Lucene search

MitreCVE-2011-1676

HistoryApr 10, 2011 - 2:55 a.m.

CVE-2011-1676

2011-04-1002:55:01

CWE-264

mitre

web.nvd.nist.gov

cve-2011-1676

util-linux

mount

/etc/mtab

nvd

security vulnerability

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

Percentile

10.1%

JSON

mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations.

Affected configurations

Nvd

Node

linuxutil-linuxRange≤2.19

linuxutil-linuxMatch2.2

linuxutil-linuxMatch2.5

linuxutil-linuxMatch2.7

linuxutil-linuxMatch2.8

linuxutil-linuxMatch2.9

linuxutil-linuxMatch2.10

linuxutil-linuxMatch2.11

linuxutil-linuxMatch2.12

linuxutil-linuxMatch2.12pre

linuxutil-linuxMatch2.13

linuxutil-linuxMatch2.13pre

linuxutil-linuxMatch2.14

linuxutil-linuxMatch2.15

linuxutil-linuxMatch2.16

linuxutil-linuxMatch2.17

linuxutil-linuxMatch2.18

VendorProductVersionCPE
linuxutil-linux*cpe:2.3:a:linux:util-linux:*:*:*:*:*:*:*:*
linuxutil-linux2.2cpe:2.3:a:linux:util-linux:2.2:*:*:*:*:*:*:*
linuxutil-linux2.5cpe:2.3:a:linux:util-linux:2.5:*:*:*:*:*:*:*
linuxutil-linux2.7cpe:2.3:a:linux:util-linux:2.7:*:*:*:*:*:*:*
linuxutil-linux2.8cpe:2.3:a:linux:util-linux:2.8:*:*:*:*:*:*:*
linuxutil-linux2.9cpe:2.3:a:linux:util-linux:2.9:*:*:*:*:*:*:*
linuxutil-linux2.10cpe:2.3:a:linux:util-linux:2.10:*:*:*:*:*:*:*
linuxutil-linux2.11cpe:2.3:a:linux:util-linux:2.11:*:*:*:*:*:*:*
linuxutil-linux2.12cpe:2.3:a:linux:util-linux:2.12:*:*:*:*:*:*:*
linuxutil-linux2.12cpe:2.3:a:linux:util-linux:2.12:pre:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	util-linux	*	cpe:2.3:a:linux:util-linux::::::::
linux	util-linux	2.2	cpe:2.3:a:linux:util-linux:2.2:::::::*
linux	util-linux	2.5	cpe:2.3:a:linux:util-linux:2.5:::::::*
linux	util-linux	2.7	cpe:2.3:a:linux:util-linux:2.7:::::::*
linux	util-linux	2.8	cpe:2.3:a:linux:util-linux:2.8:::::::*
linux	util-linux	2.9	cpe:2.3:a:linux:util-linux:2.9:::::::*
linux	util-linux	2.10	cpe:2.3:a:linux:util-linux:2.10:::::::*
linux	util-linux	2.11	cpe:2.3:a:linux:util-linux:2.11:::::::*
linux	util-linux	2.12	cpe:2.3:a:linux:util-linux:2.12:::::::*
linux	util-linux	2.12	cpe:2.3:a:linux:util-linux:2.12:pre::::::

Rows per page:

1-10 of 171

References

openwall.com/lists/oss-security/2011/03/04/10

openwall.com/lists/oss-security/2011/03/04/11

openwall.com/lists/oss-security/2011/03/04/12

openwall.com/lists/oss-security/2011/03/04/9

openwall.com/lists/oss-security/2011/03/05/3

openwall.com/lists/oss-security/2011/03/05/7

openwall.com/lists/oss-security/2011/03/07/9

openwall.com/lists/oss-security/2011/03/14/16

openwall.com/lists/oss-security/2011/03/14/5

openwall.com/lists/oss-security/2011/03/14/7

openwall.com/lists/oss-security/2011/03/15/6

openwall.com/lists/oss-security/2011/03/22/4

openwall.com/lists/oss-security/2011/03/22/6

openwall.com/lists/oss-security/2011/03/31/3

openwall.com/lists/oss-security/2011/03/31/4

openwall.com/lists/oss-security/2011/04/01/2

bugzilla.redhat.com/show_bug.cgi?id=688980

exchange.xforce.ibmcloud.com/vulnerabilities/66704

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

Percentile

10.1%

JSON

Related for CVE-2011-1676