| SYNTHESIS OF THE VULNERABILITY
On a 2.6.32.x kernel, a local attacker can access to devtmpfs.
Severity: 2/4
Consequences: data reading, data creation/edition
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 01/02/2010
IMPACTED PRODUCTS
Linux kernel
Mandriva Linux
OpenSUSE
DESCRIPTION OF THE VULNERABILITY
The devtmpfs filesystem was added in the kernel 2.6.32. It is used
to create device nodes, before mounting the / root, and before
mounting it to /dev.
A vulnerability, related to default access rights to devtmpfs, was
announced. Technical details are unknown.
On a 2.6.32.x kernel, a local attacker can thus for example
directly access to some restricted devices.
CHARACTERISTICS
Identifiers: CVE-2010-0299, MDVSA-2010:030, SUSE-SA:2010:010,
VIGILANCE-VUL-9396
http://vigilance.fr/vulnerability/L... |