Bug 695924 (CVE-2011-1677) - CVE-2011-1677 util-linux: umount may fail to remove /etc/mtab~ lock file
Summary: CVE-2011-1677 util-linux: umount may fail to remove /etc/mtab~ lock file
Alias: CVE-2011-1677
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Whiteboard: impact=low,public=20110303,reported=2...
Depends On: 695940 738789 768382
Blocks: 734217 734543 742493
TreeView+ depends on / blocked
Reported: 2011-04-12 22:15 UTC by Vincent Danen
Modified: 2019-06-08 18:47 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2012-02-21 08:34:36 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1691 normal SHIPPED_LIVE Low: util-linux-ng security, bug fix, and enhancement update 2011-12-06 01:02:36 UTC
Red Hat Product Errata RHSA-2012:0307 normal SHIPPED_LIVE Low: util-linux security, bug fix, and enhancement update 2012-02-21 07:24:56 UTC

Description Vincent Danen 2011-04-12 22:15:51 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1677 to
the following vulnerability:

Name: CVE-2011-1677
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1677
Assigned: 20110409
Reference: http://openwall.com/lists/oss-security/2011/03/04/11
Reference: http://openwall.com/lists/oss-security/2011/03/04/9
Reference: http://openwall.com/lists/oss-security/2011/03/04/10
Reference: http://openwall.com/lists/oss-security/2011/03/04/12
Reference: http://openwall.com/lists/oss-security/2011/03/05/3
Reference: http://openwall.com/lists/oss-security/2011/03/05/7
Reference: http://openwall.com/lists/oss-security/2011/03/07/9
Reference: http://openwall.com/lists/oss-security/2011/03/14/5
Reference: http://openwall.com/lists/oss-security/2011/03/14/7
Reference: http://openwall.com/lists/oss-security/2011/03/14/16
Reference: http://openwall.com/lists/oss-security/2011/03/15/6
Reference: http://openwall.com/lists/oss-security/2011/03/22/4
Reference: http://openwall.com/lists/oss-security/2011/03/22/6
Reference: http://openwall.com/lists/oss-security/2011/03/31/3
Reference: http://openwall.com/lists/oss-security/2011/03/31/4
Reference: http://openwall.com/lists/oss-security/2011/04/01/2
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=688980

mount in util-linux 2.19 and earlier does not remove the /etc/mtab~
lock file after a failed attempt to add a mount entry, which has
unspecified impact and local attack vectors.

Comment 1 Vincent Danen 2011-04-12 22:35:57 UTC
Created util-linux-ng tracking bugs for this issue

Affects: fedora-all [bug 695940]

Comment 2 Tomas Hoger 2011-05-12 14:11:05 UTC
To correct the CVE description, umount is leaving lock (and temporary) file behind when it is killed by a signal.  umount can easily be killed while performing mtab update, as it does not block signals in the same way mount does (which is unaffected by this issue, as Karel noted in bug #695921, comment #2).

Summary of the patches that were committed upstream to address this and related
issues can be found in bug #695940, comment #5.

Comment 4 errata-xmlrpc 2011-12-06 17:10:56 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:1691 https://rhn.redhat.com/errata/RHSA-2011-1691.html

Comment 6 errata-xmlrpc 2012-02-21 03:20:29 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:0307 https://rhn.redhat.com/errata/RHSA-2012-0307.html

Note You need to log in before you can comment on or make changes to this bug.