Lucene search

[email protected]CVE-2011-2928

HistoryAug 29, 2011 - 5:55 p.m.

CVE-2011-2928

2011-08-2917:55:00

CWE-476

[email protected]

web.nvd.nist.gov

cve-2011-2928

befs_follow_link

fs/befs/linuxvfs.c

linux kernel

denial of service

incorrect pointer dereference

oops

malformed be filesystem

7.8 High

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0005 Low

EPSS

Percentile

15.7%

JSON

The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq3.1

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	3.1

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=338d0f0a6fbc82407864606f5b64b75aeb3c70f2

securityreason.com/securityalert/8360

www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.1-rc3

www.openwall.com/lists/oss-security/2011/08/19/1

www.openwall.com/lists/oss-security/2011/08/19/5

www.pre-cert.de/advisories/PRE-SA-2011-06.txt

www.securityfocus.com/archive/1/519387/100/0/threaded

www.securityfocus.com/bid/49256

exchange.xforce.ibmcloud.com/vulnerabilities/69343

7.8 High

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0005 Low

EPSS

Percentile

15.7%

JSON

Related for CVE-2011-2928

prion1 securityvulns3 ubuntucve1 suse5 nessus21 openvas36 ubuntu12 debian3 osv2 fedora4