CVE-2011-1089
Published: 9 April 2011
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.
Priority
Status
Package | Release | Status |
---|---|---|
eglibc
Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Released
(2.11.1-0ubuntu7.10)
|
|
maverick |
Released
(2.12.1-0ubuntu10.4)
|
|
natty |
Released
(2.13-0ubuntu13.1)
|
|
oneiric |
Not vulnerable
(2.13-20ubuntu5)
|
|
upstream |
Released
(2.13-8)
|
|
Patches:
upstream: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=e1fb097f447a89aa69a926e45e673a52d86a6c57 |
||
glibc
Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Released
(2.7-10ubuntu8.1)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|
|
Patches:
vendor: https://rhn.redhat.com/errata/RHSA-2011-1526.html |