CVE-2011-1749

nfs-utils < 1.2.4 - Local File Corruption via Small RLIMIT_FSIZE Value

Title source: llm
STIX 2.1

Description

The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

References (5)

Core 5
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2011-1534.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=697975
Patch vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0310.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/04/25/5

Scores

EPSS 0.0036
EPSS Percentile 28.0%

Details

CWE
CWE-20
Status published
Products (4)
linux-nfs/nfs-utils 1.2.0
linux-nfs/nfs-utils 1.2.1
linux-nfs/nfs-utils 1.2.2
linux-nfs/nfs-utils < 1.2.3
Published Feb 26, 2014
Tracked Since Feb 18, 2026