Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 314617 (CVE-2010-1146)

Summary: Kernel: reiserfs wrong permissions in .reiserfs_privs (CVE-2010-1146)
Product: Gentoo Security Reporter: Tomás Touceda (RETIRED) <chiiph>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: hardened-kernel+disabled, kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://marc.info/?l=linux-kernel&m=127076012022155&w=2
Whiteboard: [linux < 2.6.32] [linux >=2.6.32 < 22.6.32.13] [linux >= 2.6.33 < 2.6.34]
Package list:
Runtime testing required: ---

Description Tomás Touceda (RETIRED) gentoo-dev 2010-04-11 06:02:19 UTC 
As said in [0]:

The kernel allows processes to access the internal ".reiserfs_priv" directory
at the top of a reiserfs filesystem which is used to store xattrs.  Permissions
are not enforced in that tree, so unprivileged users can view and potentially
modify the xattrs on arbitrary files.

Since the patch (see URL) has been submitted in 2010-04-08, every kernel version available's affected.

[0] https://bugzilla.redhat.com/show_bug.cgi?id=568041