Input validation error in nfs-utils - CVE-2011-1749
Published: February 26, 2014 / Updated: August 10, 2020
Vulnerability identifier: #VU42007
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2011-1749
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: nfs.sourceforge.net
Affected software:
nfs-utils
nfs-utils
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.
The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
How to mitigate CVE-2011-1749
Install update from vendor's website.