MDKSA-2005:167 - Updated util-linux packages fix umount vulnerability
Posted on: 09/20/2005 09:12 PM

The Mandriva Security Team published a new security update: MDKSA-2005:167 - Updated util-linux packages fix umount vulnerability for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: util-linux
Advisory ID: MDKSA-2005:167
Date: September 20th, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1,
Multi Network Firewall 2.0
______________________________________________________________________

Problem Description:

David Watson disovered that the umount utility, when using the "-r"
cpmmand, could remove some restrictive mount options such as "nosuid".
IF /etc/fstab contained user-mountable removable devices that specified
nosuid, a local attacker could exploit this flaw to execute arbitrary
programs with root privileges by calling "umount -r" on a removable
device.

The updated packages have been patched to ensure that "-r" can only
be called by the root user.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?nameƊN-2005-2876
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
e28c42b0a18bf906ea339ffeb02d3320 10.0/RPMS/losetup-2.12-2.1.100mdk.i586.rpm
6dd9d97f688ab7b872dba55b9c427935 10.0/RPMS/mount-2.12-2.1.100mdk.i586.rpm
b23bbbec6f75fbe1f2137f1335f782f9 10.0/RPMS/util-linux-2.12-2.1.100mdk.i586.rpm
0c84336fe4e647fe4b35686e6e938a8f 10.0/SRPMS/util-linux-2.12-2.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
1c972124af9eba5acc9691931e5629c8 amd64/10.0/RPMS/losetup-2.12-2.1.100mdk.amd64.rpm
2a0367d603f4c8e893e7f0ec158132e5 amd64/10.0/RPMS/mount-2.12-2.1.100mdk.amd64.rpm
4fe57def6145640a886feb35deb77a6d amd64/10.0/RPMS/util-linux-2.12-2.1.100mdk.amd64.rpm
0c84336fe4e647fe4b35686e6e938a8f amd64/10.0/SRPMS/util-linux-2.12-2.1.100mdk.src.rpm

Mandrakelinux 10.1:
658b5ee36c137e2533397ac71aa86e0e 10.1/RPMS/losetup-2.12a-5.1.101mdk.i586.rpm
b15ae4dbd367fcd46e38d418bb3d1a86 10.1/RPMS/mount-2.12a-5.1.101mdk.i586.rpm
701b35a4588f4ce5879b651724f72a1d 10.1/RPMS/util-linux-2.12a-5.1.101mdk.i586.rpm
f1bbf1462e0f0987ce110388bd2e8d48 10.1/SRPMS/util-linux-2.12a-5.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
fbd4672670283fd495a652d0338467d4 x86_64/10.1/RPMS/losetup-2.12a-5.1.101mdk.x86_64.rpm
b1773a98c38538db35e2c4fd8aa5e100 x86_64/10.1/RPMS/mount-2.12a-5.1.101mdk.x86_64.rpm
8a4e15cdaaa7efe10c7830a9cda27523 x86_64/10.1/RPMS/util-linux-2.12a-5.1.101mdk.x86_64.rpm
f1bbf1462e0f0987ce110388bd2e8d48 x86_64/10.1/SRPMS/util-linux-2.12a-5.1.101mdk.src.rpm

Mandrakelinux 10.2:
8314ea4ec99e8e603fb2da6941aae1d9 10.2/RPMS/losetup-2.12a-12.1.102mdk.i586.rpm
2a8a83e0e36295db943fc51a4aee863f 10.2/RPMS/mount-2.12a-12.1.102mdk.i586.rpm
01a4abab8ec329a29cf2310d8ee006d9 10.2/RPMS/util-linux-2.12a-12.1.102mdk.i586.rpm
2bedcdeed443ed6438f290dff54038b5 10.2/SRPMS/util-linux-2.12a-12.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
73e23481f84309a90b99394468885e20 x86_64/10.2/RPMS/losetup-2.12a-12.1.102mdk.x86_64.rpm
8dc01cc71d8b32fbba41d1936c861534 x86_64/10.2/RPMS/mount-2.12a-12.1.102mdk.x86_64.rpm
441ce68e9e3b07c807bb5486adde1903 x86_64/10.2/RPMS/util-linux-2.12a-12.1.102mdk.x86_64.rpm
2bedcdeed443ed6438f290dff54038b5 x86_64/10.2/SRPMS/util-linux-2.12a-12.1.102mdk.src.rpm

Multi Network Firewall 2.0:
765b0e93637cce9d5b623a81bdc81e6e mnf/2.0/RPMS/losetup-2.12-2.1.M20mdk.i586.rpm
782d8a37c484ab76ae766dddcce2173e mnf/2.0/RPMS/mount-2.12-2.1.M20mdk.i586.rpm
d6f35d4ccdb1cb9dcd21218ca5d6da72 mnf/2.0/RPMS/util-linux-2.12-2.1.M20mdk.i586.rpm
360a0c2f0e8d383b09a7eb44d1e654a2 mnf/2.0/SRPMS/util-linux-2.12-2.1.M20mdk.src.rpm

Corporate Server 2.1:
d560b7038ca8ae848b24414858fac1ef corporate/2.1/RPMS/losetup-2.11u-5.1.C21mdk.i586.rpm
81bf701d8b8129c0809c37205d4fbad0 corporate/2.1/RPMS/mount-2.11u-5.1.C21mdk.i586.rpm
321463758b000a1e7348111f7bea2959 corporate/2.1/RPMS/util-linux-2.11u-5.1.C21mdk.i586.rpm
b1d2f438863cd5c807548ec4209b0179 corporate/2.1/SRPMS/util-linux-2.11u-5.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
141b7b38947d1fd2ef4088ba20e093f1 x86_64/corporate/2.1/RPMS/losetup-2.11u-5.1.C21mdk.x86_64.rpm
ddb3ee3ebe56b399ff881806f9cd8832 x86_64/corporate/2.1/RPMS/mount-2.11u-5.1.C21mdk.x86_64.rpm
a61050516b99231bca46507fa94aa5e8 x86_64/corporate/2.1/RPMS/util-linux-2.11u-5.1.C21mdk.x86_64.rpm
b1d2f438863cd5c807548ec4209b0179 x86_64/corporate/2.1/SRPMS/util-linux-2.11u-5.1.C21mdk.src.rpm

Corporate 3.0:
bbcce593f1b51833383997590a13b834 corporate/3.0/RPMS/losetup-2.12-2.1.C30mdk.i586.rpm
bb38ae724541d9c73ac64d382d4839e8 corporate/3.0/RPMS/mount-2.12-2.1.C30mdk.i586.rpm
55420d5f1fa9c7cc7f6e42f61c0428fc corporate/3.0/RPMS/util-linux-2.12-2.1.C30mdk.i586.rpm
28f6b881c65662695c84ac100ea9d012 corporate/3.0/SRPMS/util-linux-2.12-2.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
3d96c512a6eaf548bef73c7fc3db5012 x86_64/corporate/3.0/RPMS/losetup-2.12-2.1.C30mdk.x86_64.rpm
21d37d4ebb7943cf412a3bb423808fc5 x86_64/corporate/3.0/RPMS/mount-2.12-2.1.C30mdk.x86_64.rpm
75fa21eea372a790a6f1c3a8a120cb7e x86_64/corporate/3.0/RPMS/util-linux-2.12-2.1.C30mdk.x86_64.rpm
28f6b881c65662695c84ac100ea9d012 x86_64/corporate/3.0/SRPMS/util-linux-2.12-2.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDMMknmqjQ0CJFipgRApl5AJ0V55xXLK1r3ouZPPIUb8A60mkI7wCgtSbn
J05gUpwFuw1ODdAHxOyfYo4=
=smMW
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/_mdksa_2005167__updated_util_linux_packages__fix_umount_vulnerability.html)