CVE-2005-2876
CVSS7.2
发布时间 :2005-09-13 19:03:00
修订时间 :2016-10-17 23:31:01
NMCOPS    

[原文]umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.


[CNNVD]Linux umount命令权限提升漏洞(CNNVD-200509-103)

        util-linux包包含各种底层系统工具,用于实现Linux的基本功能。
        umount在处理文件卸载时存在漏洞,本地攻击者可能利用此漏洞获取root用户权限。在加载系统文件时,util-linux包中的mount命令默认下总是设置了nosuid和nodev标记,仅有超级用户或fstab项中的明确设置才能覆盖这个标签。但是,umount命令允许用户使用-r选项删除这些标签。在系统繁忙无法完全卸载文件系统时(如进程的当前目录),-r选项会要求umount只读重新加载文件系统,但仅以MS_RDONLY ("ro")标签重新加载,这样就清除了所有其他标签,包括nosuid和nodev。成功利用这个漏洞的攻击者可以使用-r选项强制不安全的重新加载,获得root权限。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:andries_brouwer:util-linux:2.10p
cpe:/a:andries_brouwer:util-linux:2.12q
cpe:/a:andries_brouwer:util-linux:2.12p
cpe:/a:andries_brouwer:util-linux:2.10m
cpe:/a:andries_brouwer:util-linux:2.12o
cpe:/a:andries_brouwer:util-linux:2.13_pre2
cpe:/a:andries_brouwer:util-linux:2.9i
cpe:/a:andries_brouwer:util-linux:2.10f
cpe:/a:andries_brouwer:util-linux:2.8_12
cpe:/a:andries_brouwer:util-linux:2.12b
cpe:/a:andries_brouwer:util-linux:2.12a
cpe:/a:andries_brouwer:util-linux:2.11r
cpe:/a:andries_brouwer:util-linux:2.11w
cpe:/a:andries_brouwer:util-linux:2.9w
cpe:/a:andries_brouwer:util-linux:2.13_pre1
cpe:/a:andries_brouwer:util-linux:2.11q
cpe:/a:andries_brouwer:util-linux:2.12k
cpe:/a:andries_brouwer:util-linux:2.8.1_alpha
cpe:/a:andries_brouwer:util-linux:2.11n
cpe:/a:andries_brouwer:util-linux:2.12j
cpe:/a:andries_brouwer:util-linux:2.12i
cpe:/a:andries_brouwer:util-linux:2.11f
cpe:/a:andries_brouwer:util-linux:2.11z
cpe:/a:andries_brouwer:util-linux:2.11y
cpe:/a:andries_brouwer:util-linux:2.11x

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10921umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount perm...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2876
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2876
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200509-103
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=112656096125857&w=2
(UNKNOWN)  BUGTRAQ  20050912 util-linux: unintentional grant of privileges by umount
http://marc.info/?l=bugtraq&m=112690609622266&w=2
(UNKNOWN)  TRUSTIX  2005-0049
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1
(UNKNOWN)  SUNALERT  101960
http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm
(UNKNOWN)  MISC  http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm
http://www.debian.org/security/2005/dsa-823
(UNKNOWN)  DEBIAN  DSA-823
http://www.debian.org/security/2005/dsa-825
(UNKNOWN)  DEBIAN  DSA-825
http://www.novell.com/linux/security/advisories/2005_21_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:021
http://www.securityfocus.com/archive/1/archive/1/419774/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:168326
http://www.securityfocus.com/bid/14816
(UNKNOWN)  BID  14816
http://www.ubuntu.com/usn/usn-184-1
(UNKNOWN)  UBUNTU  USN-184
http://xforce.iss.net/xforce/xfdb/22241
(UNKNOWN)  XF  utillinux-umount-gain-privileges(22241)

- 漏洞信息

Linux umount命令权限提升漏洞
高危 设计错误
2005-09-13 00:00:00 2005-10-20 00:00:00
本地  
        util-linux包包含各种底层系统工具,用于实现Linux的基本功能。
        umount在处理文件卸载时存在漏洞,本地攻击者可能利用此漏洞获取root用户权限。在加载系统文件时,util-linux包中的mount命令默认下总是设置了nosuid和nodev标记,仅有超级用户或fstab项中的明确设置才能覆盖这个标签。但是,umount命令允许用户使用-r选项删除这些标签。在系统繁忙无法完全卸载文件系统时(如进程的当前目录),-r选项会要求umount只读重新加载文件系统,但仅以MS_RDONLY ("ro")标签重新加载,这样就清除了所有其他标签,包括nosuid和nodev。成功利用这个漏洞的攻击者可以使用-r选项强制不安全的重新加载,获得root权限。

- 公告与补丁

        暂无数据

- 漏洞信息 (F40360)

Debian Linux Security Advisory 825-1 (PacketStormID:F40360)
2005-10-04 00:00:00
Debian  security.debian.org
advisory,local
linux,debian
CVE-2005-2876
[点击下载]

Debian Security Advisory DSA 823-1 - David Watson discovered a bug in mount as provided by util-linux and other packages such as loop-aes-utils that allows local users to bypass filesystem access restrictions by re-mounting it read-only.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 825-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 29th, 2005                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : loop-aes-utils
Vulnerability  : privilege escalation
Problem type   : local
Debian-specific: no
CVE ID         : CAN-2005-2876

David Watson discoverd a bug in mount as provided by util-linux and
other packages such as loop-aes-utils that allows local users to
bypass filesystem access restrictions by re-mounting it read-only.

The old stable distribution (woody) does not contain loop-aes-utils
packages.

For the stable distribution (sarge) this problem has been fixed in
version 2.12p-4sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.12p-9.

We recommend that you upgrade your loop-aes-utils package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1.dsc
      Size/MD5 checksum:      684 e708365ea3b674ef3983edda999d8070
    http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1.diff.gz
      Size/MD5 checksum:    69614 f085322d67f1300c914910c1ca1fd95f
    http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p.orig.tar.gz
      Size/MD5 checksum:  2001658 d47e820f6880c21c8b4c0c7e8a7376cc

  Alpha architecture:

    http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_alpha.deb
      Size/MD5 checksum:   169938 66c4a72d906d1e55965165e3b6f49689

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_amd64.deb
      Size/MD5 checksum:   150498 9d6d3455ac704fa38601a2a1670d9f2a

  ARM architecture:

    http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_arm.deb
      Size/MD5 checksum:   142030 c7c7fc0cb178d9b9878d936f0a8426e3

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_i386.deb
      Size/MD5 checksum:   142250 de42b52353becd80ee61922a1b21486a

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_ia64.deb
      Size/MD5 checksum:   190858 ede8efa9e792c2e8e05ddc08b1570670

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_hppa.deb
      Size/MD5 checksum:   156618 d326b2462c0f9abd2278e0ea4c809183

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_m68k.deb
      Size/MD5 checksum:   132244 de86a9f8f29f23ea7d2b8ee896844ba6

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_mips.deb
      Size/MD5 checksum:   159556 f37ed88ed75765546aba0ae13e2f80ab

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_mipsel.deb
      Size/MD5 checksum:   160092 2a89a577a2edec9920050650b7e96484

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_powerpc.deb
      Size/MD5 checksum:   155064 64bb3aff51cdff0a0bc6851e9aed2ddd

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_s390.deb
      Size/MD5 checksum:   153226 9a4bb20c30f7cf5127c0c5ec6f0862e8

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_sparc.deb
      Size/MD5 checksum:   142068 15cb6e8097a22a66e77ff7fd0aebbe76


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDPBLQW5ql+IAeqTIRAocaAJ9uYRaYapfbtBZc5uVx4ww0hgXMuQCfZFaO
XZXXtv1M+fsHSHpa6WVtzKI=
=AR9C
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F40358)

Debian Linux Security Advisory 823-1 (PacketStormID:F40358)
2005-10-04 00:00:00
Debian  security.debian.org
advisory,local
linux,debian
CVE-2005-2876
[点击下载]

Debian Security Advisory DSA 823-1 - David Watson discovered a bug in mount as provided by util-linux and other packages such as loop-aes-utils that allows local users to bypass filesystem access restrictions by re-mounting it read-only.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 823-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 29th, 2005                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : util-linux
Vulnerability  : privilege escalation
Problem type   : local
Debian-specific: no
CVE ID         : CAN-2005-2876
Debian Bug     : 328141 329063

David Watson discoverd a bug in mount as provided by util-linux and
other packages such as loop-aes-utils that allows local users to
bypass filesystem access restrictions by re-mounting it read-only.

For the old stable distribution (woody) this problem has been fixed in
version 2.11n-7woody1.

For the stable distribution (sarge) this problem has been fixed in
version 2.12p-4sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.12p-8.

We recommend that you upgrade your loop-aes-utils package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1.dsc
      Size/MD5 checksum:      641 fce635015061f5d46813f8592a40d4c6
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1.diff.gz
      Size/MD5 checksum:    50075 cf65f5247eb2804b2a50f9194e68cb90
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n.orig.tar.gz
      Size/MD5 checksum:  1442534 8abef2ae7e95177f5253ed4535e074c1

  Architecture independent components:

    http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.11n-7woody1_all.deb
      Size/MD5 checksum:   650386 a4be44b838e54364ddf1f173221744f5

  Alpha architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_alpha.deb
      Size/MD5 checksum:    42090 47783226e3c34c116eb07b37d1210d1c
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_alpha.deb
      Size/MD5 checksum:   125614 5ded5ce9534da343bc1f2d1932b1dad2
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_alpha.deb
      Size/MD5 checksum:   389870 25f9bbe360817774d353ff4b0867c1d3

  ARM architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_arm.deb
      Size/MD5 checksum:    38952 d27109fd1a530f9645abc7a49782d2a3
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_arm.deb
      Size/MD5 checksum:    99214 9c97a96648eb0e2de9807ed6ebf28273
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_arm.deb
      Size/MD5 checksum:   336014 b0a323657cbac6753dbfb2f8702f97e3

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_i386.deb
      Size/MD5 checksum:    39666 6ad1c919266183bc2d9b72900dcacd32
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_i386.deb
      Size/MD5 checksum:    99486 7c46ddd1c0344fef3b1bdb73b49479d6
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_i386.deb
      Size/MD5 checksum:   330128 d6e5c87bb8e250d6fb25c42ea4bcabd4

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_ia64.deb
      Size/MD5 checksum:    44814 ccd30f34220f611839f6af3804994f35
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_ia64.deb
      Size/MD5 checksum:   141200 2665d0a3d0c4e4c44379cf72f6da820e
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_ia64.deb
      Size/MD5 checksum:   450054 fd182f5abb1f7e5e8e0e7b2c9b7063b8

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_hppa.deb
      Size/MD5 checksum:    40848 6ac5aeb7c1f65b14668cf2f25b33dea2
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_hppa.deb
      Size/MD5 checksum:   114886 74597c0f5942039cf0adbc3c6b5fa34d
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_hppa.deb
      Size/MD5 checksum:   367094 4933cae4c4cb1e01ced24d52f3e9b2b0

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_m68k.deb
      Size/MD5 checksum:    39170 62f8cac276d09b134c0a62c42563ab51
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_m68k.deb
      Size/MD5 checksum:    96928 51eb3ba6a32e35ee5e7db83eec7436bf
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_m68k.deb
      Size/MD5 checksum:   203656 937a79d72ea795195c6b761a5aea7bb6

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_mips.deb
      Size/MD5 checksum:    39846 94fa3b3bf56f6d63066603acbbcc3d43
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_mips.deb
      Size/MD5 checksum:   112544 8493e3d4ee5ac8037a51f30baf2e197b
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_mips.deb
      Size/MD5 checksum:   348288 d1f62cda038b511e5df00f7850fecd94

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_mipsel.deb
      Size/MD5 checksum:    39706 508586755e53ed64c3aa32455b0f0b6c
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_mipsel.deb
      Size/MD5 checksum:   112684 2e7fd13c29633ce39676f63932b0fc8d
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_mipsel.deb
      Size/MD5 checksum:   347824 c6244afdec75eb663065aa13fa7bdeda

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_powerpc.deb
      Size/MD5 checksum:    39288 96bec0efd657e08892a27c10e2aeb33f
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_powerpc.deb
      Size/MD5 checksum:   102562 2a5d7040ab0372bdfbeeacabcd3f6b8b
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_powerpc.deb
      Size/MD5 checksum:   339450 0046286fb461e613f10e51f29980abb3

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_s390.deb
      Size/MD5 checksum:    40426 b8bbe428e0dcab555753d427112afab6
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_s390.deb
      Size/MD5 checksum:   106674 62cf3121f0096637cfad9f0b6f42c750
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_s390.deb
      Size/MD5 checksum:   190018 9130482d45c4d70d75729c75fce92daa

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_sparc.deb
      Size/MD5 checksum:    46030 8ff343a6e95a5b3f1894b849c328da2e
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_sparc.deb
      Size/MD5 checksum:   113674 744e3c6ebe8ce757f9f8fe6947a9db4a
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_sparc.deb
      Size/MD5 checksum:   273234 bb59545a02d0b7570fb34a4fd12b2c68


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1.dsc
      Size/MD5 checksum:      712 9341316ba59e695a6bc89cd9ecda5f65
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1.diff.gz
      Size/MD5 checksum:    73184 777c64bed4a63496ec05456ccf234bcd
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p.orig.tar.gz
      Size/MD5 checksum:  2001658 d47e820f6880c21c8b4c0c7e8a7376cc

  Architecture independent components:

    http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.12p-4sarge1_all.deb
      Size/MD5 checksum:  1078722 5f5e4513c74e6cb5262b4ac976881eb0

  Alpha architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_alpha.deb
      Size/MD5 checksum:    68950 bb19eb9abe0bc1277e3dd2313b8f4153
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_alpha.deb
      Size/MD5 checksum:   159648 f1636230b6f4523f80edc78aa57ba2aa
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_alpha.deb
      Size/MD5 checksum:   439592 cdaad3d4d275315f03bd304c9d414faf

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_amd64.deb
      Size/MD5 checksum:    67222 26b68625dda4c3736124a14543347ebd
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_amd64.deb
      Size/MD5 checksum:   146038 b8f5b355beb87bc3637861fc526c6d85
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_amd64.deb
      Size/MD5 checksum:   400974 361df6632f69bac77bf290f5ab9a0f71

  ARM architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_arm.deb
      Size/MD5 checksum:    65290 4efd973f621a30865f70cfcbb70473df
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_arm.deb
      Size/MD5 checksum:   136262 018f40934ba15fb5e20a0c625f8eb9b9
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_arm.deb
      Size/MD5 checksum:   386952 cdb739cf88a719d3f74b2519f7ed8abc

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_i386.deb
      Size/MD5 checksum:    65606 8339484e18bf9d4e491c73bc2a9b6a76
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_i386.deb
      Size/MD5 checksum:   139460 544996c905c84f9cdaef5bc4d0eefb10
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_i386.deb
      Size/MD5 checksum:   378306 93e989d714a489a8d5ddee64b33c6e90

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_ia64.deb
      Size/MD5 checksum:    71536 a088766c3e795b062a612dc6d72a5c70
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_ia64.deb
      Size/MD5 checksum:   173796 5b3790cc40b6e8d1663d6deef0ccab1c
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_ia64.deb
      Size/MD5 checksum:   507240 c5145ec21236d9070a7a6336a980a89e

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_hppa.deb
      Size/MD5 checksum:    67900 20a19565eb92558559c0adf23c4c2d0f
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_hppa.deb
      Size/MD5 checksum:   149158 29252ec2808c4d83e2479a33f11ae1a8
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_hppa.deb
      Size/MD5 checksum:   423080 322a7f09ca9f9a237413dc773569c012

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_m68k.deb
      Size/MD5 checksum:    65550 7596fb004730584bffca201e249ab649
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_m68k.deb
      Size/MD5 checksum:   129726 6feecfc0d82581bc412ee9a438e1a29e
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_m68k.deb
      Size/MD5 checksum:   242620 60cccf944698d0a8745374e235289604

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_mips.deb
      Size/MD5 checksum:    71096 027aa05d9700dd5af662b781dcd9775b
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_mips.deb
      Size/MD5 checksum:   149458 eeaf4aa326ae1b7564b2dda793734068
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_mips.deb
      Size/MD5 checksum:   453900 69552406024cc032c557c524e783582f

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_mipsel.deb
      Size/MD5 checksum:    71010 2326040662acc0699d767bae3bebd39f
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_mipsel.deb
      Size/MD5 checksum:   150020 1e48ae6712dce580678651ec91663e8b
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_mipsel.deb
      Size/MD5 checksum:   453972 e533c8ac5d80dbe2b7c70daf18085af7

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_powerpc.deb
      Size/MD5 checksum:    65978 05e9556e5750e669bec851420ab8f33f
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_powerpc.deb
      Size/MD5 checksum:   147196 41bf9664a9d41b42feb3ecad65d301ed
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_powerpc.deb
      Size/MD5 checksum:   406370 1c2d8185c20990c83c17167520a069a5

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_s390.deb
      Size/MD5 checksum:    67110 6e0c2effc303c52f8ee6af6c2000d474
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_s390.deb
      Size/MD5 checksum:   145748 11b35f1e0d8195a764ce017c2b1dc219
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_s390.deb
      Size/MD5 checksum:   379132 b389239d7f14c30cd020254975ae9b7e

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_sparc.deb
      Size/MD5 checksum:    65416 57c00592da329cec3c1ebdc1630a671f
    http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_sparc.deb
      Size/MD5 checksum:   138136 12581a557519b123e3177e37877e2b0f
    http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_sparc.deb
      Size/MD5 checksum:   274442 5f93b33ea1f6372e244c3c8dcc95a062


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDO5m0W5ql+IAeqTIRAkQJAJ9997RfpHBmsBwC/ywZTXTWE90PegCghMJH
Ky+REN/gU3d8WH435DPPhLk=
=eDV/
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F40200)

Gentoo Linux Security Advisory 200509-15 (PacketStormID:F40200)
2005-09-23 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-2876
[点击下载]

Gentoo Linux Security Advisory GLSA 200509-15 - When a regular user mounts a filesystem, they are subject to restrictions in the /etc/fstab configuration file. David Watson discovered that when unmounting a filesystem with the '-r' option, the read-only bit is set, while other bits, such as nosuid or nodev, are not set, even if they were previously. Versions less than 2.12q-r3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200509-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: util-linux: umount command validation error
      Date: September 20, 2005
      Bugs: #105805
        ID: 200509-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A command validation error in umount can lead to an escalation of
privileges.

Background
==========

util-linux is a suite of useful Linux programs including umount, a
program used to unmount filesystems.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /  Vulnerable  /                  Unaffected
    -------------------------------------------------------------------
  1  sys-apps/util-linux     < 2.12q-r3                    >= 2.12q-r3

Description
===========

When a regular user mounts a filesystem, they are subject to
restrictions in the /etc/fstab configuration file. David Watson
discovered that when unmounting a filesystem with the '-r' option, the
read-only bit is set, while other bits, such as nosuid or nodev, are
not set, even if they were previously.

Impact
======

An unprivileged user facing nosuid or nodev restrictions can umount -r
a filesystem clearing those bits, allowing applications to be executed
suid, or have device nodes interpreted. In the case where the user can
freely modify the contents of the filesystem, privilege escalation may
occur as a custom program may execute with suid permissions.

Workaround
==========

Two workarounds exist, first, the suid bit can be removed from the
umount utility, or users can be restricted from mounting and unmounting
filesystems in /etc/fstab.

Resolution
==========

All util-linux users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-apps/util-linux-2.12q-r3"

References
==========

  [ 1 ] CAN-2005-2876
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2876

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200509-15.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息 (F40172)

Ubuntu Security Notice 184-1 (PacketStormID:F40172)
2005-09-22 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary,local,root
linux,ubuntu
CVE-2005-2876
[点击下载]

Ubuntu Security Notice USN-184-1 - David Watson discovered that umount -r removed some restrictive mount options like the nosuid flag. If /etc/fstab contains user-mountable removable devices which specify the nosuid flag (which is common practice for such devices), a local attacker could exploit this to execute arbitrary programs with root privileges by calling umount -r on a removable device.

===========================================================
Ubuntu Security Notice USN-184-1         September 19, 2005
util-linux vulnerability
CAN-2005-2876
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

mount

The problem can be corrected by upgrading the affected package to
version 2.12-7ubuntu6.1 (for Ubuntu 4.10), or 2.12p-2ubuntu2.2 (for
Ubuntu 5.04). In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

David Watson discovered that "umount -r" removed some restrictive
mount options like the "nosuid" flag. If /etc/fstab contains
user-mountable removable devices which specify the "nosuid" flag
(which is common practice for such devices), a local attacker could
exploit this to execute arbitrary programs with root privileges by
calling "umount -r" on a removable device.

This does not affect the default Ubuntu configuration. Since Ubuntu
mounts removable devices automatically, there is normally no need to
configure them manually in /etc/fstab.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1.diff.gz
      Size/MD5:   109678 0f53c5d6208be9e3cff6aeddc8c425a0
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1.dsc
      Size/MD5:      684 9eeee328200d97c7061c26f6282a8546
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12.orig.tar.gz
      Size/MD5:  1857871 997adf78b98d9d1c5db4f37ea982acff

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux-locales_2.12-7ubuntu6.1_all.deb
      Size/MD5:  1003200 ed3311f9aa0a7e56c23577d047c319fd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12-7ubuntu6.1_amd64.deb
      Size/MD5:    64334 6882395e415054b701c2e70bdb67ee0e
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12-7ubuntu6.1_amd64.udeb
      Size/MD5:   482704 f9a48c8a7375e9f8074c065aabdd6838
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12-7ubuntu6.1_amd64.deb
      Size/MD5:   141548 9eb9d95d01f993f448ad7ca939c111f4
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1_amd64.deb
      Size/MD5:   397282 ff8ef6b3bbd984d6dede6354541aaff7

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12-7ubuntu6.1_i386.deb
      Size/MD5:    62742 f704e179423d77e77af3d00870fe8167
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12-7ubuntu6.1_i386.udeb
      Size/MD5:   474138 a8ca30bfa696161380b877670c4d9419
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12-7ubuntu6.1_i386.deb
      Size/MD5:   135724 00e352bc778a4dda0f03501c96f747ab
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1_i386.deb
      Size/MD5:   373882 a66f10929e0ccd92428499e2406e6b50

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12-7ubuntu6.1_powerpc.deb
      Size/MD5:    63050 197f4dcd622e12c1e603a189dcb411d3
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12-7ubuntu6.1_powerpc.udeb
      Size/MD5:   487592 196015505a5781c9000686b0e3692d1f
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12-7ubuntu6.1_powerpc.deb
      Size/MD5:   137564 6844adb2e3b7e2688579d08db55a3bb0
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1_powerpc.deb
      Size/MD5:   399388 35f96a97db999cced0307bd0acb6897f

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.1.dsc
      Size/MD5:      718 87d4453343f20f472d6c22f57f8f0024
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2.diff.gz
      Size/MD5:    74592 09a577be3acfe5951136f6bcb969106b
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2.dsc
      Size/MD5:      718 d3964d818741de394f6758e9b344d176
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p.orig.tar.gz
      Size/MD5:  2001658 d47e820f6880c21c8b4c0c7e8a7376cc

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux-locales_2.12p-2ubuntu2.2_all.deb
      Size/MD5:  1071916 dc0eceabc84f3d65ce6360fbeb557d2c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12p-2ubuntu2.2_amd64.deb
      Size/MD5:    67510 587db10c31483770140574c96b088bb4
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12p-2ubuntu2.2_amd64.udeb
      Size/MD5:   550626 9ae6cb429953fc0540c854abaf2e6651
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12p-2ubuntu2.2_amd64.deb
      Size/MD5:   146380 a46a1901f8c9ec9bf9aa677f27bbc79c
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2_amd64.deb
      Size/MD5:   401386 5ba3eb993cb8ea376d9570405c57730d

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12p-2ubuntu2.2_i386.deb
      Size/MD5:    65744 e377676d6d4a1d7442b7eb4c79356dd4
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12p-2ubuntu2.2_i386.udeb
      Size/MD5:   541066 7045bd2f3ebdec339c4f4fc8d68bc9be
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12p-2ubuntu2.2_i386.deb
      Size/MD5:   140696 c5156a184a4d9fc45a80a3688ef10d89
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2_i386.deb
      Size/MD5:   377960 ed0dd2a6803e2163aad3d13b15ca46e4

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12p-2ubuntu2.2_powerpc.deb
      Size/MD5:    66254 75c8f28f2d50a2f27bcaf2808d7ae4f7
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12p-2ubuntu2.2_powerpc.udeb
      Size/MD5:   556402 e4a18ea0ff5552fa8c341e077cf87bdc
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12p-2ubuntu2.2_powerpc.deb
      Size/MD5:   147474 d03bf255994b756f8a80485ee28a3460
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2_powerpc.deb
      Size/MD5:   406646 92f63f8884ae854e9f6f7c2f0d9df731
    

- 漏洞信息

19369
util-linux umount -r Mount Option Removal Restriction Bypass

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-09-12 Unknow
2005-09-12 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Util-Linux UMount Remounting Filesystem Option Clearing Vulnerability
Design Error 14816
No Yes
2005-09-12 12:00:00 2006-05-09 09:19:00
David Watson <baikie@ehwhat.freeserve.co.uk> discovered this vulnerability.

- 受影响的程序版本

util-linux util-linux 2.13 -pre2
util-linux util-linux 2.13 -pre1
util-linux util-linux 2.12 q
util-linux util-linux 2.12 p
util-linux util-linux 2.12 a
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.1
+ Red Hat Enterprise Linux AS 4
+ RedHat Desktop 4.0
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux WS 4
util-linux util-linux 2.12
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
util-linux util-linux 2.11 z
util-linux util-linux 2.11 u
util-linux util-linux 2.11 r
util-linux util-linux 2.11 n
util-linux util-linux 2.11
util-linux util-linux 2.10
util-linux util-linux 2.9
util-linux util-linux 2.8
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
Sun Java Desktop System (JDS) 2.0
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
SGI Advanced Linux Environment 3.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Conectiva Linux 10.0
Avaya Messaging Storage Server
Avaya Message Networking
Avaya Intuity LX
Avaya CVLAN
Andries Brouwer util-linux 2.11 u
+ Mandriva Linux Mandrake 9.0
Andries Brouwer util-linux 2.11 n
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
Andries Brouwer util-linux 2.11 l
Andries Brouwer util-linux 2.11 k
+ Red Hat Linux 6.2
+ RedHat Linux 7.1
+ RedHat Linux 7.0
Andries Brouwer util-linux 2.11 i
Andries Brouwer util-linux 2.11 h
Andries Brouwer util-linux 2.11 f
- RedHat Linux 7.1
- Trustix Secure Linux 1.5
Andries Brouwer util-linux 2.11 d
Andries Brouwer util-linux 2.10 s
+ Mandriva Linux Mandrake 8.0
- RedHat Linux 7.2 i386
- RedHat Linux 7.1 ia64
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 alpha
util-linux util-linux 2.13 -pre3
util-linux util-linux 2.12 r-pre1

- 不受影响的程序版本

util-linux util-linux 2.13 -pre3
util-linux util-linux 2.12 r-pre1

- 漏洞讨论

Util-linux is susceptible to a filesystem-option-clearing vulnerability. This issue is due to a design flaw that improperly clears mounted-filesystem options in certain circumstances.

This vulnerability allows attackers to clear mounted-filesystem options, allowing them to execute setuid applications to gain elevated privileges. Other attacks are also possible.

- 漏洞利用

An exploit is not required.

- 解决方案


Please see the referenced advisories for further information.


util-linux util-linux 2.11 n

util-linux util-linux 2.11 r

Andries Brouwer util-linux 2.11 u

Andries Brouwer util-linux 2.11 n

util-linux util-linux 2.11

util-linux util-linux 2.11 z

util-linux util-linux 2.12

util-linux util-linux 2.12 a

util-linux util-linux 2.12 q

util-linux util-linux 2.8

util-linux util-linux 2.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站