CVE-2005-2876

Description

umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.

Affected products

• andries_brouwer / util-linux2.8.1_alpha – 2.8.1_alpha
• andries_brouwer / util-linux2.8_12 – 2.8_12
• andries_brouwer / util-linux2.9i – 2.9i
• andries_brouwer / util-linux2.9w – 2.9w
• andries_brouwer / util-linux2.10f – 2.10f
• andries_brouwer / util-linux2.10m – 2.10m
• andries_brouwer / util-linux2.10p – 2.10p
• andries_brouwer / util-linux2.11f – 2.11f
• andries_brouwer / util-linux2.11n – 2.11n
• andries_brouwer / util-linux2.11q – 2.11q
• andries_brouwer / util-linux2.11r – 2.11r
• andries_brouwer / util-linux2.11w – 2.11w
• andries_brouwer / util-linux2.11x – 2.11x
• andries_brouwer / util-linux2.11y – 2.11y
• andries_brouwer / util-linux2.11z – 2.11z
• andries_brouwer / util-linux2.12a – 2.12a
• andries_brouwer / util-linux2.12b – 2.12b
• andries_brouwer / util-linux2.12i – 2.12i
• andries_brouwer / util-linux2.12j – 2.12j
• andries_brouwer / util-linux2.12k – 2.12k
• andries_brouwer / util-linux2.12o – 2.12o
• andries_brouwer / util-linux2.12p – 2.12p
• andries_brouwer / util-linux2.12q – 2.12q
• andries_brouwer / util-linux2.13_pre1 – 2.13_pre1
• andries_brouwer / util-linux2.13_pre2 – 2.13_pre2

References

• MISChttp://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1
• VENDOR_ADVISORYhttp://secunia.com/advisories/17133
• MISChttp://www.securityfocus.com/archive/1/419774/100/0/threaded
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/22241
• MISChttp://www.osvdb.org/19369
• VENDOR_ADVISORYhttp://www.debian.org/security/2005/dsa-823
• VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/2005_21_sr.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/16785
• MAILING_LISThttp://marc.info/?l=bugtraq&m=112690609622266&w=2
• VENDOR_ADVISORYhttp://secunia.com/advisories/16988
• VENDOR_ADVISORYhttp://www.debian.org/security/2005/dsa-825
• VENDOR_ADVISORYhttp://secunia.com/advisories/17154
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/usn-184-1
• MISChttp://support.avaya.com/elmodocs2/security/ASA-2006-014.htm
• VENDOR_ADVISORYhttp://secunia.com/advisories/18502
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10921
• VENDOR_ADVISORYhttp://secunia.com/advisories/17027
• MAILING_LISThttp://marc.info/?l=bugtraq&m=112656096125857&w=2
• VENDOR_ADVISORYhttp://secunia.com/advisories/17004
• MISChttp://www.securityfocus.com/bid/14816