CVE-2010-2943

Published: Sep 30, 2010Modified: Apr 29, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.

Affected (26)

Products: Linux: Linux Kernel · Canonical: Ubuntu Linux · Vmware: Esx · +1 more

Show all products

Linux: Linux Kernel · Canonical: Ubuntu Linux · Vmware: Esx · Avaya: Aura Communication Manager, Aura Presence Services, Aura Session Manager, Aura System Manager, Aura System Platform, Aura Voice Portal, Iq

1 product

1 product

1 product

7 products

Aura Communication Manager

Aura Presence Services

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 2.6.35

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 10.10
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 9.10

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Vmware Esx	Version 4.0
Vmware Esx	Version 4.1

Configuration D

19 vulnerable

Vulnerable Software	Affected Versions
Avaya Aura Communication Manager	Version 5.2
Avaya Aura Presence Services	Version 6.0
Avaya Aura Presence Services	Version 6.1.1
Avaya Aura Presence Services	Version 6.1
Avaya Aura Session Manager	Version 1.1
Avaya Aura Session Manager	Version 5.2
Avaya Aura Session Manager	Version 6.0
Avaya Aura System Manager	Version 5.2
Avaya Aura System Manager	Version 6.0
Avaya Aura System Manager	Version 6.1.1
Avaya Aura System Manager	Version 6.1
Avaya Aura System Platform	Version 1.1
Avaya Aura System Platform	Version 6.0
Avaya Aura System Platform	Version 6.0 sp1
Avaya Aura Voice Portal	Version 5.0
Avaya Aura Voice Portal	Version 5.1
Avaya Aura Voice Portal	Version 5.1 sp1
Avaya Iq	Version 5.0
Avaya Iq	Version 5.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (50)

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767

Source: secalert@redhat.com

Broken Link

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768

Source: secalert@redhat.com

Broken Link

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769

Source: secalert@redhat.com

Broken Link

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771

Source: secalert@redhat.com

Broken Link

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188

Source: secalert@redhat.com

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d

Source: secalert@redhat.com

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa

Source: secalert@redhat.com

http://oss.sgi.com/archives/xfs/2010-06/msg00191.html

Source: secalert@redhat.com

Broken Link

http://oss.sgi.com/archives/xfs/2010-06/msg00198.html

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/42758

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/43161

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/46397

Source: secalert@redhat.com

Broken Link

http://support.avaya.com/css/P8/documents/100113326

Source: secalert@redhat.com

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35

Source: secalert@redhat.com

Broken Link

http://www.openwall.com/lists/oss-security/2010/08/18/2

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2010/08/19/5

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://www.redhat.com/support/errata/RHSA-2010-0723.html

Source: secalert@redhat.com

Broken Link

http://www.securityfocus.com/archive/1/520102/100/0/threaded

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/42527

Source: secalert@redhat.com

ExploitThird Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-1041-1

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-1057-1

Source: secalert@redhat.com

Third Party Advisory

http://www.vmware.com/security/advisories/VMSA-2011-0012.html

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0070

Source: secalert@redhat.com

Broken Link

http://www.vupen.com/english/advisories/2011/0280

Source: secalert@redhat.com

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=624923

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767