CVE-2011-4077
Published: 29 October 2011
Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.
From the Ubuntu security team
A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges.
Priority
Status
Notes
Author | Note |
---|---|
tyhicks | Requires a malicious XFS filesystem image be mounted. |
apw | original thread http://oss.sgi.com/archives/xfs/2011-10/msg00345.html |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4077
- https://ubuntu.com/security/notices/USN-1286-1
- https://ubuntu.com/security/notices/USN-1291-1
- https://ubuntu.com/security/notices/USN-1292-1
- https://ubuntu.com/security/notices/USN-1293-1
- https://ubuntu.com/security/notices/USN-1302-1
- https://ubuntu.com/security/notices/USN-1301-1
- https://ubuntu.com/security/notices/USN-1303-1
- https://ubuntu.com/security/notices/USN-1299-1
- https://ubuntu.com/security/notices/USN-1304-1
- https://ubuntu.com/security/notices/USN-1300-1
- https://ubuntu.com/security/notices/USN-1311-1
- https://ubuntu.com/security/notices/USN-1312-1
- https://ubuntu.com/security/notices/USN-1322-1
- https://ubuntu.com/security/notices/USN-1330-1
- https://ubuntu.com/security/notices/USN-1340-1
- https://ubuntu.com/security/notices/USN-1336-1
- NVD
- Launchpad
- Debian