CVE-2011-4077

Published: 29 October 2011

Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.

From the Ubuntu security team

A bug was discovered in the XFS filesystem's handling of pathnames. A local attacker could exploit this to crash the system, leading to a denial of service, or gain root privileges.

Status

Notes

Requires a malicious XFS filesystem image be mounted.

original thread http://oss.sgi.com/archives/xfs/2011-10/msg00345.html

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4077
• https://ubuntu.com/security/notices/USN-1286-1
• https://ubuntu.com/security/notices/USN-1291-1
• https://ubuntu.com/security/notices/USN-1292-1
• https://ubuntu.com/security/notices/USN-1293-1
• https://ubuntu.com/security/notices/USN-1302-1
• https://ubuntu.com/security/notices/USN-1301-1
• https://ubuntu.com/security/notices/USN-1303-1
• https://ubuntu.com/security/notices/USN-1299-1
• https://ubuntu.com/security/notices/USN-1304-1
• https://ubuntu.com/security/notices/USN-1300-1
• https://ubuntu.com/security/notices/USN-1311-1
• https://ubuntu.com/security/notices/USN-1312-1
• https://ubuntu.com/security/notices/USN-1322-1
• https://ubuntu.com/security/notices/USN-1330-1
• https://ubuntu.com/security/notices/USN-1340-1
• https://ubuntu.com/security/notices/USN-1336-1
• NVD
• Launchpad
• Debian

Bugs

• https://bugzilla.redhat.com/show_bug.cgi?id=749156
• https://launchpad.net/bugs/887298