Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1679

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2011-1679
Last Modified 20 Apr 2011 10:33:53
Published 09 Apr 2011 10:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1679

Summary

ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the /etc/mtab file and (2) ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

Vulnerable Systems

Application

  • Ncpfs 2.2.1

  • Ncpfs 2.2.2

  • Ncpfs 2.2.3

  • Ncpfs 2.2.4

  • Ncpfs 2.2.5

  • Ncpfs 2.2.6


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=688980

XF - ncpfs-mtab-security-bypass(66701)

MLIST - [oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

MLIST - [oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

MLIST - [oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

MLIST - [oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

MLIST - [oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

MLIST - [oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

MLIST - [oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

MLIST - [oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE

MLIST - [oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

MLIST - [oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

Related Patches

Novell SUSE 2011:7711 ncpfs security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:56:24