CVE-2010-2071
Published: 16 June 2010
The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl.
Notes
Author | Note |
---|---|
smb | Btrfs did not appear before Karmic |
Priority
Status
Package | Release | Status |
---|---|---|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.35~rc3)
|
dapper |
Not vulnerable
|
|
hardy |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
linux Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.35~rc3)
|
dapper |
Does not exist
|
|
hardy |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Released
(2.6.31-22.61)
|
|
lucid |
Released
(2.6.32-24.39)
|
|
Patches: upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2f26afba46f0ebf155cf9be746496a0304a5b7cf karmic: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-2071/patches/karmic/linux/0001-Btrfs-should-add-a-permission-check-for-setfacl.txt lucid: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-2071/patches/lucid/linux/0001-Btrfs-should-add-a-permission-check-for-setfacl.txt |