NVD Vulnerability Detail

CVE-2011-3630

Summary	Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable.
Publication Date	Nov. 26, 2019, 1:15 p.m.
Registration Date	Jan. 28, 2021, 4:39 p.m.
Last Update	Nov. 21, 2024, 10:30 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:hardlink_project:hardlink::::::::					0.1.2

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:debian:debian_linux:10.0:::::::*

Related information, measures and tools

No	URL	タグ
1	https://access.redhat.com/security/cve/cve-2011-3630	Third Party Advisory
2	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516	Issue Tracking Third Party Advisory
3	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3630	Issue Tracking Patch Third Party Advisory
4	https://security-tracker.debian.org/tracker/CVE-2011-3630	Third Party Advisory
5	https://www.openwall.com/lists/oss-security/2011/10/20/6	Mailing List Third Party Advisory
6	https://access.redhat.com/security/cve/cve-2011-3630	Third Party Advisory
7	https://www.openwall.com/lists/oss-security/2011/10/20/6	Mailing List Third Party Advisory
8	https://security-tracker.debian.org/tracker/CVE-2011-3630	Third Party Advisory
9	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3630	Issue Tracking Patch Third Party Advisory
10	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516	Issue Tracking Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-787	境界外書き込み	https://cwe.mitre.org/data/definitions/787.html

JVN Vulnerability Information

Hardlink における境界外書き込みに関する脆弱性

Title	Hardlink における境界外書き込みに関する脆弱性
Summary	Hardlink には、境界外書き込みに関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Oct. 20, 2011, midnight
Registration Date	Dec. 5, 2019, 5:14 p.m.
Last Update	Dec. 5, 2019, 5:14 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux

Debian

Debian GNU/Linux

Hardlink project

Hardlink 0.1.2 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-3630	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3630
National Vulnerability Database (NVD)
2	CVE-2011-3630	https://nvd.nist.gov/vuln/detail/CVE-2011-3630
Red Hat Customer Portal
3	CVE-2011-3630	https://access.redhat.com/security/cve/CVE-2011-3630
Security Bug Tracker
4	CVE-2011-3630	https://security-tracker.debian.org/tracker/CVE-2011-3630

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-787	https://cwe.mitre.org/data/definitions/787.html

ベンダー情報

No	Name	URL
Debian Bug report logs
1	645516	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645516
Red Hat Bugzilla
2	Bug 746709	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3630

その他

No	Name	URL
関連文書
1	Re: hardlink(1) has buffer overflows, is unsafe on changing trees	https://www.openwall.com/lists/oss-security/2011/10/20/6

Change Log

No	Changed Details	Date of change
1	[2019年12月05日] 掲載	Dec. 5, 2019, 5:14 p.m.