Bug 695924 (CVE-2011-1677)

Summary: CVE-2011-1677 util-linux: umount may fail to remove /etc/mtab~ lock file
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: kvolny, kzak
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-21 08:34:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 695940, 738789, 768382    
Bug Blocks: 734217, 734543, 742493    

Description Vincent Danen 2011-04-12 22:15:51 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1677 to
the following vulnerability:

Name: CVE-2011-1677
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1677
Assigned: 20110409
Reference: http://openwall.com/lists/oss-security/2011/03/04/11
Reference: http://openwall.com/lists/oss-security/2011/03/04/9
Reference: http://openwall.com/lists/oss-security/2011/03/04/10
Reference: http://openwall.com/lists/oss-security/2011/03/04/12
Reference: http://openwall.com/lists/oss-security/2011/03/05/3
Reference: http://openwall.com/lists/oss-security/2011/03/05/7
Reference: http://openwall.com/lists/oss-security/2011/03/07/9
Reference: http://openwall.com/lists/oss-security/2011/03/14/5
Reference: http://openwall.com/lists/oss-security/2011/03/14/7
Reference: http://openwall.com/lists/oss-security/2011/03/14/16
Reference: http://openwall.com/lists/oss-security/2011/03/15/6
Reference: http://openwall.com/lists/oss-security/2011/03/22/4
Reference: http://openwall.com/lists/oss-security/2011/03/22/6
Reference: http://openwall.com/lists/oss-security/2011/03/31/3
Reference: http://openwall.com/lists/oss-security/2011/03/31/4
Reference: http://openwall.com/lists/oss-security/2011/04/01/2
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=688980

mount in util-linux 2.19 and earlier does not remove the /etc/mtab~
lock file after a failed attempt to add a mount entry, which has
unspecified impact and local attack vectors.
Comment 1 Vincent Danen 2011-04-12 22:35:57 UTC 
Created util-linux-ng tracking bugs for this issue

Affects: fedora-all [bug 695940]
Comment 2 Tomas Hoger 2011-05-12 14:11:05 UTC 
To correct the CVE description, umount is leaving lock (and temporary) file behind when it is killed by a signal.  umount can easily be killed while performing mtab update, as it does not block signals in the same way mount does (which is unaffected by this issue, as Karel noted in bug #695921, comment #2).

Summary of the patches that were committed upstream to address this and related
issues can be found in bug #695940, comment #5.
Comment 4 errata-xmlrpc 2011-12-06 17:10:56 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:1691 https://rhn.redhat.com/errata/RHSA-2011-1691.html
Comment 6 errata-xmlrpc 2012-02-21 03:20:29 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:0307 https://rhn.redhat.com/errata/RHSA-2012-0307.html