CVE-2011-1089

Advisory lineage Upstream: 0 Downstream: 4
Modified
Published: 10 Apr 2011, 01:29
Last modified:06 Aug 2024, 22:14

Vulnerability Summary

Overall Risk (default)
low
13/100
CVSS Score
3.3 LOW
v2.0 (nvd)
EPSS Score
0.09% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

10 Apr 2011, 01:29
Published
Vulnerability first disclosed
06 Aug 2024, 22:14
Last Modified
Vulnerability information updated

Description

The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.

CVSS Metrics

  • v2.0LOWScore: 3.3AV:L/AC:M/Au:N/C:P/I:P/A:N

EPSS Trends

Current EPSS score: 0.09% Percentile: 25%

Techniques & Countermeasures

  • CWE-16Configuration

    Weaknesses in this category are typically introduced during the configuration of the software.

Affected Systems

  • gnuglibc

    ≤ 2.13 | 1.00 | 1.01 | 1.02 | 1.03 | 1.04 | 1.05 | 1.06 | 1.07 | 1.08 | 1.09 | 1.09.1 | 2.0 | 2.0.1 | 2.0.2 | 2.0.3 | 2.0.4 | 2.0.5 | 2.0.6 | 2.1 | 2.11 | 2.1.1.6 | 2.12 | 2.13 | 2.1.3.10 | 2.19 | 2.2 | 2.21 | 2.22 | 2.23 | 2.2.4 | 2.25 | 2.3 | 2.3.1 | 2.3.2 | 2.33 | 2.3.4 | 2.3.5 | 2.3.6 | 2.3.10 | 2.4 | 2.5 | 2.5.1 | 2.6 | 2.6.1 | 2.7 | 2.8 | 2.9 | 2.10 | 2.10.1 | 2.10.2 | 2.11.1 | 2.11.2 | 2.11.3 | 2.12.0 | 2.12.1 | 2.12.2

References (22)