ID CVE-2011-1677
Summary mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:linux:util-linux:2.2
    cpe:2.3:a:linux:util-linux:2.2
  • cpe:2.3:a:linux:util-linux:2.5
    cpe:2.3:a:linux:util-linux:2.5
  • cpe:2.3:a:linux:util-linux:2.7
    cpe:2.3:a:linux:util-linux:2.7
  • cpe:2.3:a:linux:util-linux:2.8
    cpe:2.3:a:linux:util-linux:2.8
  • cpe:2.3:a:linux:util-linux:2.9
    cpe:2.3:a:linux:util-linux:2.9
  • cpe:2.3:a:linux:util-linux:2.10
    cpe:2.3:a:linux:util-linux:2.10
  • cpe:2.3:a:linux:util-linux:2.11
    cpe:2.3:a:linux:util-linux:2.11
  • cpe:2.3:a:linux:util-linux:2.12
    cpe:2.3:a:linux:util-linux:2.12
  • cpe:2.3:a:linux:util-linux:2.12:pre
    cpe:2.3:a:linux:util-linux:2.12:pre
  • cpe:2.3:a:linux:util-linux:2.13
    cpe:2.3:a:linux:util-linux:2.13
  • cpe:2.3:a:linux:util-linux:2.13:pre
    cpe:2.3:a:linux:util-linux:2.13:pre
  • cpe:2.3:a:linux:util-linux:2.14
    cpe:2.3:a:linux:util-linux:2.14
  • cpe:2.3:a:linux:util-linux:2.15
    cpe:2.3:a:linux:util-linux:2.15
  • cpe:2.3:a:linux:util-linux:2.16
    cpe:2.3:a:linux:util-linux:2.16
  • cpe:2.3:a:linux:util-linux:2.17
    cpe:2.3:a:linux:util-linux:2.17
  • cpe:2.3:a:linux:util-linux:2.18
    cpe:2.3:a:linux:util-linux:2.18
  • cpe:2.3:a:linux:util-linux:2.19
    cpe:2.3:a:linux:util-linux:2.19
CVSS
Base: 4.6 (as of 07-12-2016 - 13:57)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-1691.NASL
    description Updated util-linux-ng packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The util-linux-ng packages contain a large variety of low-level system utilities that are necessary for a Linux operating system to function. Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems. (CVE-2011-1675, CVE-2011-1677) This update also fixes the following bugs : * Due to a hard-coded limit of 128 devices, an attempt to run the 'blkid -c' command on more than 128 devices caused blkid to terminate unexpectedly. This update increases the maximum number of devices to 8192 so that blkid no longer crashes in this scenario. (BZ#675999) * Previously, the 'swapon -a' command did not detect device-mapper devices that were already in use. This update corrects the swapon utility to detect such devices as expected. (BZ#679741) * Prior to this update, the presence of an invalid line in the /etc/fstab file could cause the umount utility to terminate unexpectedly with a segmentation fault. This update applies a patch that corrects this error so that umount now correctly reports invalid lines and no longer crashes. (BZ#684203) * Previously, an attempt to use the wipefs utility on a partitioned device caused the utility to terminate unexpectedly with an error. This update adapts wipefs to only display a warning message in this situation. (BZ#696959) * When providing information on interprocess communication (IPC) facilities, the ipcs utility could previously display a process owner as a negative number if the user's UID was too large. This update adapts the underlying source code to make sure the UID values are now displayed correctly. (BZ#712158) * In the installation scriptlets, the uuidd package uses the chkconfig utility to enable and disable the uuidd service. Previously, this package did not depend on the chkconfig package, which could lead to errors during installation if chkconfig was not installed. This update adds chkconfig to the list of dependencies so that such errors no longer occur. (BZ#712808) * The previous version of the /etc/udev/rules.d/60-raw.rules file contained a statement that both this file and raw devices are deprecated. This is no longer true and the Red Hat Enterprise Linux kernel supports this functionality. With this update, the aforementioned file no longer contains this incorrect statement. (BZ#716995) * Previously, an attempt to use the cfdisk utility to read the default Red Hat Enterprise Linux 6 partition layout failed with an error. This update corrects this error and the cfdisk utility can now read the default partition layout as expected. (BZ#723352) * The previous version of the tailf(1) manual page incorrectly stated that users can use the '--lines=NUMBER' command line option to limit the number of displayed lines. However, the tailf utility does not allow the use of the equals sign (=) between the option and its argument. This update corrects this error. (BZ#679831) * The fstab(5) manual page has been updated to clarify that empty lines in the /etc/fstab configuration file are ignored. (BZ#694648) As well, this update adds the following enhancements : * A new fstrim utility has been added to the package. This utility allows the root user to discard unused blocks on a mounted file system. (BZ#692119) * The login utility has been updated to provide support for failed login attempts that are reported by PAM. (BZ#696731) * The lsblk utility has been updated to provide additional information about the topology and status of block devices. (BZ#723638) * The agetty utility has been updated to pass the hostname to the login utility. (BZ#726092) All users of util-linux-ng are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 57019
    published 2011-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57019
    title RHEL 6 : util-linux-ng (RHSA-2011:1691)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201405-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-201405-15 (util-linux: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in util-linux. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to cause a Denial of Service condition, trigger corruption of /etc/mtab, obtain sensitive information, or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 74058
    published 2014-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74058
    title GLSA-201405-15 : util-linux: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-083.NASL
    description Multiple vulnerabilities has been discovered and corrected in util-linux : mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089 (CVE-2011-1675). mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors (CVE-2011-1677). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 59304
    published 2012-05-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59304
    title Mandriva Linux Security Advisory : util-linux (MDVSA-2012:083)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20111206_UTIL_LINUX_NG_ON_SL6_X.NASL
    description The util-linux-ng packages contain a large variety of low-level system utilities that are necessary for a Linux operating system to function. Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems. (CVE-2011-1675, CVE-2011-1677) This update also fixes the following bugs : - Due to a hard-coded limit of 128 devices, an attempt to run the 'blkid -c' command on more than 128 devices caused blkid to terminate unexpectedly. This update increases the maximum number of devices to 8192 so that blkid no longer crashes in this scenario. - Previously, the 'swapon -a' command did not detect device-mapper devices that were already in use. This update corrects the swapon utility to detect such devices as expected. - Prior to this update, the presence of an invalid line in the /etc/fstab file could cause the umount utility to terminate unexpectedly with a segmentation fault. This update applies a patch that corrects this error so that umount now correctly reports invalid lines and no longer crashes. - Previously, an attempt to use the wipefs utility on a partitioned device caused the utility to terminate unexpectedly with an error. This update adapts wipefs to only display a warning message in this situation. - When providing information on interprocess communication (IPC) facilities, the ipcs utility could previously display a process owner as a negative number if the user's UID was too large. This update adapts the underlying source code to make sure the UID values are now displayed correctly. - In the installation scriptlets, the uuidd package uses the chkconfig utility to enable and disable the uuidd service. Previously, this package did not depend on the chkconfig package, which could lead to errors during installation if chkconfig was not installed. This update adds chkconfig to the list of dependencies so that such errors no longer occur. - The previous version of the /etc/udev/rules.d/60-raw.rules file contained a statement that both this file and raw devices are deprecated. This is no longer true and the Scientific Linux kernel supports this functionality. With this update, the aforementioned file no longer contains this incorrect statement. - Previously, an attempt to use the cfdisk utility to read the default Scientific Linux 6 partition layout failed with an error. This update corrects this error and the cfdisk utility can now read the default partition layout as expected. - The previous version of the tailf(1) manual page incorrectly stated that users can use the '--lines=NUMBER' command line option to limit the number of displayed lines. However, the tailf utility does not allow the use of the equals sign (=) between the option and its argument. This update corrects this error. - The fstab(5) manual page has been updated to clarify that empty lines in the /etc/fstab configuration file are ignored. As well, this update adds the following enhancements : - A new fstrim utility has been added to the package. This utility allows the root user to discard unused blocks on a mounted file system. - The login utility has been updated to provide support for failed login attempts that are reported by PAM. - The lsblk utility has been updated to provide additional information about the topology and status of block devices. - The agetty utility has been updated to pass the hostname to the login utility. All users of util-linux-ng are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61200
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61200
    title Scientific Linux Security Update : util-linux-ng on SL6.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0307.NASL
    description An updated util-linux package that fixes multiple security issues, various bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems. (CVE-2011-1675, CVE-2011-1677) This update also fixes the following bugs : * When the user logged into a telnet server, the login utility did not update the utmp database properly if the utility was executed from the telnetd daemon. This was due to telnetd not creating an appropriate entry in a utmp file before executing login. With this update, correct entries are created and the database is updated properly. (BZ#646300) * Various options were not described on the blockdev(8) manual page. With this update, the blockdev(8) manual page includes all the relevant options. (BZ#650937) * Prior to this update, the build process of the util-linux package failed in the po directory with the following error message: '@MKINSTALLDIRS@: No such file or directory'. An upstream patch has been applied to address this issue, and the util-linux package now builds successfully. (BZ#677452) * Previously, the ipcs(1) and ipcrm(1) manual pages mentioned an invalid option, '-b'. With this update, only valid options are listed on those manual pages. (BZ#678407) * Previously, the mount(8) manual page contained incomplete information about the ext4 and XFS file systems. With this update, the mount(8) manual page contains the missing information. (BZ#699639) In addition, this update adds the following enhancements : * Previously, if DOS mode was enabled on a device, the fdisk utility could report error messages similar to the following : Partition 1 has different physical/logical beginnings (non-Linux?): phys=(0, 1, 1) logical=(0, 2, 7) This update enables users to switch off DOS compatible mode (by specifying the '-c' option), and such error messages are no longer displayed. (BZ#678430) * This update adds the 'fsfreeze' command which halts access to a file system on a disk. (BZ#726572) All users of util-linux are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 58061
    published 2012-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58061
    title RHEL 5 : util-linux (RHSA-2012:0307)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120221_UTIL_LINUX_ON_SL5_X.NASL
    description The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems. (CVE-2011-1675, CVE-2011-1677) This update also fixes the following bugs : - When the user logged into a telnet server, the login utility did not update the utmp database properly if the utility was executed from the telnetd daemon. This was due to telnetd not creating an appropriate entry in a utmp file before executing login. With this update, correct entries are created and the database is updated properly. - Various options were not described on the blockdev(8) manual page. With this update, the blockdev(8) manual page includes all the relevant options. - Prior to this update, the build process of the util-linux package failed in the po directory with the following error message: '@MKINSTALLDIRS@: No such file or directory'. An upstream patch has been applied to address this issue, and the util-linux package now builds successfully. - Previously, the ipcs(1) and ipcrm(1) manual pages mentioned an invalid option, '-b'. With this update, only valid options are listed on those manual pages. - Previously, the mount(8) manual page contained incomplete information about the ext4 and XFS file systems. With this update, the mount(8) manual page contains the missing information. In addition, this update adds the following enhancements : - Previously, if DOS mode was enabled on a device, the fdisk utility could report error messages similar to the following : Partition 1 has different physical/logical beginnings (non-Linux?): phys=(0, 1, 1) logical=(0, 2, 7) This update enables users to switch off DOS compatible mode (by specifying the '-c' option), and such error messages are no longer displayed. - This update adds the 'fsfreeze' command which halts access to a file system on a disk. All users of util-linux are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61272
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61272
    title Scientific Linux Security Update : util-linux on SL5.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0307.NASL
    description From Red Hat Security Advisory 2012:0307 : An updated util-linux package that fixes multiple security issues, various bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems. (CVE-2011-1675, CVE-2011-1677) This update also fixes the following bugs : * When the user logged into a telnet server, the login utility did not update the utmp database properly if the utility was executed from the telnetd daemon. This was due to telnetd not creating an appropriate entry in a utmp file before executing login. With this update, correct entries are created and the database is updated properly. (BZ#646300) * Various options were not described on the blockdev(8) manual page. With this update, the blockdev(8) manual page includes all the relevant options. (BZ#650937) * Prior to this update, the build process of the util-linux package failed in the po directory with the following error message: '@MKINSTALLDIRS@: No such file or directory'. An upstream patch has been applied to address this issue, and the util-linux package now builds successfully. (BZ#677452) * Previously, the ipcs(1) and ipcrm(1) manual pages mentioned an invalid option, '-b'. With this update, only valid options are listed on those manual pages. (BZ#678407) * Previously, the mount(8) manual page contained incomplete information about the ext4 and XFS file systems. With this update, the mount(8) manual page contains the missing information. (BZ#699639) In addition, this update adds the following enhancements : * Previously, if DOS mode was enabled on a device, the fdisk utility could report error messages similar to the following : Partition 1 has different physical/logical beginnings (non-Linux?): phys=(0, 1, 1) logical=(0, 2, 7) This update enables users to switch off DOS compatible mode (by specifying the '-c' option), and such error messages are no longer displayed. (BZ#678430) * This update adds the 'fsfreeze' command which halts access to a file system on a disk. (BZ#726572) All users of util-linux are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68478
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68478
    title Oracle Linux 5 : util-linux (ELSA-2012-0307)
redhat via4
advisories
  • bugzilla
    id 726092
    title Pass host name from agetty to login
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment libblkid is earlier than 0:2.17.2-12.4.el6
          oval oval:com.redhat.rhsa:tst:20111691007
        • comment libblkid is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111691008
      • AND
        • comment libblkid-devel is earlier than 0:2.17.2-12.4.el6
          oval oval:com.redhat.rhsa:tst:20111691009
        • comment libblkid-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111691010
      • AND
        • comment libuuid is earlier than 0:2.17.2-12.4.el6
          oval oval:com.redhat.rhsa:tst:20111691013
        • comment libuuid is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111691014
      • AND
        • comment libuuid-devel is earlier than 0:2.17.2-12.4.el6
          oval oval:com.redhat.rhsa:tst:20111691011
        • comment libuuid-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111691012
      • AND
        • comment util-linux-ng is earlier than 0:2.17.2-12.4.el6
          oval oval:com.redhat.rhsa:tst:20111691005
        • comment util-linux-ng is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111691006
      • AND
        • comment uuidd is earlier than 0:2.17.2-12.4.el6
          oval oval:com.redhat.rhsa:tst:20111691015
        • comment uuidd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111691016
    rhsa
    id RHSA-2011:1691
    released 2011-12-06
    severity Low
    title RHSA-2011:1691: util-linux-ng security, bug fix, and enhancement update (Low)
  • bugzilla
    id 699639
    title mount man page is missing support for ext4/xfs
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • comment util-linux is earlier than 0:2.13-0.59.el5
      oval oval:com.redhat.rhsa:tst:20120307002
    • comment util-linux is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20070969012
    rhsa
    id RHSA-2012:0307
    released 2012-02-21
    severity Low
    title RHSA-2012:0307: util-linux security, bug fix, and enhancement update (Low)
rpms
  • libblkid-0:2.17.2-12.4.el6
  • libblkid-devel-0:2.17.2-12.4.el6
  • libuuid-0:2.17.2-12.4.el6
  • libuuid-devel-0:2.17.2-12.4.el6
  • util-linux-ng-0:2.17.2-12.4.el6
  • uuidd-0:2.17.2-12.4.el6
  • util-linux-0:2.13-0.59.el5
refmap via4
misc https://bugzilla.redhat.com/show_bug.cgi?id=688980
mlist
  • [oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
secunia 48114
xf utillinux-mount-unspecified(66703)
Last major update 07-12-2016 - 14:39
Published 09-04-2011 - 22:55
Last modified 09-01-2018 - 21:29
Back to Top