Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:24240
HistoryNov 22, 2011 - 12:00 a.m.

Linux Kernel 'hfs_mac2asc()'本地特权提升漏洞

2011-11-2200:00:00
Root
www.seebug.org
18

0.0004 Low

EPSS

Percentile

5.7%

JSON

BUGTRAQ ID: 50750
CVE ID: CVE-2011-4330

Linux是一款开放源代码的操作系统。
hfs_mac2asc()函数没有对作为参数传递的缓冲区大小进行正确边界检查,在畸形文件系统上src大小可超过HFS_MAX_NAMELEN。HFS_MAX_NAMELEN为31而src大小可设置为255(无符号字符)。
用户可控数据传递给调用hfs_mac2asc()的hfs_readdir()函数可触发基于内核栈的溢出。

Linux内核的"hfs_mac2asc()"函数在实现上缓冲区溢出漏洞,本地攻击者可利用此漏洞以内核权限执行任意代码,造成完全控制受影响计算机。

Linux kernel 2.6.x

厂商补丁:

Linux

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.kernel.org/

Related

prion 1
cve 1
veracode 1
ubuntucve 1
nessus 29
openvas 37
ubuntu 14
securityvulns 2
redhat 2
suse 4
oraclelinux 3
centos 1
prion
prion
Stack overflow
2012-01-27 15:55:00
cve
cve
CVE-2011-4330
2012-01-27 15:55:00
veracode
veracode
Privilege Escalation
2020-04-10 01:08:11
ubuntucve
ubuntucve
CVE-2011-4330
2011-11-23 00:00:00
nessus
nessus
USN-1300-1 : linux-fsl-imx51 vulnerabilities
2011-12-14 00:00:00
Ubuntu 8.04 LTS : linux vulnerabilities (USN-1291-1)
2011-12-09 00:00:00
Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1301-1)
2011-12-14 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1300-1)
2011-12-16 00:00:00
Ubuntu: Security Advisory (USN-1291-1)
2011-12-09 00:00:00
Ubuntu Update for linux USN-1291-1
2011-12-09 00:00:00
ubuntu
ubuntu
Linux kernel (FSL-IMX51) vulnerabilities
2011-12-13 00:00:00
Linux kernel vulnerabilities
2011-12-08 00:00:00
Linux kernel vulnerabilities
2011-12-19 00:00:00
securityvulns
securityvulns
[USN-1293-1] Linux kernel vulnerabilities
2011-12-12 00:00:00
Linux kernel multiple security vulnerabilities
2011-12-12 00:00:00
redhat
redhat
(RHSA-2012:0358) Important: kernel security and bug fix update
2012-03-06 00:00:00
(RHSA-2012:0007) Important: kernel security, bug fix, and enhancement update
2012-01-10 00:00:00
suse
suse
Security update for Linux kernel (important)
2012-06-14 18:08:31
Security update for Linux kernel (important)
2011-12-14 08:08:27
Security update for Linux kernel (important)
2011-12-13 19:08:30
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2012-01-11 00:00:00
Unbreakable Enterprise kernel security and bug fix update
2011-12-14 00:00:00
Oracle Linux 5.8 kernel security and bug update
2012-03-01 00:00:00
centos
centos
kernel security update
2012-01-11 19:18:33

0.0004 Low

EPSS

Percentile

5.7%

JSON
Related for SSV:24240
prion1cve1veracode1ubuntucve1nessus29openvas37ubuntu14securityvulns2redhat2suse4oraclelinux3centos1