VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 19, 1999· Updated Apr 16, 2026

CVE-1999-0460

CVE-1999-0460

Description

Linux autofs module buffer overflow via long directory names allows local users to cause a denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux autofs module buffer overflow via long directory names allows local users to cause a denial of service.

Vulnerability

The Linux autofs kernel module, specifically in fs/autofs/root.c:autofs_root_lookup(), contains a buffer overflow vulnerability. The module fails to validate the length of directory names provided via dentry->d_name.len before copying them into a 256-byte buffer. This affects Linux kernel versions 2.0, 2.1, and 2.2.

Exploitation

A local, unprivileged user can exploit this vulnerability by attempting to change directory (cd) into a path with a name exceeding 255 characters. This can be achieved by using a script, such as a Perl one-liner, to generate an excessively long directory name, triggering the buffer overflow when the autofs_root_lookup() function is called [1].

Impact

Successful exploitation of this vulnerability results in a denial of service. The overflow overwrites memory, likely the kernel stack, leading to kernel errors or a system reboot. This prevents legitimate users from accessing the system [1].

Mitigation

This vulnerability is fixed in later kernel versions. No specific patched version or release date is available in the provided references. Users are advised to upgrade their Linux kernel to a version that addresses this issue. There are no other workarounds mentioned, and the vulnerability is not listed as actively exploited in the wild.

References
  1. Linux Kernel 2.0/2.1/2.2 - 'autofs' Denial of Service

AI Insight generated on Jun 4, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Linux/Kernel3 versions
    cpe:2.3:o:linux:linux_kernel:2.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:linux:linux_kernel:2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.1:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.3.0:*:*:*:*:*:*:*
  • Red Hat/autofsllm-fuzzy

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"The autofs kernel module does not validate the length of directory names, leading to a buffer overflow."

Attack vector

A local user can trigger this vulnerability by attempting to change to a directory with a name exceeding 255 characters within the autofs directory. The module copies this oversized name into a fixed-size buffer without checking its length. This overflow corrupts memory, potentially causing kernel errors or a system reboot [ref_id=1].

Affected code

The vulnerability lies within the `fs/autofs/root.c` file, specifically in the `autofs_root_lookup()` function. This function handles calls like `chdir()` within the autofs directory and copies the provided directory name into a 256-byte buffer using `memcpy()` without validating the length of the name provided via `dentry->d_name.len` [ref_id=1].

What the fix does

The patch is not available in the provided information. The advisory recommends that users upgrade to a patched version of the affected software once it becomes available. Until then, users should be cautious of long directory names in autofs.

Preconditions

  • authThe attacker must have local user access to the system.
  • inputThe attacker must be able to control the name of a directory being accessed through autofs.

Reproduction

cd `perl -e 'print "x" x 256'`

Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

1

News mentions

0

No linked articles in our index yet.