CVE-2011-1089
Published: 9 April 2011
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
eglibc Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Ignored
(end of life)
|
|
| lucid |
Released
(2.11.1-0ubuntu7.10)
|
|
| maverick |
Released
(2.12.1-0ubuntu10.4)
|
|
| natty |
Released
(2.13-0ubuntu13.1)
|
|
| oneiric |
Not vulnerable
(2.13-20ubuntu5)
|
|
| upstream |
Released
(2.13-8)
|
|
|
Patches: upstream: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=e1fb097f447a89aa69a926e45e673a52d86a6c57 |
||
|
glibc Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| hardy |
Released
(2.7-10ubuntu8.1)
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
Patches: vendor: https://rhn.redhat.com/errata/RHSA-2011-1526.html |
||