Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2005:167 (util-linux)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.55389

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2005:167 (util-linux)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to util-linux
announced via advisory MDKSA-2005:167.

David Watson disovered that the umount utility, when using the -r
cpmmand, could remove some restrictive mount options such as nosuid.
IF /etc/fstab contained user-mountable removable devices that specified
nosuid, a local attacker could exploit this flaw to execute arbitrary
programs with root privileges by calling umount -r on a removable
device.

The updated packages have been patched to ensure that -r can only
be called by the root user.

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1,

Multi Network Firewall 2.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:167

Risk factor : High

CVSS Score:
7.2

Referencia Cruzada: BugTraq ID: 14816
Common Vulnerability Exposure (CVE) ID: CVE-2005-2876
101960
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1
14816
http://www.securityfocus.com/bid/14816
16785
http://secunia.com/advisories/16785
16988
http://secunia.com/advisories/16988
17004
http://secunia.com/advisories/17004
17027
http://secunia.com/advisories/17027
17133
http://secunia.com/advisories/17133
17154
http://secunia.com/advisories/17154
18502
http://secunia.com/advisories/18502
19369
http://www.osvdb.org/19369
2005-0049
http://marc.info/?l=bugtraq&m=112690609622266&w=2
20050912 util-linux: unintentional grant of privileges by umount
http://marc.info/?l=bugtraq&m=112656096125857&w=2
DSA-823
http://www.debian.org/security/2005/dsa-823
DSA-825
http://www.debian.org/security/2005/dsa-825
FLSA:168326
http://www.securityfocus.com/archive/1/419774/100/0/threaded
SUSE-SR:2005:021
http://www.novell.com/linux/security/advisories/2005_21_sr.html
USN-184
http://www.ubuntu.com/usn/usn-184-1
http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm
oval:org.mitre.oval:def:10921
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10921
utillinux-umount-gain-privileges(22241)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22241

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.55389
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:167 (util-linux)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to util-linux announced via advisory MDKSA-2005:167. David Watson disovered that the umount utility, when using the -r cpmmand, could remove some restrictive mount options such as nosuid. IF /etc/fstab contained user-mountable removable devices that specified nosuid, a local attacker could exploit this flaw to execute arbitrary programs with root privileges by calling umount -r on a removable device. The updated packages have been patched to ensure that -r can only be called by the root user. Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:167 Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	BugTraq ID: 14816 Common Vulnerability Exposure (CVE) ID: CVE-2005-2876 101960 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1 14816 http://www.securityfocus.com/bid/14816 16785 http://secunia.com/advisories/16785 16988 http://secunia.com/advisories/16988 17004 http://secunia.com/advisories/17004 17027 http://secunia.com/advisories/17027 17133 http://secunia.com/advisories/17133 17154 http://secunia.com/advisories/17154 18502 http://secunia.com/advisories/18502 19369 http://www.osvdb.org/19369 2005-0049 http://marc.info/?l=bugtraq&m=112690609622266&w=2 20050912 util-linux: unintentional grant of privileges by umount http://marc.info/?l=bugtraq&m=112656096125857&w=2 DSA-823 http://www.debian.org/security/2005/dsa-823 DSA-825 http://www.debian.org/security/2005/dsa-825 FLSA:168326 http://www.securityfocus.com/archive/1/419774/100/0/threaded SUSE-SR:2005:021 http://www.novell.com/linux/security/advisories/2005_21_sr.html USN-184 http://www.ubuntu.com/usn/usn-184-1 http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm oval:org.mitre.oval:def:10921 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10921 utillinux-umount-gain-privileges(22241) https://exchange.xforce.ibmcloud.com/vulnerabilities/22241
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com