Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 359759 - <sys-apps/util-linux-2.19.1: mount RLIMIT_FSIZE Security Issue (CVE-2011-{1675,1676,1677})
Summary: <sys-apps/util-linux-2.19.1: mount RLIMIT_FSIZE Security Issue (CVE-2011-{167...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/43596/
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-03-21 13:49 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2014-05-18 11:50 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-03-21 13:49:20 UTC
A security issue has been reported in util-linux, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The security is caused due to the "mount" utility not properly handling the SIGXFSZ signal when e.g. adding new file system descriptions to "/etc/mtab", which can be exploited to e.g. corrupt the "/etc/mtab" file or leave a stale "/etc/mtab~" file by setting a low RLIMIT_FSIZE limit.


Solution
Restrict access to trusted users only.

Provided and/or discovered by
Dan Rosenberg

Original Advisory
http://www.openwall.com/lists/oss-security/2011/03/04/9
http://www.openwall.com/lists/oss-security/2011/03/15/6
Comment 1 SpanKY gentoo-dev 2011-05-02 21:13:07 UTC
ive added util-linux-2.19.1 to the tree which should have a fix for this
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-05-03 02:28:07 UTC
(In reply to comment #1)
> ive added util-linux-2.19.1 to the tree which should have a fix for this

Great, thank you.

Arches, please test and mark stable:
=sys-apps/util-linux-2.19.1
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 3 Agostino Sarubbo gentoo-dev 2011-05-03 10:54:12 UTC
works here
Comment 4 Markos Chandras (RETIRED) gentoo-dev 2011-05-03 11:11:55 UTC
amd64 done. Thanks Agostino
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2011-05-04 15:36:25 UTC
Stable for HPPA.
Comment 6 Thomas Kahle (RETIRED) gentoo-dev 2011-05-04 21:16:07 UTC
x86 stable. Thanks
Comment 7 Markus Meier gentoo-dev 2011-05-09 04:57:00 UTC
arm stable
Comment 8 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-05-14 10:45:22 UTC
ppc/ppc64 stable
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2011-05-14 19:27:11 UTC
alpha/ia64/m68k/s390/sh/sparc stable
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2011-05-14 19:59:49 UTC
Thanks, everyone. GLSA request filed.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2011-06-13 20:20:53 UTC
CVE-2011-1677 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1677):
  mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock
  file after a failed attempt to add a mount entry, which has unspecified
  impact and local attack vectors.

CVE-2011-1676 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1676):
  mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file
  after a failed attempt to add a mount entry, which allows local users to
  trigger corruption of the /etc/mtab file via multiple invocations.

CVE-2011-1675 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1675):
  mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp
  file without first checking whether resource limits would interfere, which
  allows local users to trigger corruption of the /etc/mtab file via a process
  with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2014-05-18 11:50:04 UTC
This issue was resolved and addressed in
 GLSA 201405-15 at http://security.gentoo.org/glsa/glsa-201405-15.xml
by GLSA coordinator Sean Amoss (ackle).