CVE-2011-4077

Published: 27/01/2012 Updated: 27/07/2023

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated kernel packages that fix various security issues and several bugsare now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity ...

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues, several bugs,and add one enhancement are now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel-rt packages that fix multiple security issues and variousbugs are now available for Red Hat Enterprise MRG 21The Red Hat Security Response Team has rated this update as havingimportant ...

A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk (CVE-2011-4077, Moderate) Flaws in ghash_update() and ghash_final() co ...

The epoll implementation in the Linux kernel 26372 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeopsc in ...

Several security issues were fixed in the kernel ...

The system could be made to run programs as an administrator ...

CWE-119 http://www.openwall.com/lists/oss-security/2011/10/26/1 https://bugzilla.redhat.com/show_bug.cgi?id=749156 http://oss.sgi.com/archives/xfs/2011-10/msg00345.html http://xorl.wordpress.com/2011/12/07/cve-2011-4077-linux-kernel-xfs-readlink-memory-corruption/http://www.openwall.com/lists/oss-security/2011/10/26/3 http://secunia.com/advisories/48964 http://marc.info/?l=bugtraq&m=139447903326211&w=2 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2012:0350 https://usn.ubuntu.com/1312-1/https://alas.aws.amazon.com/ALAS-2012-55.html

Get Started

CVE-2011-4077

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect