Release DateSep 02, 2010 |
Severitymedium |
ImpactLocal attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. |
DescriptionThe Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/. |
Affected ProductsFedora 12 |
Recommended ActionsFedora has issued updated packages to fix this vulnerability. Refer to the Fedora security advisory FEDORA-2010-7779 for more information about the vulnerability and obtaining patches. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2010-1146 |
