CVE-2011-1749 — Improper Input Validation in Nfs-utils

CWE-20 — Improper Input Validation8 documents7 sources

Severity

3.3LOWNVD

EPSS

0.2%

top 62.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux-nfs Nfs-utils

Timeline

PublishedFeb 26

Latest updateMay 17

Description

The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages1 packages

▶NVDlinux-nfs/nfs-utils1.2.3+3

Patches

Patch: rhn.redhat.com ↗Patch: sourceforge.net ↗Patch: rhn.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-c72p-cwvx-7724: The nfs_addmntent function in support/nfs/nfs_mntent↗2022-05-17

▶

OSV

CVE-2011-1749: The nfs_addmntent function in support/nfs/nfs_mntent↗2014-02-26

▶

CVEList

CVE-2011-1749: The nfs_addmntent function in support/nfs/nfs_mntent↗2014-02-26

▶

📋Vendor Advisories

Red Hat

nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE↗2011-04-19

▶

Debian

CVE-2011-1749: nfs-utils - The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in ...↗2011

▶

💬Community

Bugzilla

CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT↗2011-09-05

▶

Bugzilla

CVE-2011-1749 nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE↗2011-04-19

▶