1. CVE-Search
  2. CVE-2011-1675
ID CVE-2011-1675
Summary mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
References
Vulnerable Configurations
  • cpe:2.3:a:linux:util-linux:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.7:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.8:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.9:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.10:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.11:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.12:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.12:pre:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.12:pre:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.13:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.13:pre:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.13:pre:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.14:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.15:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.16:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.17:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:2.18:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:linux:util-linux:*:*:*:*:*:*:*:*
    cpe:2.3:a:linux:util-linux:*:*:*:*:*:*:*:*
CVSS
Base: 3.3 (as of 10-01-2018 - 02:29)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:P/A:N
redhat via4
advisories
rhsa
id RHSA-2011:1691
rpms
  • libblkid-0:2.17.2-12.4.el6
  • libblkid-devel-0:2.17.2-12.4.el6
  • libuuid-0:2.17.2-12.4.el6
  • libuuid-devel-0:2.17.2-12.4.el6
  • util-linux-ng-0:2.17.2-12.4.el6
  • util-linux-ng-debuginfo-0:2.17.2-12.4.el6
  • uuidd-0:2.17.2-12.4.el6
  • util-linux-0:2.13-0.59.el5
  • util-linux-debuginfo-0:2.13-0.59.el5
refmap via4
misc https://bugzilla.redhat.com/show_bug.cgi?id=688980
mlist
  • [oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  • [oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
secunia 48114
xf utillinux-mtab-security-bypass(66705)
Last major update 10-01-2018 - 02:29
Published 10-04-2011 - 02:55
Last modified 10-01-2018 - 02:29
Back to Top