USN-184-1: umount vulnerability
19 September 2005
util-linux vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.04
- Ubuntu 4.10
Software Description
Details
David Watson discovered that “umount -r” removed some restrictive mount options like the “nosuid” flag. If /etc/fstab contains user-mountable removable devices which specify the “nosuid” flag (which is common practice for such devices), a local attacker could exploit this to execute arbitrary programs with root privileges by calling “umount -r” on a removable device.
This does not affect the default Ubuntu configuration. Since Ubuntu mounts removable devices automatically, there is normally no need to configure them manually in /etc/fstab.
Update instructions
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 5.04
- mount
- Ubuntu 4.10
- mount
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.