CVE-2011-1089

Name of the Vulnerable Software and Affected Versions glibc versions 2.3.4 through 2.13 glibc-utils version 2.3.4 glibc-common version 2.3.4 glibc-devel version 2.3.4 glibc-profile version 2.3.4 glibc-headers version 2.3.4 nptl-devel version 2.3.4

Description The issue concerns multiple vulnerabilities in the glibc package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally. The addmntent function in the GNU C Library does not report an error status for failed attempts to write to the /etc/mtab file, making it easier for local users to trigger corruption of this file.

Recommendations For glibc versions 2.3.4 through 2.13, update to a version later than 2.13 to resolve the issue. For glibc-utils version 2.3.4, update to a version later than 2.3.4 to resolve the issue. For glibc-common version 2.3.4, update to a version later than 2.3.4 to resolve the issue. For glibc-devel version 2.3.4, update to a version later than 2.3.4 to resolve the issue. For glibc-profile version 2.3.4, update to a version later than 2.3.4 to resolve the issue. For glibc-headers version 2.3.4, update to a version later than 2.3.4 to resolve the issue. For nptl-devel version 2.3.4, update to a version later than 2.3.4 to resolve the issue. As a temporary workaround, consider restricting access to the addmntent function until a patch is available.