Submit a story to LinuxSecurity!

Thanks very much for your interest in sharing your story with us. Our site is driven by users like you.

Post anonymously

Please also feel free to using our GPG key (found on our About page) or email us at This email address is being protected from spambots. You need JavaScript enabled to view it.

 

    Back

    Ubuntu 985-1: mountall vulnerability

    Date08 Sep 2010
    CategoryUbuntu
    57
    Posted ByLinuxSecurity Advisories
    Alasdair MacGregor discovered that mountall created a udev rule filewith world-writable permissions. A local attacker could exploit thisunder certain conditions to cause udev to execute arbitrary commands asthe root user. [More...] 
    ===========================================================
Ubuntu Security Notice USN-985-1         September 08, 2010
mountall vulnerability
CVE-2010-2961
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  mountall                        2.15.2

In general, a standard system update will make all the necessary changes.

Details follow:

Alasdair MacGregor discovered that mountall created a udev rule file
with world-writable permissions. A local attacker could exploit this
under certain conditions to cause udev to execute arbitrary commands as
the root user.


Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mountall/mountall_2.15.2.dsc
      Size/MD5:      972 92e488f0e51ab3c20ddf537fdc92fd24
    http://security.ubuntu.com/ubuntu/pool/main/m/mountall/mountall_2.15.2.tar.gz
      Size/MD5:   564582 036e6a108a9bc0c2155a7226ad5437c3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/m/mountall/mountall_2.15.2_amd64.deb
      Size/MD5:    56016 76dc051afb8a20077f0c0b709369d6c0

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/m/mountall/mountall_2.15.2_i386.deb
      Size/MD5:    52384 42ebb3fa3f81ed1a08270d48a8f6b367

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/m/mountall/mountall_2.15.2_powerpc.deb
      Size/MD5:    55780 cf51c1268b9b188150f9d2131882d8bb

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/m/mountall/mountall_2.15.2_sparc.deb
      Size/MD5:    56758 276c85acaf4feaa54c53615f0a572b8b

    Related News

    Massachusetts: Tell Your Lawmakers to Press Pause on Government Face Surveillance
    Massachusetts: Tell Your Lawmakers to Press Pause on Government Face Surveillance
    New US Privacy Bill Would Intro Jail Time for CEOs
    New US Privacy Bill Would Intro Jail Time for CEOs
    Secret Court Rules That the FBI’s “Backdoor Searches” of Americans Violated the Fourth Amendment
    Secret Court Rules That the FBI’s “Backdoor Searches” of Americans Violated the Fourth Amendment
    Germany's cyber-security agency recommends Firefox as most secure browser
    Germany's cyber-security agency recommends Firefox as most secure browser
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.11,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    Debian LTS: DLA-1963-2: poppler regression update
    Date18 Oct 2019 @ 09:44
    SciLinux: SLSA-2019-3055-1 Important: kernel on SL7.x x86_64
    Date18 Oct 2019 @ 04:44
    Debian LTS: DLA-1963-1: poppler security update
    Date18 Oct 2019 @ 00:17
    RedHat: RHSA-2019-3144:01 Important: OpenShift Container Platform 3.11
    Date17 Oct 2019 @ 17:36

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

    Learn More