CVE-2011-1749
published 2014-02-26CVE-2011-1749: The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first…
PriorityP46low3.3CVSS 2.0
AVLACMAuNCNIPAP
EPSS
0.36%
27.8th percentile
The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nfs-utils | < nfs-utils 1:1.2.3-3 (bookworm) | nfs-utils 1:1.2.3-3 (bookworm) |
| linux-nfs | nfs-utils | <= 1.2.3 | — |
| linux-nfs | nfs-utils | — | — |
| linux-nfs | nfs-utils | — | — |
| linux-nfs | nfs-utils | — | — |
| linux-nfs | nfs-utils | >= 0 < 1:1.2.3-3 | 1:1.2.3-3 |
| linux-nfs | nfs-utils | >= 0 < 1:1.2.3-3 | 1:1.2.3-3 |
| linux-nfs | nfs-utils | >= 0 < 1:1.2.3-3 | 1:1.2.3-3 |
| linux-nfs | nfs-utils | >= 0 < 1:1.2.3-3 | 1:1.2.3-3 |
CVSS provenance
nvdv2.03.3LOWAV:L/AC:M/Au:N/C:N/I:P/A:P
osv3.3LOW
vendor_debian3.3LOW
vendor_redhat3.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c72p-cwvx-7724: The nfs_addmntent function in support/nfs/nfs_mntent
ghsa_unreviewed·2022-05-17·CVSS 3.3
CVE-2011-1749 [LOW] CWE-20 GHSA-c72p-cwvx-7724: The nfs_addmntent function in support/nfs/nfs_mntent
The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
OSV
CVE-2011-1749: The nfs_addmntent function in support/nfs/nfs_mntent
osv·2014-02-26·CVSS 3.3
CVE-2011-1749 [LOW] CVE-2011-1749: The nfs_addmntent function in support/nfs/nfs_mntent
The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
Red Hat
nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE
vendor_redhat·2011-04-19·CVSS 3.3
CVE-2011-1749 [LOW] nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE
nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE
The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
Statement: This issue did not affect the versions of nfs-utils as shipped with Red Hat Enterprise Linux 4 as it did not include include mount.nfs. It was addressed in Red Hat Enterprise Linux 5 and 6 via RHSA-2012:0310 and RHSA-2011:1534 respectively.
Package: nfs-utils (Red Hat Enterprise Linux 4) - Not affected
Debian
CVE-2011-1749: nfs-utils - The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in ...
vendor_debian·2011·CVSS 3.3
CVE-2011-1749 [LOW] CVE-2011-1749: nfs-utils - The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in ...
The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
Scope: local
bookworm: resolved (fixed in 1:1.2.3-3)
bullseye: resolved (fixed in 1:1.2.3-3)
forky: resolved (fixed in 1:1.2.3-3)
sid: resolved (fixed in 1:1.2.3-3)
trixie: resolved (fixed in 1:1.2.3-3)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT
bugzilla·2011-09-05·CVSS 6.8
CVE-2011-2834 [MEDIUM] CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT
CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-2834 to
the following vulnerability:
Name: CVE-2011-2834
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2834
Assigned: 20110720
Reference: CONFIRM:http://code.google.com/p/chromium/issues/detail?id=93472
Reference: CONFIRM:http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
Double free vulnerability in libxml2, as used in Google Chrome before
14.0.835.163, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via vectors related to XPath
handling.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2011:1749
Bugzilla
CVE-2011-1749 nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE
bugzilla·2011-04-19·CVSS 3.3
CVE-2011-1749 [LOW] CVE-2011-1749 nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE
CVE-2011-1749 nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE
It was found that mount.nfs suffers from the same flaw as other mount helpers (see CVE-2011-1089). Instead of using addmntent(), nfs-utils implements its own similar function (nfs_addmntent()) which also fails to anticipate whether resource limits would interfere with correctly writing to /etc/mtab. A local user could use this to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value.
In nfs-utils-1.2.3/support/nfs/nfs_mntent.c:
126 int
127 nfs_addmntent (mntFILE *mfp, struct mntent *mnt) {
128 char *m1, *m2, *m3, *m4;
129 int res;
130
131 if (fseek (mfp->mntent_fp, 0, SEEK_END))
132 return 1; /* failure */
133
134 m1 = mangle(mnt->mnt_fsname);
135 m2 = mangle(mnt->mnt_dir);
136 m3 = mang
http://rhn.redhat.com/errata/RHSA-2011-1534.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0310.htmlhttp://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/Changelog-nfs-utils-1.2.4/downloadhttp://www.openwall.com/lists/oss-security/2011/04/25/5https://bugzilla.redhat.com/show_bug.cgi?id=697975http://rhn.redhat.com/errata/RHSA-2011-1534.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0310.htmlhttp://sourceforge.net/projects/nfs/files/nfs-utils/1.2.4/Changelog-nfs-utils-1.2.4/downloadhttp://www.openwall.com/lists/oss-security/2011/04/25/5https://bugzilla.redhat.com/show_bug.cgi?id=697975
2014-02-26
Published