You are here

CVE-2010-1641

Vincent (CVE) Danen's picture
The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request.

Details Source

Mitre

Statement

Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-1641.

This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include
support for the GFS2 file system.

A future kernel update in Red Hat Enterprise Linux 5 will address this issue.

Public Date

2010-05-24 00:00:00

Impact

Low

Bugzilla

CVE-2010-1641 kernel: GFS2: The setflags ioctl() doesn't check file ownership

Bugzilla ID

595 579

CVSS Status

verified

Base Score

2.10

Base Metrics

AV:L/AC:L/Au:N/C:N/I:P/A:N

Acknowledgements

Red Hat would like to thank Dan Rosenberg for responsibly reporting this issue.

IAVA

2011-A-0066

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (kernel) RHSA-2010:0504 2010-07-01