[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#630699: CVE-2011-1089: /etc/mtab corruption

On Thu, Jun 16, 2011 at 01:51:15PM +0200, Arne Wichmann wrote:
> Package: libc6
> Version: 2.13-4
> Severity: normal
> Tags: patch
> 
> >From the security tracker:
> 
> The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and
> earlier does not report an error status for failed attempts to write to the
> /etc/mtab file, which makes it easier for local users to trigger corruption
> of this file, as demonstrated by writes from a process with a small
> RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.
> 
> A longer discussion is in http://seclists.org/oss-sec/2011/q1/368
> 
> A patch is in
> http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=e1fb097f447a89aa69a926e45e673a52d86a6c57
> (which also means that will be gone with version 2.14)
> 

This bug is fixed in the planned stable upload for Squeeze, as discussed
with the release team [1]. For unstable, it will be fixed in one of the
next uploads.

http://lists.debian.org/debian-release/2011/06/msg00238.html

-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net
Reply to: