CVE - CVE-2010-1641

CVE-ID
CVE-2010-1641	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX URL:http://www.securityfocus.com/archive/1/516397/100/0/threaded MISC:40356 URL:http://www.securityfocus.com/bid/40356 MISC:40645 URL:http://secunia.com/advisories/40645 MISC:43315 URL:http://secunia.com/advisories/43315 MISC:ADV-2010-1857 URL:~~http://www.vupen.com/english/advisories/2010/1857~~ (Obsolete source) MISC:SUSE-SA:2010:031 URL:http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00006.html MISC:SUSE-SA:2010:033 URL:http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html MISC:[cluster-devel] 20100525 [PATCH 3/3] GFS2: Fix permissions checking for setflags ioctl() URL:https://www.redhat.com/archives/cluster-devel/2010-May/msg00049.html MISC:[oss-security] 20100525 CVE request - kernel: GFS2: The setflags ioctl() doesn't check file ownership URL:http://www.openwall.com/lists/oss-security/2010/05/25/1 MISC:[oss-security] 20100525 Re: CVE request - kernel: GFS2: The setflags ioctl() doesn't check file ownership URL:http://www.openwall.com/lists/oss-security/2010/05/25/12 MISC:[oss-security] 20100526 Re: CVE request - kernel: GFS2: The setflags ioctl() doesn't check file ownership URL:http://www.openwall.com/lists/oss-security/2010/05/26/1 MISC:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7df0e0397b9a18358573274db9fdab991941062f URL:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7df0e0397b9a18358573274db9fdab991941062f MISC:http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/incr/patch-2.6.34-git9-git10.bz2 URL:http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/incr/patch-2.6.34-git9-git10.bz2 MISC:http://www.vmware.com/security/advisories/VMSA-2011-0003.html URL:http://www.vmware.com/security/advisories/VMSA-2011-0003.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=595579 URL:https://bugzilla.redhat.com/show_bug.cgi?id=595579 MISC:kernel-gfs2-security-bypass(58926) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/58926 MISC:oval:org.mitre.oval:def:9916 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9916
Assigning CNA
Red Hat, Inc.
Date Record Created
20100429	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100429)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.