USN-184-1: umount vulnerability

19 September 2005

util-linux vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

David Watson discovered that “umount -r” removed some restrictive mount options like the “nosuid” flag. If /etc/fstab contains user-mountable removable devices which specify the “nosuid” flag (which is common practice for such devices), a local attacker could exploit this to execute arbitrary programs with root privileges by calling “umount -r” on a removable device.

This does not affect the default Ubuntu configuration. Since Ubuntu mounts removable devices automatically, there is normally no need to configure them manually in /etc/fstab.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
mount
Ubuntu 4.10
mount

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References