CVE - CVE-2010-0727

CVE-ID
CVE-2010-0727	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1023809 URL:http://securitytracker.com/id?1023809 MISC:39830 URL:http://secunia.com/advisories/39830 MISC:DSA-2053 URL:http://www.debian.org/security/2010/dsa-2053 MISC:MDVSA-2010:066 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:066~~ (Obsolete source) MISC:RHSA-2010:0330 URL:http://www.redhat.com/support/errata/RHSA-2010-0330.html MISC:RHSA-2010:0380 URL:http://www.redhat.com/support/errata/RHSA-2010-0380.html MISC:RHSA-2010:0521 URL:http://www.redhat.com/support/errata/RHSA-2010-0521.html MISC:[linux-kernel] 20100311 [PATCH 3/3] GFS2: Skip check for mandatory locks when unlocking URL:http://lkml.org/lkml/2010/3/11/269 MISC:[oss-security] 20100312 CVE-2010-0727 kernel: gfs/gfs2 locking code DoS flaw URL:http://www.openwall.com/lists/oss-security/2010/03/12/1 MISC:http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.34-rc1-next-20100312.bz2 URL:http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.34-rc1-next-20100312.bz2 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=570863 URL:https://bugzilla.redhat.com/show_bug.cgi?id=570863 MISC:oval:org.mitre.oval:def:11392 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11392
Assigning CNA
Red Hat, Inc.
Date Record Created
20100226	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100226)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)