VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 10, 2011· Updated Apr 29, 2026

CVE-2011-1089

CVE-2011-1089

Description

The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The addmntent function in glibc 2.13 and earlier fails to report write failures, allowing local users to corrupt /etc/mtab via RLIMIT_FSIZE.

Vulnerability

The addmntent function in the GNU C Library (glibc) versions 2.13 and earlier does not return an error status when a write to the /etc/mtab file fails [1][4]. The function uses fprintf and only returns failure if fprintf returns <0, but partial writes (e.g., due to RLIMIT_FSIZE) are not detected [4]. This affects all programs that call addmntent, particularly suid mount helpers such as those in util-linux, mount.cifs, and others [1].

Exploitation

A local attacker with the ability to set a small RLIMIT_FSIZE value (e.g., via ulimit) can cause a process writing to /etc/mtab to have its write truncated. If the process catches or ignores SIGXFSZ (as many suid helpers do), the write may be partial but addmntent returns success, leaving /etc/mtab in an inconsistent state [1][4]. The attacker does not need special privileges beyond the ability to set resource limits for a process they control.

Impact

Successful exploitation results in corruption of the /etc/mtab file, which can lead to incorrect mount information being reported. This may cause subsequent mount/umount operations to fail or behave unexpectedly, potentially leading to denial of service or further system instability [1]. The corruption is persistent until /etc/mtab is manually repaired.

Mitigation

Red Hat released RHSA-2011:1526 to address this issue in glibc [2]. The fix ensures that addmntent properly reports write failures. Users should update glibc to a patched version. As a workaround, replacing /etc/mtab with a symlink to /proc/mounts eliminates the need to write to /etc/mtab [3]. Note that CVE-2011-1089 is distinct from CVE-2010-0296.

References
  1. security - Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  2. Support
  3. security - Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
  4. security - Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

59
  • GNU/Glibc58 versions
    cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*+ 57 more
    • cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*range: <=2.13
    • cpe:2.3:a:gnu:glibc:1.00:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.01:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.02:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.03:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.04:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.05:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.06:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.07:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.08:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.09:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:1.09.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.10.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.12.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:glibc:2.9:*:*:*:*:*:*:*
  • GNU/C Library (glibc)llm-fuzzy
    Range: <=2.13

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

22

News mentions

0

No linked articles in our index yet.