CVE-2011-1681

Description

vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

How to fix CVE-2011-1681

To remediate CVE-2011-1681, upgrade the affected package to a fixed version below.

• Debian/open-vm-tools—upgrade to 2:8.4.2+2011.08.21-471295-1 or later

Is CVE-2011-1681 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2:8.4.2+2011.08.21-471295-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-1681