CVE-2011-3630: Buffer Overflow
First published: Sat Oct 15 2011(Updated: )
Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hardlink Project Hardlink | <0.1.2 | |
| Redhat Enterprise Linux | =6.0 | |
| Debian Debian Linux | =8.0 | |
| Redhat Enterprise Linux | =5.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| debian/hardlink | 0.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2011-3630 https://nvd.nist.gov/vuln/detail/CVE-2011-3630
- https://bugzilla.redhat.com/show_bug.cgi?id=746709
- https://access.redhat.com/security/cve/cve-2011-3630
- http://www.openwall.com/lists/oss-security/2011/10/15/2
- https://bugs.gentoo.org/show_bug.cgi?id=387269
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516
- http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/hardlink/hardlink.c.diff?r1=1.1;r2=1.2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=746715
- https://access.redhat.com/security/cve/CVE-2011-3630
- http://www.openwall.com/lists/oss-security/2011/10/20/6
- http://www.openwall.com/lists/oss-security/2011/10/22/3
- https://www.openwall.com/lists/oss-security/2011/10/20/6
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516
- https://security-tracker.debian.org/tracker/CVE-2011-3630
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3630
- collector/redhat-cve
- collector/redhat-bugzilla
- alias/CVE-2011-3630
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/severity
- agent/author
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/tags
- agent/event
- vendor/hardlink project
- canonical/hardlink project hardlink
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/6.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/redhat enterprise linux/5.0
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- package-manager/debian