PT-2011-1208 · Util Linux+1 · Util-Linux+1

Vincent Danen

Published

2011-04-10

Updated

2018-01-10

CVE-2011-1677

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions util-linux versions prior to 2.22.2

Description The issue concerns multiple vulnerabilities in the util-linux package that can be exploited locally, potentially leading to breaches of confidentiality, integrity, and availability of protected information. In util-linux 2.19 and earlier, the mount function does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has an unspecified impact and can be exploited through local attack vectors.

Recommendations For util-linux versions prior to 2.22.2, update to version 2.22.2 or later to resolve the issue. As a temporary workaround, consider manually removing the /etc/mtab~ lock file after failed mount attempts to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2015-09701

CVE-2011-1677

RHSA-2011:1691

RHSA-2011_1691

RHSA-2012:0307

RHSA-2012_0307

Affected Products

Red Hat

Util-Linux

PT-2011-1208 · Util Linux+1 · Util-Linux+1

CVE-2011-1677

Weakness Enumeration

Related Identifiers

Affected Products

References · 34