User: Password:
|
|
Subscribe / Log in / New account

Pardus alert 2011-98 (nfs-utils)

From:  Meltem Parmaksız <meltem@pardus.org.tr>
To:  pardus-security@pardus.org.tr
Subject:  [Pardus-security] [PLSA 2011-98] nfs-utils: Corruption of the /etc/mtab file
Date:  Thu, 14 Jul 2011 09:31:15 +0300
Message-ID:  <201107140931.15790.meltem@pardus.org.tr>
Archive-link:  Article, Thread

------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-98 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-07-14 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in ntf-utils. Description =========== CVE-2011-1749: It was found that mount.nfs suffers from the same flaw as other mount helpers (see CVE-2011-1089). Instead of using addmntent(), nfs-utils implements its own similar function (nfs_addmntent()) which also fails to anticipate whether resource limits would interfere with correctly writing to /etc/mtab. A local user could use this to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value. Affected packages: Pardus 2009: nfs-utils, all before 1.1.6-19-5 Pardus 2011: nfs-utils, all before 1.2.3-24-p11 Resolution ========== There are update(s) for nfs-utils. You can update them via Package Manager or with a single command from console: Pardus 2009: pisi up nfs-utils Pardus 2011: pisi up nfs-utils References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=17967 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds