|
|
Subscribe / Log in / New account

nfs-utils: user-controlled /etc/mtab corruption

Package(s):nfs-utils CVE #(s):CVE-2011-1749
Created:July 14, 2011 Updated:March 22, 2012
Description:

From the Pardus advisory:

It was found that mount.nfs suffers from the same flaw as other mount helpers (see CVE-2011-1089). Instead of using addmntent(), nfs-utils implements its own similar function (nfs_addmntent()) which also fails to anticipate whether resource limits would interfere with correctly writing to /etc/mtab. A local user could use this to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value.

Alerts:
Scientific Linux SL-nfs--20120321 nfs-utils 2012-03-21
Oracle ELSA-2012-0310 nfs-utils 2012-03-07
Red Hat RHSA-2012:0310-03 nfs-utils 2012-02-21
Mandriva MDVSA-2011:186 nfs-utils 2011-12-12
Scientific Linux SL-nfs--20111206 nfs-utils 2011-12-06
Red Hat RHSA-2011:1534-03 nfs-utils 2011-12-06
openSUSE openSUSE-SU-2011:0747-1 nfs-utils 2011-07-19
Pardus 2011-98 nfs-utils 2011-07-14
to post comments

nfs-utils: user-controlled /etc/mtab corruption

Posted Jul 21, 2011 9:26 UTC (Thu) by zuki (subscriber, #41808) [Link] (1 responses)

/etc/mtab? Shouldn't that be a link to /proc/self/mounts anyway?

nfs-utils: user-controlled /etc/mtab corruption

Posted Jul 28, 2011 12:49 UTC (Thu) by nix (subscriber, #2304) [Link]

Until very recently that broke user mounts, quotas, and much else. (Of course, *not* using /proc/self/mounts breaks chroots, pam_namespace and much else. What fun.)


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds