Vulnerability Details : CVE-2010-1146
Potential exploit
The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/.
Products affected by CVE-2010-1146
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Threat overview for CVE-2010-1146
Top countries where our scanners detected CVE-2010-1146
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2010-1146 1,807
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-1146!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-1146
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-1146
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2010-1146
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2010-1146
-
Red Hat 2010-04-12Not vulnerable. The Linux kernel as shipped with with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG did not include support for reiserfs and therefore are not affected by this issue.
References for CVE-2010-1146
-
http://secunia.com/advisories/39316
Sign inBroken Link
-
http://www.exploit-db.com/exploits/12130
ReiserFS (Linux Kernel 2.6.34-rc3 / RedHat / Ubuntu 9.10) - 'xattr' Local Privilege Escalation - Linux local ExploitExploit;Third Party Advisory;VDB Entry
-
http://osvdb.org/63601
Broken Link
-
http://marc.info/?l=linux-kernel&m=127076012022155&w=2
'[PATCH #3] reiserfs: Fix permissions on .reiserfs_priv' - MARCMailing List;Patch;Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/57782
Linux Kernel ReiserFS privilege escalation CVE-2010-1146 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/39344
Linux Kernel ReiserFS Security Bypass VulnerabilityExploit;Third Party Advisory;VDB Entry
-
https://bugzilla.redhat.com/show_bug.cgi?id=568041
568041 – (CVE-2010-1146) CVE-2010-1146 Kernel allows access to .reiserfs_privExploit;Issue Tracking;Patch;Third Party Advisory
Jump to