QwikSec

Security Database

CVE

CWE

Training

CVE-2011-2928

Published: Aug 29, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kernel before 3.1-rc3 does not validate the length attribute of long symlinks, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) by accessing a long symlink on a malformed Be filesystem.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20110819 Re: CVE request: Linux: ZERO_SIZE_PTR dereference for long symlinks in Be FS

mailing-list

x_refsource_MLIST

http://www.pre-cert.de/advisories/PRE-SA-2011-06.txt

x_refsource_MISC

vdb-entry

x_refsource_BID

[oss-security] 20110819 CVE request: Linux: ZERO_SIZE_PTR dereference for long symlinks in Be FS

mailing-list

x_refsource_MLIST

20110819 [PRE-SA-2011-06] Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS

mailing-list

x_refsource_BUGTRAQ

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=338d0f0a6fbc82407864606f5b64b75aeb3c70f2

x_refsource_CONFIRM

linux-kernel-be-dos(69343)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SREASON

http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.1-rc3

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2011-2928 - Security Vulnerability | QwikSec