|
Family: Ubuntu Local Security Checks --> Category: infos
USN184-1 : util-linux vulnerability Vulnerability Scan
Vulnerability Scan Summary util-linux vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- bsdutils
- mount
- util-linux
- util-linux-locales
Description :
David Watson discovered that "umount -r" removed some restrictive
mount options like the "nosuid" flag. If /etc/fstab contains
user-mountable removable devices which specify the "nosuid" flag
(which is common practice for such devices), a local attacker could
exploit this to execute arbitrary programs with root rights by
calling "umount -r" on a removable device.
This does not affect the default Ubuntu configuration. Since Ubuntu
mounts removable devices automatically, there is normally no need to
configure them manually in /etc/fstab.
Solution :
Upgrade to :
- bsdutils-2.12p-2ubuntu2.2 (Ubuntu 5.04)
- mount-2.12p-2ubuntu2.2 (Ubuntu 5.04)
- util-linux-2.12p-2ubuntu2.2 (Ubuntu 5.04)
- util-linux-locales-2.12p-2ubuntu2.2 (Ubuntu 5.04)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|