Bug 695924 - (CVE-2011-1677) CVE-2011-1677 util-linux: umount may fail to remove /etc/mtab~ lock file
CVE-2011-1677 util-linux: umount may fail to remove /etc/mtab~ lock file
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 695940 738789 768382
Blocks: 734217 734543 742493
  Show dependency treegraph
Reported: 2011-04-12 18:15 EDT by Vincent Danen
Modified: 2015-07-31 02:39 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-02-21 03:34:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2011-04-12 18:15:51 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1677 to
the following vulnerability:

Name: CVE-2011-1677
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1677
Assigned: 20110409
Reference: http://openwall.com/lists/oss-security/2011/03/04/11
Reference: http://openwall.com/lists/oss-security/2011/03/04/9
Reference: http://openwall.com/lists/oss-security/2011/03/04/10
Reference: http://openwall.com/lists/oss-security/2011/03/04/12
Reference: http://openwall.com/lists/oss-security/2011/03/05/3
Reference: http://openwall.com/lists/oss-security/2011/03/05/7
Reference: http://openwall.com/lists/oss-security/2011/03/07/9
Reference: http://openwall.com/lists/oss-security/2011/03/14/5
Reference: http://openwall.com/lists/oss-security/2011/03/14/7
Reference: http://openwall.com/lists/oss-security/2011/03/14/16
Reference: http://openwall.com/lists/oss-security/2011/03/15/6
Reference: http://openwall.com/lists/oss-security/2011/03/22/4
Reference: http://openwall.com/lists/oss-security/2011/03/22/6
Reference: http://openwall.com/lists/oss-security/2011/03/31/3
Reference: http://openwall.com/lists/oss-security/2011/03/31/4
Reference: http://openwall.com/lists/oss-security/2011/04/01/2
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=688980

mount in util-linux 2.19 and earlier does not remove the /etc/mtab~
lock file after a failed attempt to add a mount entry, which has
unspecified impact and local attack vectors.
Comment 1 Vincent Danen 2011-04-12 18:35:57 EDT
Created util-linux-ng tracking bugs for this issue

Affects: fedora-all [bug 695940]
Comment 2 Tomas Hoger 2011-05-12 10:11:05 EDT
To correct the CVE description, umount is leaving lock (and temporary) file behind when it is killed by a signal.  umount can easily be killed while performing mtab update, as it does not block signals in the same way mount does (which is unaffected by this issue, as Karel noted in bug #695921, comment #2).

Summary of the patches that were committed upstream to address this and related
issues can be found in bug #695940, comment #5.
Comment 4 errata-xmlrpc 2011-12-06 12:10:56 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:1691 https://rhn.redhat.com/errata/RHSA-2011-1691.html
Comment 6 errata-xmlrpc 2012-02-20 22:20:29 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:0307 https://rhn.redhat.com/errata/RHSA-2012-0307.html

Note You need to log in before you can comment on or make changes to this bug.