CVE-2011-1089
CVE-2011-1089
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://openwall.com/lists/oss-security/2011/03/04/10http://openwall.com/lists/oss-security/2011/03/04/11http://openwall.com/lists/oss-security/2011/03/04/12http://openwall.com/lists/oss-security/2011/03/04/9http://openwall.com/lists/oss-security/2011/03/05/3http://openwall.com/lists/oss-security/2011/03/05/7http://openwall.com/lists/oss-security/2011/03/07/9http://openwall.com/lists/oss-security/2011/03/14/16http://openwall.com/lists/oss-security/2011/03/14/5http://openwall.com/lists/oss-security/2011/03/14/7http://openwall.com/lists/oss-security/2011/03/15/6http://openwall.com/lists/oss-security/2011/03/22/4