Vulnerability: Inadequate Error Reporting in addmntent Function

Vulnerability: Inadequate Error Reporting in addmntent Function

CVE-2011-1089 · LOW Severity

AV:L/AC:M/AU:N/C:P/I:P/A:N

The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.

Learn more about our User Device Pen Test.