Debian Security Advisory DSA 823-1 - David Watson discovered a bug in mount as provided by util-linux and other packages such as loop-aes-utils that allows local users to bypass filesystem access restrictions by re-mounting it read-only.
502bf8657d468c1a423a4f4d8abf0a5eb670db058194462e6a9f8aff8500b3f1Debian Security Advisory DSA 823-1 - David Watson discovered a bug in mount as provided by util-linux and other packages such as loop-aes-utils that allows local users to bypass filesystem access restrictions by re-mounting it read-only.
4c2adb50c18ff212a796b1305534c68e1462dc347c05728ebb614af1caf57555Gentoo Linux Security Advisory GLSA 200509-15 - When a regular user mounts a filesystem, they are subject to restrictions in the /etc/fstab configuration file. David Watson discovered that when unmounting a filesystem with the '-r' option, the read-only bit is set, while other bits, such as nosuid or nodev, are not set, even if they were previously. Versions less than 2.12q-r3 are affected.
599af4ee109fad03088d2205bdbf9e7a5323cb7c6e509d7915913daa0b148e2bUbuntu Security Notice USN-184-1 - David Watson discovered that umount -r removed some restrictive mount options like the nosuid flag. If /etc/fstab contains user-mountable removable devices which specify the nosuid flag (which is common practice for such devices), a local attacker could exploit this to execute arbitrary programs with root privileges by calling umount -r on a removable device.
be93a78c66efc846eede8be1dc0eb294490e16bd4d9e11002699104671b0e5b1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed