USN-533-1: util-linux vulnerability

22 October 2007

util-linux vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 7.04
  • Ubuntu 6.10
  • Ubuntu 6.06 LTS

Software Description

  • util-linux

Details

Ludwig Nussel discovered that mount and umount did not properly drop privileges when using helper programs. Local attackers may be able to bypass security restrictions and gain root privileges using programs such as mount.nfs or mount.cifs.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.04
mount - 2.12r-17ubuntu2.1
Ubuntu 6.10
mount - 2.12r-11ubuntu2.1
Ubuntu 6.06 LTS
mount - 2.12r-4ubuntu6.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the necessary changes.

References