CVE-2011-1089

描述

The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.

受影響套件(1)

• Debian/glibcfrom 0, < 2.13-8

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-1089