Ubuntu Security Notice USN-184-1
19th September, 2005
util-linux vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.04
- Ubuntu 4.10
Details
David Watson discovered that "umount -r" removed some restrictive
mount options like the "nosuid" flag. If /etc/fstab contains
user-mountable removable devices which specify the "nosuid" flag
(which is common practice for such devices), a local attacker could
exploit this to execute arbitrary programs with root privileges by
calling "umount -r" on a removable device.
This does not affect the default Ubuntu configuration. Since Ubuntu
mounts removable devices automatically, there is normally no need to
configure them manually in /etc/fstab.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.04:
- mount
- Ubuntu 4.10:
- mount
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None