VULHUB ™

It is reported that mkdir is susceptible to a buffer overflow vulnerability. An attacker with local access passes a long path to mkdir, which overflows a fixed buffer. Mkdir is installed setuid root by default, as the mknod() system call can only be called by root. There is no mkdir() system call, so the mkdir command must use mknod to create a directory node, then populate the node with "." and ".." itself. A local attacker can exploit this issue to execute arbitrary code as root.

It is reported that mkdir is susceptible to a buffer overflow vulnerability. An attacker with local access passes a long path to mkdir, which overflows a fixed buffer. Mkdir is installed setuid root by default, as the mknod() system call can only be called by root. There is no mkdir() system call, so the mkdir command must use mknod to create a directory node, then populate the node with "." and ".." itself. A local attacker can exploit this issue to execute arbitrary code as root.