Submit a story to LinuxSecurity!

Thanks very much for your interest in sharing your story with us. Our site is driven by users like you.

Post anonymously

Please also feel free to using our GPG key (found on our About page) or email us at This email address is being protected from spambots. You need JavaScript enabled to view it.

 

    Back

    Ubuntu 985-1: mountall vulnerability

    Date08 Sep 2010
    CategoryUbuntu
    70
    Posted ByLinuxSecurity Advisories
    Alasdair MacGregor discovered that mountall created a udev rule filewith world-writable permissions. A local attacker could exploit thisunder certain conditions to cause udev to execute arbitrary commands asthe root user. [More...] 
    ===========================================================
Ubuntu Security Notice USN-985-1         September 08, 2010
mountall vulnerability
CVE-2010-2961
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  mountall                        2.15.2

In general, a standard system update will make all the necessary changes.

Details follow:

Alasdair MacGregor discovered that mountall created a udev rule file
with world-writable permissions. A local attacker could exploit this
under certain conditions to cause udev to execute arbitrary commands as
the root user.


Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mountall/mountall_2.15.2.dsc
      Size/MD5:      972 92e488f0e51ab3c20ddf537fdc92fd24
    http://security.ubuntu.com/ubuntu/pool/main/m/mountall/mountall_2.15.2.tar.gz
      Size/MD5:   564582 036e6a108a9bc0c2155a7226ad5437c3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/m/mountall/mountall_2.15.2_amd64.deb
      Size/MD5:    56016 76dc051afb8a20077f0c0b709369d6c0

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/m/mountall/mountall_2.15.2_i386.deb
      Size/MD5:    52384 42ebb3fa3f81ed1a08270d48a8f6b367

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/m/mountall/mountall_2.15.2_powerpc.deb
      Size/MD5:    55780 cf51c1268b9b188150f9d2131882d8bb

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/m/mountall/mountall_2.15.2_sparc.deb
      Size/MD5:    56758 276c85acaf4feaa54c53615f0a572b8b

    Subscribe to Newsletter

    Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox

    Related News

    OpenBSD devs patch authentication bypass bug
    OpenBSD devs patch authentication bypass bug
    New Linux Bug Lets Attackers Hijack Encrypted VPN Connections
    New Linux Bug Lets Attackers Hijack Encrypted VPN Connections
    Canonical Patches Intel Microcode Regression on Ubuntu PCs with Skylake CPUs
    Canonical Patches Intel Microcode Regression on Ubuntu PCs with Skylake CPUs
    Red Hat Enterprise Linux 7 and CentOS 7 Receive Important Kernel Security Update
    Red Hat Enterprise Linux 7 and CentOS 7 Receive Important Kernel Security Update
    You are not authorised to post comments.

    Comments powered by CComment

    Advisories

    Debian: DSA-4579-1: nss security update
    Date06 Dec 2019 @ 11:54
    Mageia 2019-0372: graphicsmagick security update
    Date06 Dec 2019 @ 05:16
    Mageia 2019-0371: sysstat security update
    Date06 Dec 2019 @ 05:16
    Mageia 2019-0370: python-psutil security update
    Date06 Dec 2019 @ 05:16

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

    Learn More