Veracode Vulnerability DatabaseVERACODE:24907Denial Of Service (DoS)
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
glibc is vulnerable to denial of service. It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file.
References
openwall.com/lists/oss-security/2011/03/04/10
openwall.com/lists/oss-security/2011/03/04/11
openwall.com/lists/oss-security/2011/03/04/12
openwall.com/lists/oss-security/2011/03/04/9
openwall.com/lists/oss-security/2011/03/05/3
openwall.com/lists/oss-security/2011/03/05/7
openwall.com/lists/oss-security/2011/03/07/9
openwall.com/lists/oss-security/2011/03/14/16
openwall.com/lists/oss-security/2011/03/14/5
openwall.com/lists/oss-security/2011/03/14/7
openwall.com/lists/oss-security/2011/03/15/6
openwall.com/lists/oss-security/2011/03/22/4
openwall.com/lists/oss-security/2011/03/22/6
openwall.com/lists/oss-security/2011/03/31/3
openwall.com/lists/oss-security/2011/03/31/4
openwall.com/lists/oss-security/2011/04/01/2
sourceware.org/bugzilla/show_bug.cgi?id=12625
www.mandriva.com/security/advisories?name=MDVSA-2011:178
www.mandriva.com/security/advisories?name=MDVSA-2011:179
www.redhat.com/support/errata/RHSA-2011-1526.html
www.securityfocus.com/bid/46740
access.redhat.com/errata/RHSA-2011:1526
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=688980
docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.2_Technical_Notes/glibc.html#RHSA-2011-1526
Related
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N