10.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 6.06 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 9.10 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Vmware | Esx | 4.0 | All | All | All |
| Operating System | Vmware | Esx | 4.1 | All | All | All |
| Operating System | Vmware | Esx | 4.0 | All | All | All |
| Operating System | Vmware | Esx | 4.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 404: File not found | CONFIRM | www.kernel.org | Broken Link |
| oss-security - Re: CVE request - kernel: xfs: stale data exposure | MLIST | www.openwall.com | Mailing List, Patch, Third Party Advisory |
| git.kernel.org | MISC | git.kernel.org | |
| kernel/git/torvalds/linux.git - Linux kernel source tree | CONFIRM | git.kernel.org | Mailing List, Patch, Vendor Advisory |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | Third Party Advisory, VDB Entry |
| kernel/git/torvalds/linux.git - Linux kernel source tree | CONFIRM | git.kernel.org | Mailing List, Patch, Vendor Advisory |
| Re: [PATCH] xfsqa: test open_by_handle() on unlinked and freed inode clu | MLIST | oss.sgi.com | Broken Link |
| article.gmane.org | 522: Connection timed out | MLIST | article.gmane.org | Broken Link |
| [PATCH] xfsqa: test open_by_handle() on unlinked and freed inode cluster | MLIST | oss.sgi.com | Broken Link |
| oss-security - CVE request - kernel: xfs: stale data exposure | MLIST | www.openwall.com | Mailing List, Patch, Third Party Advisory |
| ASA-2010-291 (RHSA-2010-0723) | CONFIRM | support.avaya.com | Third Party Advisory |
| kernel/git/torvalds/linux.git - Linux kernel source tree | MISC | git.kernel.org | |
| VMSA-2011-0012.2 | CONFIRM | www.vmware.com | Third Party Advisory |
| kernel/git/torvalds/linux.git - Linux kernel source tree | CONFIRM | git.kernel.org | Mailing List, Patch, Vendor Advisory |
| kernel/git/torvalds/linux.git - Linux kernel source tree | MISC | git.kernel.org | |
| Support | REDHAT | www.redhat.com | Broken Link |
| XFS Deleted Inode Local Information Disclosure Vulnerability | BID | www.securityfocus.com | Exploit, Third Party Advisory, VDB Entry |
| article.gmane.org | 522: Connection timed out | MLIST | article.gmane.org | Broken Link |
| About Secunia Research | Flexera | SECUNIA | secunia.com | Broken Link |
| Bug 624923 – CVE-2010-2943 kernel: xfs: validate inode numbers in file handles correctly | CONFIRM | bugzilla.redhat.com | Issue Tracking, Patch, Third Party Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Broken Link |
| USN-1057-1: Linux kernel vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| Ubuntu update for linux and linux-ec2 - Advisories - Community | SECUNIA | secunia.com | Broken Link |
| USN-1041-1: Linux kernel vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| article.gmane.org | 522: Connection timed out | MLIST | article.gmane.org | Broken Link |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Broken Link |
| Ubuntu update for linux-source-2.6.15 - Secunia.com | SECUNIA | secunia.com | Broken Link |
| article.gmane.org | 522: Connection timed out | MLIST | article.gmane.org | Broken Link |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.