[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-4077

Date: (C)2012-01-27   (M)2016-08-25
 
CVSS Score: 6.9Access Vector: LOCAL
Exploitability Subscore: 3.4Access Complexity: MEDIUM
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.

Reference:
SECUNIA-48964
HPSBGN02970
http://www.openwall.com/lists/oss-security/2011/10/26/1
http://www.openwall.com/lists/oss-security/2011/10/26/3
http://oss.sgi.com/archives/xfs/2011-10/msg00345.html
http://xorl.wordpress.com/2011/12/07/cve-2011-4077-linux-kernel-xfs-readlink-memory-corruption/
https://bugzilla.redhat.com/show_bug.cgi?id=749156

CPE    1
cpe:/o:linux:linux_kernel:2.6.0
CWE    1
CWE-119
OVAL    29
oval:org.secpod.oval:def:700681
oval:org.secpod.oval:def:700703
oval:org.secpod.oval:def:700726
oval:org.secpod.oval:def:103558
...

© 2013 SecPod Technologies