Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-2943 | First vendor Publication | 2010-09-30 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | |||
|---|---|---|---|
| Overall CVSS Score | 8.1 | ||
| Base Score | 8.1 | Environmental Score | 8.1 |
| impact SubScore | 5.2 | Temporal Score | 8.1 |
| Exploitabality Sub Score | 2.8 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | Low | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | None |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 6.4 | Attack Range | Network |
| Cvss Impact Score | 4.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2943 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-200 | Information Exposure |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:20373 | |||
| Oval ID: | oval:org.mitre.oval:def:20373 | ||
| Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
| Description: | The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-2943 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27587 | |||
| Oval ID: | oval:org.mitre.oval:def:27587 | ||
| Title: | ELSA-2010-2008 -- Unbreakable enterprise kernel security update (important) | ||
| Description: | [2.6.32-100.20.1.el5] - [fs] xfs: return inode fork offset in bulkstat for fsr (Dave Chinner) - [fs] xfs: always use iget in bulkstat (Dave Chinner) {CVE-2010-2943} - [fs] xfs: validate untrusted inode numbers during lookup (Dave Chinner) {CVE-2 010-2943} - [fs] xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED (Dave Chinner) {CVE-2 010-2943} - [net] net sched: fix some kernel memory leaks (Eric Dumazet) {CVE-2010-2942} - [fs] ocfs2: Don't walk off the end of fast symlinks (Joel Becker) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-2008 CVE-2010-2942 CVE-2010-2943 | Version: | 5 |
| Platform(s): | Oracle Linux 5 | Product(s): | kernel kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-firmware kernel-headers ofa |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-03-16 | Name : VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX... File : nvt/gb_VMSA-2011-0012.nasl |
| 2011-08-09 | Name : CentOS Update for kernel CESA-2010:0723 centos5 i386 File : nvt/gb_CESA-2010_0723_kernel_centos5_i386.nasl |
| 2011-03-07 | Name : Ubuntu Update for linux-lts-backport-maverick vulnerabilities USN-1083-1 File : nvt/gb_ubuntu_USN_1083_1.nasl |
| 2011-02-28 | Name : Ubuntu Update for linux vulnerabilities USN-1072-1 File : nvt/gb_ubuntu_USN_1072_1.nasl |
| 2011-02-04 | Name : Ubuntu Update for linux-source-2.6.15 vulnerabilities USN-1057-1 File : nvt/gb_ubuntu_USN_1057_1.nasl |
| 2011-01-14 | Name : Ubuntu Update for linux, linux-ec2 vulnerabilities USN-1041-1 File : nvt/gb_ubuntu_USN_1041_1.nasl |
| 2010-10-01 | Name : RedHat Update for kernel RHSA-2010:0723-01 File : nvt/gb_RHSA-2010_0723-01_kernel.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 68303 | Linux Kernel XFS Inode Allocation Btree Stale NFS Filehandle Unlinked File Ac... |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2011-10-27 | IAVM : 2011-A-0147 - Multiple Vulnerabilities in VMware ESX and ESXi Severity : Category I - VMSKEY : V0030545 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0012_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_515841_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0723.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-2008.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0723.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1083-1.nasl - Type : ACT_GATHER_INFO |
| 2013-03-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1093-1.nasl - Type : ACT_GATHER_INFO |
| 2011-10-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0012.nasl - Type : ACT_GATHER_INFO |
| 2011-03-09 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kernel-110228.nasl - Type : ACT_GATHER_INFO |
| 2011-03-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1072-1.nasl - Type : ACT_GATHER_INFO |
| 2011-02-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1057-1.nasl - Type : ACT_GATHER_INFO |
| 2011-01-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1041-1.nasl - Type : ACT_GATHER_INFO |
| 2010-10-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0723.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:07:28 |
|
| 2024-11-28 12:22:35 |
|
| 2024-08-02 12:14:10 |
|
| 2024-08-02 01:03:50 |
|
| 2024-02-02 01:13:46 |
|
| 2024-02-01 12:03:46 |
|
| 2023-09-05 12:12:49 |
|
| 2023-09-05 01:03:37 |
|
| 2023-09-02 12:12:52 |
|
| 2023-09-02 01:03:39 |
|
| 2023-08-12 12:15:19 |
|
| 2023-08-12 01:03:39 |
|
| 2023-08-11 12:12:55 |
|
| 2023-08-11 01:03:47 |
|
| 2023-08-06 12:12:26 |
|
| 2023-08-06 01:03:41 |
|
| 2023-08-04 12:12:31 |
|
| 2023-08-04 01:03:42 |
|
| 2023-07-14 12:12:27 |
|
| 2023-07-14 01:03:40 |
|
| 2023-03-29 01:14:15 |
|
| 2023-03-28 12:03:46 |
|
| 2023-02-13 09:29:06 |
|
| 2022-10-11 12:11:06 |
|
| 2022-10-11 01:03:27 |
|
| 2022-03-11 01:09:16 |
|
| 2021-05-04 12:12:08 |
|
| 2021-04-22 01:12:51 |
|
| 2020-08-11 09:22:42 |
|
| 2020-08-10 21:23:05 |
|
| 2020-08-08 01:05:20 |
|
| 2020-08-07 12:05:25 |
|
| 2020-08-01 12:05:23 |
|
| 2020-07-30 01:05:33 |
|
| 2020-05-23 01:42:27 |
|
| 2020-05-23 00:26:14 |
|
| 2019-01-25 12:03:15 |
|
| 2018-11-17 12:01:46 |
|
| 2018-10-30 12:03:29 |
|
| 2018-10-11 00:19:54 |
|
| 2016-07-01 11:06:55 |
|
| 2016-06-29 00:14:17 |
|
| 2016-06-28 18:17:10 |
|
| 2016-04-26 20:00:25 |
|
| 2016-03-05 13:26:42 |
|
| 2014-02-17 10:56:47 |
|
| 2013-11-11 12:38:52 |
|
| 2013-05-10 23:30:06 |
|
