CVE-2011-1089Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2011-1089 | First vendor Publication | 2011-04-09 |
| Vendor | Cve | Last vendor Modification | 2012-01-18 |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 3.3 | Attack Range | Local |
| Cvss Impact Score | 4.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 3.4 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1089 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-16 | Configuration |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 74883 | GNU C Library addmntent Function mtab Write RLIMIT_FSIZE Value Handling Local... |
Internal Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2013-05-10 22:56:12 |
|
(Critical)
(High)
(Medium)
(Low)
