Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Slackware: 2005-255-02 Critical: Util-Linux Umount Escalation

slackware
Calendar Grey September 13, 2005
Dist Slackware Esm H88
Updated util-linux distributions address umount security vulnerabilities in Slackware environments. Safeguard your system integrity now!
New util-linux packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue with umount

Summary

Here are the details from the Slackware 10.1 ChangeLog: patches/packages/util-linux-2.12p-i486-2.tgz: Patched an issue with umount where if the umount failed when the '-r' option was used, the filesystem would be remounted read-only but without any extra flags specified in /etc/fstab. This could allow an ordinary user able to mount a floppy or CD (but with nosuid, noexec, nodev, etc in /etc/fstab) to run a setuid binary from removable media and gain root privileges. Reported to BugTraq by David Watson: (* Security fix *)

Topics%20covered

Topics Covered

security advisory critical privilege escalation slackware umount

Where Find New Packages

Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/util-linux-2.11r-i386-3.tgz
Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/util-linux-2.11z-i386-2.tgz
Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/util-linux-2.12-i486-2.tgz
Updated package for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/util-linux-2.12a-i486-2.tgz
Updated package for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/util-linux-2.12p-i486-2.tgz
Updated package for Slackware -current:

MD5 Signatures

Slackware 8.1 package: 3b3025faf0a40428f2861fa2967c13d3 util-linux-2.11r-i386-3.tgz
Slackware 9.0 package: 41b08961548899ca10fa93d16a7ab516 util-linux-2.11z-i386-2.tgz
Slackware 9.1 package: 4890b834bac6d7490c1daf5bc7bbff55 util-linux-2.12-i486-2.tgz
Slackware 10.0 package: 3e628cf4d6db843a1dd63e2fa7f3aba1 util-linux-2.12a-i486-2.tgz
Slackware 10.1 package: 01722ab0146969c6cde9f99698864606 util-linux-2.12p-i486-2.tgz
Slackware -current package: 21e318a9f04dc6588916945713312bf3 util-linux-2.12p-i486-2.tgz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory critical privilege escalation slackware umount

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg util-linux-2.12p-i486-2.tgz

Related News

Your message here