ID CVE-2005-2876
Summary umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.
References
Vulnerable Configurations
  • cpe:2.3:a:andries_brouwer:util-linux:2.8.1_alpha:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.8.1_alpha:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.8_12:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.8_12:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.9i:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.9i:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.9w:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.9w:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.10f:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.10f:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.10m:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.10m:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.10p:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.10p:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.11f:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.11f:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.11n:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.11n:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.11q:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.11q:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.11r:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.11r:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.11w:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.11w:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.11x:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.11x:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.11y:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.11y:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.11z:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.11z:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.12a:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.12a:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.12b:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.12b:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.12i:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.12i:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.12j:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.12j:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.12k:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.12k:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.12o:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.12o:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.12p:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.12p:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.12q:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.12q:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.13_pre1:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.13_pre1:*:*:*:*:*:*:*
  • cpe:2.3:a:andries_brouwer:util-linux:2.13_pre2:*:*:*:*:*:*:*
    cpe:2.3:a:andries_brouwer:util-linux:2.13_pre2:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 19-10-2018 - 15:34)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:09:58.563-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.
family unix
id oval:org.mitre.oval:def:10921
status accepted
submitted 2010-07-09T03:56:16-04:00
title umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.
version 29
redhat via4
rpms
  • losetup-0:2.11y-31.11
  • mount-0:2.11y-31.11
  • util-linux-0:2.11y-31.11
  • util-linux-0:2.12a-16.EL4.12
  • util-linux-debuginfo-0:2.11y-31.11
  • util-linux-debuginfo-0:2.12a-16.EL4.12
refmap via4
bid 14816
bugtraq 20050912 util-linux: unintentional grant of privileges by umount
debian
  • DSA-823
  • DSA-825
fedora FLSA:168326
misc http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm
osvdb 19369
secunia
  • 16785
  • 16988
  • 17004
  • 17027
  • 17133
  • 17154
  • 18502
sunalert 101960
suse SUSE-SR:2005:021
trustix 2005-0049
ubuntu USN-184
xf utillinux-umount-gain-privileges(22241)
Last major update 19-10-2018 - 15:34
Published 13-09-2005 - 23:03
Last modified 19-10-2018 - 15:34
Back to Top