A bug was found in the way the umount command is executed by normal users.
It may be possible for a user to gain elevated privileges if the user is able to execute the "umount -r" command on a mounted file system. The file system will be re-mounted only with the "readonly" flag set,
clearing flags such as "nosuid" and "noexec".
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2876 to this issue.
All users of util-linux and mount should upgrade to these updated packages, which contain a backported
patch to correct this issue.
--------------------------------------------------------------------------
Red Hat Linux 7.3:
SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/util-linux-2.11n-12.7.3.2.legacy.src.rpm
i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/mount-2.11n-12.7.3.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/util-linux-2.11n-12.7.3.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/losetup-2.11n-12.7.3.2.legacy.i386.rpm
Red Hat Linux 9: SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/util-linux-2.11y-9.2.legacy.src.rpm i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/mount-2.11y-9.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/util-linux-2.11y-9.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/losetup-2.11y-9.2.legacy.i386.rpm
Fedora Core 1: SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/util-linux-2.11y-29.2.legacy.src.rpm i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/mount-2.11y-29.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/util-linux-2.11y-29.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/losetup-2.11y-29.2.legacy.i386.rpm
Fedora Core 2: SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/util-linux-2.12-19.1.legacy.src.rpm i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/util-linux-2.12-19.1.legacy.i386.rpm
관련 링크: http://www.fedoralegacy.org/
It may be possible for a user to gain elevated privileges if the user is able to execute the "umount -r" command on a mounted file system. The file system will be re-mounted only with the "readonly" flag set,
clearing flags such as "nosuid" and "noexec".
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2876 to this issue.
All users of util-linux and mount should upgrade to these updated packages, which contain a backported
patch to correct this issue.
--------------------------------------------------------------------------
Red Hat Linux 7.3:
SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/util-linux-2.11n-12.7.3.2.legacy.src.rpm
i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/mount-2.11n-12.7.3.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/util-linux-2.11n-12.7.3.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/losetup-2.11n-12.7.3.2.legacy.i386.rpm
Red Hat Linux 9: SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/util-linux-2.11y-9.2.legacy.src.rpm i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/mount-2.11y-9.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/util-linux-2.11y-9.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/losetup-2.11y-9.2.legacy.i386.rpm
Fedora Core 1: SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/util-linux-2.11y-29.2.legacy.src.rpm i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/mount-2.11y-29.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/util-linux-2.11y-29.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/losetup-2.11y-29.2.legacy.i386.rpm
Fedora Core 2: SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/util-linux-2.12-19.1.legacy.src.rpm i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/util-linux-2.12-19.1.legacy.i386.rpm
관련 링크: http://www.fedoralegacy.org/
'Security' 카테고리의 다른 글
| Sendmail MIME DoS vulnerability (0) | 2006.06.30 |
|---|---|
| PHP phpinfo() Array Validation Bug (0) | 2006.04.21 |
| php security update (1) | 2005.07.13 |
| sharutils security issues (0) | 2005.05.21 |
| zip & unarj security issue, (0) | 2005.02.03 |