Description
The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Jon Oberheide · pythonlocallinux
https://www.exploit-db.com/exploits/12130
References (7)
Core 7
Core References
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39316
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/12130
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=568041
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/63601
Exploit, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/39344
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://marc.info/?l=linux-kernel&m=127076012022155&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57782
Scores
EPSS
0.0013
EPSS Percentile
32.4%
Details
CWE
CWE-264
Status
published
Products (1)
linux/linux_kernel
< 2.6.33.2
Published
Apr 12, 2010
Tracked Since
Feb 18, 2026