[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#630699: CVE-2011-1089: /etc/mtab corruption

Package: libc6
Version: 2.13-4
Severity: normal
Tags: patch

>From the security tracker:

The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and
earlier does not report an error status for failed attempts to write to the
/etc/mtab file, which makes it easier for local users to trigger corruption
of this file, as demonstrated by writes from a process with a small
RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.

A longer discussion is in http://seclists.org/oss-sec/2011/q1/368

A patch is in
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=e1fb097f447a89aa69a926e45e673a52d86a6c57
(which also means that will be gone with version 2.14)

cu

AW
-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (40, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.38 (PREEMPT)
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash

Versions of packages libc6 depends on:
ii  libc-bin                      2.13-4     Embedded GNU C Library: Binaries
ii  libgcc1                       1:4.6.0-10 GCC support library

Versions of packages libc6 recommends:
pn  libc6-i686                    <none>     (no description available)

Versions of packages libc6 suggests:
ii  debconf [debconf-2.0]         1.5.39     Debian configuration management sy
pn  glibc-doc                     <none>     (no description available)
ii  locales                       2.13-4     Embedded GNU C Library: National L

-- debconf information excluded
Reply to: