Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2011-1749 | First vendor Publication | 2014-02-26 |
Vendor | Cve | Last vendor Modification | 2014-03-10 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:N/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 3.3 | Attack Range | Local |
Cvss Impact Score | 4.9 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1749 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21115 | |||
Oval ID: | oval:org.mitre.oval:def:21115 | ||
Title: | RHSA-2012:0310: nfs-utils security, bug fix, and enhancement update (Low) | ||
Description: | The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0310-03 CVE-2011-1749 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | nfs-utils |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23233 | |||
Oval ID: | oval:org.mitre.oval:def:23233 | ||
Title: | ELSA-2012:0310: nfs-utils security, bug fix, and enhancement update (Low) | ||
Description: | The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0310-03 CVE-2011-1749 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | nfs-utils |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27789 | |||
Oval ID: | oval:org.mitre.oval:def:27789 | ||
Title: | DEPRECATED: ELSA-2012-0310 -- nfs-utils security, bug fix, and enhancement update (low) | ||
Description: | [1.0.9-60.0.1.el5] - Add support for resvport for unmonting [orabug 13567018] [1.0.9-60] - Updated idmapd.conf and idmapd.conf.man to reflect the static user name mapping (502707) - Fixed an umount regression introduced by bz 513094 (bz 781931) [1.0.9-59] - gss: turned of even more excessive syslogs (bz 593097) - mount.nfs: Ignored the SIGXFSZ when handling RLIMIT_FSIZE changes (bz 697979) [1.0.9-58] - gss: turned off more excessive syslogs (bz 593097) - initfiles: more initscripts improvements (bz 710020) - specfile: correct typo when nfsnobodys gid already exists (bz 729603) [1.0.9-57] - Mount fails to anticipate RLIMIT_FSIZE (bz 697979,CVE-2011-1749) [1.0.9-56] - Removed sim crash support (bz 600497) - initfiles: more initscripts improvements (bz 710020) - mount: Don't wait for TCP to timeout twice (bz 736677) [1.0.9-55] - mount: fixed the -o retry option to retry the given amount (bz 736677) - manpage: removed the -o fsc option (bz 715523) - nfsstat: show v4 mounts with -m flag (bz 712438) - mount: allow insecure ports with mounts (bz 513094) - gss: turned off excessive syslogs (bz 593097) - mountd: allow v2 and v3 to be disabled (bz 529588) - specfile: make sure nfsnobodys gid changes when it exists (bz 729603) - initfiles: initscripts improvements (bz 710020) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0310 CVE-2011-1749 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | nfs-utils |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 5 |
OpenVAS Exploits
Date | Description |
---|---|
2012-07-09 | Name : RedHat Update for nfs-utils RHSA-2011:1534-03 File : nvt/gb_RHSA-2011_1534-03_nfs-utils.nasl |
2012-02-21 | Name : RedHat Update for nfs-utils RHSA-2012:0310-03 File : nvt/gb_RHSA-2012_0310-03_nfs-utils.nasl |
2011-12-16 | Name : Mandriva Update for nfs-utils MDVSA-2011:186 (nfs-utils) File : nvt/gb_mandriva_MDVSA_2011_186.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
74350 | nfs-utils mount.nfs RLIMIT_FSIZE Local DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0168.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_nfs-client-110701.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0310.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111206_nfs_utils_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120221_nfs_utils_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0310.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-186.nasl - Type : ACT_GATHER_INFO |
2011-12-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1534.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 12:14:50 |
|
2021-05-04 12:14:24 |
|
2021-04-22 01:15:39 |
|
2020-05-23 01:44:24 |
|
2020-05-23 00:28:24 |
|
2016-04-26 20:43:50 |
|
2014-11-18 13:25:48 |
|
2014-06-14 13:30:42 |
|
2014-03-11 13:21:36 |
|
2014-02-27 17:19:11 |
|
2014-02-26 21:20:49 |
|