Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4077

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2011-4077
Last Modified 14 Feb 2013 11:50:17
Published 27 Jan 2012 10:55:04
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4077

Summary

Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6

  • Linux Kernel 2.6.0


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=749156

MISC - http://xorl.wordpress.com/2011/12/07/cve-2011-4077-linux-kernel-xfs-readlink-memory-corruption/

MLIST - [oss-security] 20111026 Re: CVE Request -- kernel: xfs: potential buffer overflow in xfs_readlink()

MLIST - [oss-security] 20111026 CVE Request -- kernel: xfs: potential buffer overflow in xfs_readlink()

MLIST - [xfs] 20111018 [PATCH] Fix possible memory corruption in xfs_readlink

SECUNIA - 48964

Related Patches

Red Hat 2012:0007-01 RHSA Important: kernel security, bug fix, and enhancement update for RHEL 5 x86

Red Hat 2012:0007-01 RHSA Important: kernel security, bug fix, and enhancement update for RHEL 5 x86_64

Novell SUSE 2012:5723 kernel security update for SLE 11 SP1 i586

Novell SUSE 2012:5732 kernel security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8161 kernel security update for SLE 10 SP4 x86_64

Novell SUSE 2012:8162 kernel security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:47:10