Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1749

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2011-1749
Last Modified 10 Mar 2014 05:29:43
Published 26 Feb 2014 10:55:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1749

Summary

The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

Vulnerable Systems

Application

  • Linux-nfs Nfs-utils 1.2.0

  • Linux-nfs Nfs-utils 1.2.1

  • Linux-nfs Nfs-utils 1.2.2

  • Linux-nfs Nfs-utils 1.2.3


References

CONFIRM - http://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/Changelog-nfs-utils-1.2.4/download

REDHAT - RHSA-2012:0310

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=697975

MLIST - [oss-security] 20140425 Re: CVE request: CVE-2011-1089-like flaw in mount.nfs

REDHAT - RHSA-2011:1534

Related Patches

Red Hat 2012:0310-03 RHSA Low: nfs-utils security, bug fix, and enhancement update for RHEL 5 x86

Red Hat 2012:0310-03 RHSA Low: nfs-utils security, bug fix, and enhancement update for RHEL 5 x86_64


Last Updated: 27 May 2016 11:03:22