CVE-2010-2071

The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2010/06/11/3	Mailing List Third Party Advisory
http://lkml.org/lkml/2010/5/17/544	Exploit Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/06/14/2	Mailing List Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2f26afba	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Information

Published : 2010-06-16 20:30

Updated : 2020-08-06 15:18

NVD link : CVE-2010-2071

Mitre link : CVE-2010-2071

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.openwall.com/lists/oss-security/2010/06/11/3", "name": "[oss-security] 20100611 CVE request - kernel: btrfs: prevent users from setting ACLs on files they do not own", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "http://lkml.org/lkml/2010/5/17/544", "name": "[linux-kernel] 20100518 [PATCH] btrfs: should add a permission check for setfacl", "tags": ["Exploit", "Patch", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2010/06/14/2", "name": "[oss-security] 20100614 Re: CVE request - kernel: btrfs: prevent users from setting ACLs on files they do not own", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2f26afba", "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2f26afba", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-2071", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-06-16T20:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.6.34"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-08-06T15:18Z"}