CVE-1999-0460

Linux Kernel - Denial of Service via Long Directory Names in autofs Module

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0460. PoCs published by Brian Jones.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in the autofs kernel module, where a directory name exceeding 255 characters can overwrite kernel memory, leading to a system crash or reboot. The PoC uses a Perl one-liner to generate a 256-character string to trigger the overflow.

Description

Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Brian Jones · textdoslinux
https://www.exploit-db.com/exploits/19250

This exploit demonstrates a buffer overflow vulnerability in the autofs kernel module, where a directory name exceeding 255 characters can overwrite kernel memory, leading to a system crash or reboot. The PoC uses a Perl one-liner to generate a 256-character string to trigger the overflow.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Linux kernel autofs module (versions prior to fix)
No auth needed
Prerequisites: Access to a system with vulnerable autofs module · Ability to execute commands in an autofs-mounted directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/312

Scores

EPSS 0.0073
EPSS Percentile 49.8%

Details

Status published
Products (3)
linux/linux_kernel 2.0
linux/linux_kernel 2.1
linux/linux_kernel 2.3.0
Published Feb 19, 1999
Tracked Since Feb 18, 2026