CVE-2011-1749

NameCVE-2011-1749
DescriptionThe nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs629420

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nfs-utils (PTS)jessie, jessie (lts)1:1.2.8-9+deb8u1fixed
stretch1:1.3.4-2.1+deb9u1fixed
buster1:1.3.4-2.5+deb10u1fixed
bullseye1:1.3.4-6+deb11u1fixed
bookworm1:2.6.2-4fixed
sid, trixie1:2.8.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nfs-utilssourcesqueeze1:1.2.2-4squeeze2
nfs-utilssource(unstable)1:1.2.3-3low629420

Notes

[lenny] - nfs-utils <no-dsa> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=697975
Search for package or bug name: Reporting problems