CVE-2002-0499 Information

Description

The d_path function in Linux kernel 2.2.20 and earlier and 2.4.18 and earlier truncates long pathnames without generating an error which could allow local users to force programs to perform inappropriate operations on the wrong directories.

Reference

http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0074.html http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html http://www.iss.net/security_center/static/8634.php http://www.securityfocus.com/archive/1/264117 http://www.securityfocus.com/bid/4367