Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1677 to the following vulnerability: Name: CVE-2011-1677 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1677 Assigned: 20110409 Reference: http://openwall.com/lists/oss-security/2011/03/04/11 Reference: http://openwall.com/lists/oss-security/2011/03/04/9 Reference: http://openwall.com/lists/oss-security/2011/03/04/10 Reference: http://openwall.com/lists/oss-security/2011/03/04/12 Reference: http://openwall.com/lists/oss-security/2011/03/05/3 Reference: http://openwall.com/lists/oss-security/2011/03/05/7 Reference: http://openwall.com/lists/oss-security/2011/03/07/9 Reference: http://openwall.com/lists/oss-security/2011/03/14/5 Reference: http://openwall.com/lists/oss-security/2011/03/14/7 Reference: http://openwall.com/lists/oss-security/2011/03/14/16 Reference: http://openwall.com/lists/oss-security/2011/03/15/6 Reference: http://openwall.com/lists/oss-security/2011/03/22/4 Reference: http://openwall.com/lists/oss-security/2011/03/22/6 Reference: http://openwall.com/lists/oss-security/2011/03/31/3 Reference: http://openwall.com/lists/oss-security/2011/03/31/4 Reference: http://openwall.com/lists/oss-security/2011/04/01/2 Reference: https://bugzilla.redhat.com/show_bug.cgi?id=688980 mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors.
Created util-linux-ng tracking bugs for this issue Affects: fedora-all [bug 695940]
To correct the CVE description, umount is leaving lock (and temporary) file behind when it is killed by a signal. umount can easily be killed while performing mtab update, as it does not block signals in the same way mount does (which is unaffected by this issue, as Karel noted in bug #695921, comment #2). Summary of the patches that were committed upstream to address this and related issues can be found in bug #695940, comment #5.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1691 https://rhn.redhat.com/errata/RHSA-2011-1691.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:0307 https://rhn.redhat.com/errata/RHSA-2012-0307.html