Ubuntu 985-1: mountall vulnerability

    Date08 Sep 2010
    CategoryUbuntu
    57
    Posted ByLinuxSecurity Advisories
    Alasdair MacGregor discovered that mountall created a udev rule filewith world-writable permissions. A local attacker could exploit thisunder certain conditions to cause udev to execute arbitrary commands asthe root user. [More...]
    ===========================================================
    Ubuntu Security Notice USN-985-1         September 08, 2010
    mountall vulnerability
    CVE-2010-2961
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 10.04 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 10.04 LTS:
      mountall                        2.15.2
    
    In general, a standard system update will make all the necessary changes.
    
    Details follow:
    
    Alasdair MacGregor discovered that mountall created a udev rule file
    with world-writable permissions. A local attacker could exploit this
    under certain conditions to cause udev to execute arbitrary commands as
    the root user.
    
    
    Updated packages for Ubuntu 10.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/m/mountall/mountall_2.15.2.dsc
          Size/MD5:      972 92e488f0e51ab3c20ddf537fdc92fd24
        http://security.ubuntu.com/ubuntu/pool/main/m/mountall/mountall_2.15.2.tar.gz
          Size/MD5:   564582 036e6a108a9bc0c2155a7226ad5437c3
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/m/mountall/mountall_2.15.2_amd64.deb
          Size/MD5:    56016 76dc051afb8a20077f0c0b709369d6c0
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/m/mountall/mountall_2.15.2_i386.deb
          Size/MD5:    52384 42ebb3fa3f81ed1a08270d48a8f6b367
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/m/mountall/mountall_2.15.2_powerpc.deb
          Size/MD5:    55780 cf51c1268b9b188150f9d2131882d8bb
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/m/mountall/mountall_2.15.2_sparc.deb
          Size/MD5:    56758 276c85acaf4feaa54c53615f0a572b8b
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.11,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.