CVE-2010-4210

Severity

72%

Complexity

39%

Confidentiality

165%

The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service (kernel panic), overwrite arbitrary memory locations, and possibly execute arbitrary code via vectors related to opening a file on a file system that uses pseudofs.

The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service (kernel panic), overwrite arbitrary memory locations, and possibly execute arbitrary code via vectors related to opening a file on a file system that uses pseudofs.

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

FreeBSD

First reported 14 years ago

2010-11-22 12:54:00

Last updated 7 years ago

2017-10-05 01:29:00

Affected Software

FreeBSD 7.0

7.0

FreeBSD 7.1

7.1

FreeBSD 7.1 Release Candidate 1

7.1

FreeBSD 7.2

7.2

FreeBSD 8.0

8.0

References

42200

Vendor Advisory

FreeBSD-SA-10:09

1024724

ADV-2010-2956

Vendor Advisory

freebsd-pfsgetextattr-dos(63218)

15206

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.