Vulnerability Details : CVE-2010-2961
mountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file.
Exploit prediction scoring system (EPSS) score for CVE-2010-2961
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 12 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2961
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2010-2961
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2961
-
http://www.vupen.com/english/advisories/2010/2342
Webmail | OVH- OVHVendor Advisory
-
https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/591807
Bug #591807 “mountall creates /dev/.udev/rules.d/root.rules with...” : Bugs : mountall package : Ubuntu
-
http://www.ubuntu.com/usn/USN-985-1
USN-985-1: mountall vulnerability | Ubuntu security notices
Products affected by CVE-2010-2961
- cpe:2.3:a:scott_james_remnant:mountall:*:*:*:*:*:*:*:*
- cpe:2.3:a:scott_james_remnant:mountall:1.0:*:*:*:*:*:*:*