What is CVE-2010-2943?

CVE-2010-2943 is a high-severity vulnerability in Avaya Aura_communication_manager, classified under Information Disclosure. CVSS score: 8.1/10. Published 2010-09-30.

How severe is CVE-2010-2943?

High severity. CVSS v3 base score is 8.1 out of 10.

Information disclosure in Avaya Aura_communication_manager

CVE-2010-2943

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are curre…

Vulnerability class: Information Disclosure

EPSS: 0.038 (88.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Avaya Aura_communication_manager — versions 5.2
Avaya Aura_presence_services — versions 6.1.1, 6.0, 6.1
Avaya Aura_session_manager — versions 1.1, 6.0, 5.2
Avaya Aura_system_manager — versions 6.1.1, 6.0, 5.2
Avaya Aura_system_platform — versions 1.1, 6.0
Avaya Aura_voice_portal — versions 5.0, 5.1
Avaya Iq — versions 5.0, 5.1
Linux Linux_kernel
Vmware Esx — versions 4.0, 4.1
Canonical Ubuntu_linux — versions 10.10, 6.06, 10.04

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

[linux-xfs] 20100620 [PATCH 2/4] xfs: validate untrusted inode numbers during lookup (mailing-list, x_refsource_MLIST, Broken Link)
secalert@redhat.com (x_refsource_CONFIRM)
42527 (Exploit, Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2010:0723 (x_refsource_REDHAT, vendor-advisory, Broken Link)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (mailing-list, x_refsource_BUGTRAQ, Third Party Advisory, VDB Entry)
[linux-xfs] 20100620 [PATCH 3/4] xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED (mailing-list, x_refsource_MLIST, Broken Link)
46397 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
[linux-xfs] 20100620 [PATCH 4/4] xfs: remove block number from inode lookup code (mailing-list, x_refsource_MLIST, Broken Link)

Frequently asked questions

What is CVE-2010-2943?: CVE-2010-2943 is a high-severity vulnerability in Avaya Aura_communication_manager, classified under Information Disclosure. CVSS score: 8.1/10. Published 2010-09-30.
How severe is CVE-2010-2943?: High severity. CVSS v3 base score is 8.1 out of 10.