|
util-linux umount "-r" Re-Mounting Security Issue
|
|
Secunia Advisory:
|
SA16785
|
|
|
Release Date:
|
2005-09-13
|
|
Last Update:
|
2005-09-15
|
|
Popularity:
|
7,424 views
|
|
|
Critical:
|
Not critical
|
|
Impact:
|
Privilege escalation
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | util-linux 2.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2005-2876
|
|
Description:
David Watson has reported a security issue in util-linux, which potentially can be exploited by malicious, local users to gain escalated privileges.
The problem is that non-root users can call umount with the "-r" flag on user-mountable volumes. This can be exploited to cause a user-mountable volume to be re-mounted read-only and cause the nosuid, noexec, and nodev flags to be cleared.
This can further be exploited to call a setuid binary on the user-mountable volume.
Successful exploitation requires privileges to unmount a user-mountable file system.
The security issue has been reported in versions 2.8 through 2.12q, 2.13-pre1, and 2.13-pre2.
Solution:
The security issue has been fixed in version 2.12r-pre1 and 2.13-pre3.
Provided and/or discovered by:
David Watson
Changelog:
2005-09-15: Added CVE reference.
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
