ID CVE-2011-1677
Summary mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:linux:util-linux:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.7:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.8:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.9:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.10:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.11:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.12:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.12:pre:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.12:pre:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.13:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.13:pre:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.13:pre:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.14:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.15:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.16:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.17:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.18:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:*:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:*:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 10-01-2018 - 02:29)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 726092
    title Pass host name from agetty to login
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment libblkid is earlier than 0:2.17.2-12.4.el6
          oval oval:com.redhat.rhsa:tst:20111691007
        • comment libblkid is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111691008
      • AND
        • comment libblkid-devel is earlier than 0:2.17.2-12.4.el6
          oval oval:com.redhat.rhsa:tst:20111691009
        • comment libblkid-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111691010
      • AND
        • comment libuuid is earlier than 0:2.17.2-12.4.el6
          oval oval:com.redhat.rhsa:tst:20111691013
        • comment libuuid is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111691014
      • AND
        • comment libuuid-devel is earlier than 0:2.17.2-12.4.el6
          oval oval:com.redhat.rhsa:tst:20111691011
        • comment libuuid-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111691012
      • AND
        • comment util-linux-ng is earlier than 0:2.17.2-12.4.el6
          oval oval:com.redhat.rhsa:tst:20111691005
        • comment util-linux-ng is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111691006
      • AND
        • comment uuidd is earlier than 0:2.17.2-12.4.el6
          oval oval:com.redhat.rhsa:tst:20111691015
        • comment uuidd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111691016
    rhsa
    id RHSA-2011:1691
    released 2011-12-06
    severity Low
    title RHSA-2011:1691: util-linux-ng security, bug fix, and enhancement update (Low)
  • bugzilla
    id 699639
    title mount man page is missing support for ext4/xfs
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • comment util-linux is earlier than 0:2.13-0.59.el5
      oval oval:com.redhat.rhsa:tst:20120307002
    • comment util-linux is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhba:tst:20090070003
    rhsa
    id RHSA-2012:0307
    released 2012-02-21
    severity Low
    title RHSA-2012:0307: util-linux security, bug fix, and enhancement update (Low)
rpms
  • libblkid-0:2.17.2-12.4.el6
  • libblkid-devel-0:2.17.2-12.4.el6
  • libuuid-0:2.17.2-12.4.el6
  • libuuid-devel-0:2.17.2-12.4.el6
  • util-linux-ng-0:2.17.2-12.4.el6
  • uuidd-0:2.17.2-12.4.el6
  • util-linux-0:2.13-0.59.el5
refmap via4
misc https://bugzilla.redhat.com/show_bug.cgi?id=688980
mlist
  • [oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
secunia 48114
xf utillinux-mount-unspecified(66703)
Last major update 10-01-2018 - 02:29
Published 10-04-2011 - 02:55
Back to Top