CVE-2010-2943
high-risk
Published 2010-09-30
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.
Do I need to act?
~
3.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Aura Presence Services
Aura Session Manager
Aura Session Manager
Aura System Manager
Aura System Manager
Aura System Manager
Aura System Platform
Aura System Platform
Iq
Aura Communication Manager
Aura Presence Services
Aura Presence Services
References (50)
Broken Link
http://secunia.com/advisories/42758
Broken Link
http://secunia.com/advisories/43161
Broken Link
http://secunia.com/advisories/46397
Third Party Advisory
http://support.avaya.com/css/P8/documents/100113326
Third Party Advisory
http://www.securityfocus.com/archive/1/520102/100/0/threaded
Third Party Advisory
http://www.ubuntu.com/usn/USN-1041-1
and 30 more references
63
/ 100
high-risk
Severity
28/34 · Critical
Exploitability
14/34 · Moderate
Exposure
21/34 · High