Pardus: 2011-98: nfs-utils: Corruption of the
Posted by Benjamin D. Thomas   
A vulnerability has been fixed in ntf-utils.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-98            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-07-14
      Type: Local
------------------------------------------------------------------------

Summary
======
A vulnerability has been fixed in ntf-utils.


Description
==========
CVE-2011-1749:

It was found that mount.nfs suffers from the same flaw as  other  mount
helpers (see CVE-2011-1089). Instead of  using  addmntent(),  nfs-utils
implements its own similar function (nfs_addmntent()) which also  fails
to anticipate whether resource limits would  interfere  with  correctly
writing to /etc/mtab. A local user could use this to trigger corruption
of the /etc/mtab file via a process with a small RLIMIT_FSIZE value.



Affected packages:

  Pardus 2009:
    nfs-utils, all before 1.1.6-19-5
  Pardus 2011:
    nfs-utils, all before 1.2.3-24-p11


Resolution
=========
There are update(s) for nfs-utils. You  can  update  them  via  Package
Manager or with a single command from console:

  Pardus 2009:
    pisi up nfs-utils

  Pardus 2011:
    pisi up nfs-utils


References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id967

------------------------------------------------------------------------