CVE-2010-2946

Published: 29 September 2010

fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name.

From the Ubuntu security team

Sergey Vlasov discovered that JFS did not correctly handle certain extended attributes. A local attacker could bypass namespace access rules, leading to a loss of privacy.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Patches:
Hardy: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2946/patches/hardy/linux/0001-jfs-don-t-allow-os2-xattr-namespace-overlap-with-other.txt
Jaunty: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2946/patches/jaunty/linux/0001-jfs-don-t-allow-os2-xattr-namespace-overlap-with-other.txt
Karmic: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2946/patches/karmic/linux/0001-jfs-don-t-allow-os2-xattr-namespace-overlap-with-other.txt
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream Needs triage

linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream Needs triage

linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream Needs triage

linux-source-2.6.15
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Patches:
Dapper: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2946/patches/dapper/linux/0001-jfs-don-t-allow-os2-xattr-namespace-overlap-with-other.txt

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading