Vulnerabilities > CVE-2005-2876 - Unspecified vulnerability in Andries Brouwer Util-Linux
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.
Vulnerable Configurations
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-167.NASL description David Watson disovered that the umount utility, when using the last seen 2020-06-01 modified 2020-06-02 plugin id 19922 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19922 title Mandrake Linux Security Advisory : util-linux (MDKSA-2005:167) NASL family Fedora Local Security Checks NASL id FEDORA_2005-887.NASL description - Wed Sep 14 2005 Karel Zak <kzak at redhat.com> 2.12p-9.11 - fix #168207 - CVE-2005-2876 umount unsafe -r usage Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19738 published 2005-09-17 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19738 title Fedora Core 4 : util-linux-2.12p-9.11 (2005-887) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-782.NASL description Updated util-linux and mount packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. The mount package contains the mount, umount, swapon and swapoff programs. A bug was found in the way the umount command is executed by normal users. It may be possible for a user to gain elevated privileges if the user is able to execute the last seen 2020-06-01 modified 2020-06-02 plugin id 20048 published 2005-10-19 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20048 title RHEL 2.1 / 3 / 4 : util-linux and mount (RHSA-2005:782) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-825.NASL description David Watson discovered a bug in mount as provided by util-linux and other packages such as loop-aes-utils that allows local users to bypass filesystem access restrictions by re-mounting it read-only. last seen 2020-06-01 modified 2020-06-02 plugin id 19794 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19794 title Debian DSA-825-1 : loop-aes-utils - privilege escalation NASL family Debian Local Security Checks NASL id DEBIAN_DSA-823.NASL description David Watson discovered a bug in mount as provided by util-linux and other packages such as loop-aes-utils that allows local users to bypass filesystem access restrictions by re-mounting it read-only. last seen 2020-06-01 modified 2020-06-02 plugin id 19792 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19792 title Debian DSA-823-1 : util-linux - privilege escalation NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200509-15.NASL description The remote host is affected by the vulnerability described in GLSA-200509-15 (util-linux: umount command validation error) When a regular user mounts a filesystem, they are subject to restrictions in the /etc/fstab configuration file. David Watson discovered that when unmounting a filesystem with the last seen 2020-06-01 modified 2020-06-02 plugin id 19814 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19814 title GLSA-200509-15 : util-linux: umount command validation error NASL family Fedora Local Security Checks NASL id FEDORA_2005-886.NASL description - Wed Sep 14 2005 Karel Zak <kzak at redhat.com> 2.12a-24.5 - fix #168207 - CVE-2005-2876 umount unsafe -r usage Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19737 published 2005-09-17 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19737 title Fedora Core 3 : util-linux-2.12a-24.5 (2005-886) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-184-1.NASL description David Watson discovered that last seen 2020-06-01 modified 2020-06-02 plugin id 20595 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20595 title Ubuntu 4.10 / 5.04 : util-linux vulnerability (USN-184-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-782.NASL description Updated util-linux and mount packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. The mount package contains the mount, umount, swapon and swapoff programs. A bug was found in the way the umount command is executed by normal users. It may be possible for a user to gain elevated privileges if the user is able to execute the last seen 2020-06-01 modified 2020-06-02 plugin id 21858 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21858 title CentOS 3 / 4 : util-linux / mount (CESA-2005:782)
Oval
| accepted | 2013-04-29T04:09:58.563-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:10921 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags. | ||||||||||||||||||||
| version | 26 |
Redhat
| rpms |
|
References
- http://marc.info/?l=bugtraq&m=112656096125857&w=2
- http://marc.info/?l=bugtraq&m=112690609622266&w=2
- http://secunia.com/advisories/16785
- http://secunia.com/advisories/16988
- http://secunia.com/advisories/17004
- http://secunia.com/advisories/17027
- http://secunia.com/advisories/17133
- http://secunia.com/advisories/17154
- http://secunia.com/advisories/18502
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1
- http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm
- http://www.debian.org/security/2005/dsa-823
- http://www.debian.org/security/2005/dsa-825
- http://www.novell.com/linux/security/advisories/2005_21_sr.html
- http://www.osvdb.org/19369
- http://www.securityfocus.com/archive/1/419774/100/0/threaded
- http://www.securityfocus.com/bid/14816
- http://www.ubuntu.com/usn/usn-184-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22241
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10921