#VU45138 Resource management error in Util-linux - CVE-2011-1675

Cybersecurity Help s.r.o.

Published: 2011-04-10 | Updated: 2020-08-11

Vulnerability identifier: #VU45138

Vulnerability risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-1675

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Util-linux
Universal components / Libraries / Libraries used by multiple products

Vendor: kernel.org

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Util-linux: 2.2 - 2.18

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Cloud Transformation Advisor

Multiple vulnerabilities in IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data

Multiple vulnerabilities in Juniper Networks Junos cRPD

Multiple vulnerabilities in Juniper Cloud Native Router

Gentoo update for util-linux

Multiple vulnerabilities in kernel Util-linux