Secunia
Login
|
|
CVE Reference: CVE-2011-2928 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2011-2928 |
|
|
Description: The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/69343 SREASON http://securityreason.com/securityalert/8360 MLIST http://www.openwall.com/lists/oss-security/2011/08/19/5 http://www.openwall.com/lists/oss-security/2011/08/19/1 MISC http://www.pre-cert.de/advisories/PRE-SA-2011-06.txt CONFIRM http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.1-rc3 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=338d0f0a6fbc82407864606f5b64b75aeb3c70f2 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/519387/100/0/threaded BID 49256 |
|
| Return to the previous page. |
