Lucene search

K
cveRedhatCVE-2011-2928
HistoryAug 29, 2011 - 5:55 p.m.

CVE-2011-2928

2011-08-2917:55:00
CWE-476
redhat
web.nvd.nist.gov
52
cve-2011-2928
befs_follow_link
fs/befs/linuxvfs.c
linux kernel
denial of service
incorrect pointer dereference
oops
malformed be filesystem

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

17.1%

The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem.

Affected configurations

Nvd
Node
linuxlinux_kernelRange<3.1
OR
linuxlinux_kernelMatch3.1-
OR
linuxlinux_kernelMatch3.1rc1
OR
linuxlinux_kernelMatch3.1rc2
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel3.1cpe:2.3:o:linux:linux_kernel:3.1:-:*:*:*:*:*:*
linuxlinux_kernel3.1cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*
linuxlinux_kernel3.1cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

17.1%