QwikSec

Security Database

CVE

CWE

Training

CVE-2010-2071

Published: Jun 16, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the Linux kernel 2.6.34 and earlier does not check file ownership before setting an ACL, which allows local users to bypass file permissions by setting arbitrary ACLs, as demonstrated using setfacl.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=2f26afba

x_refsource_CONFIRM

[linux-kernel] 20100518 [PATCH] btrfs: should add a permission check for setfacl

mailing-list

x_refsource_MLIST

[oss-security] 20100614 Re: CVE request - kernel: btrfs: prevent users from setting ACLs on files they do not own

mailing-list

x_refsource_MLIST

[oss-security] 20100611 CVE request - kernel: btrfs: prevent users from setting ACLs on files they do not own

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.