|
Note: This is an archival copy of Security Sun Alert 200522 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000399.1. |
Category Security Release Phase Resolved Sun Java Desktop System Release 2 Bug Id 6331438 Date of Resolved Release 10-OCT-2005 Impact The remount option (-r) of umount(8) may allow a local unprivileged user who has privileges to unmount a filesystem the ability to gain additional privileges, such as removing the "nosuid" flag from a filesystem. This issue is described in the following document: Contributing Factors This issue can occur in the following releases: Linux Platform
Notes:
To determine if unprivileged local users have privileges to umount(8) a filesystem, check the "/etc/fstab" (see fstab(5)) file for the presence of the "user" mount option. For example: $ grep user /etc/fstab /dev/fd0 /media/floppy auto rw,noauto,user,sync 0 0 To determine the release of JDS for Linux installed on a system, the following command can be used: % cat /etc/sun-release Sun Java Desktop System, Release 2 -build 10b (GA) Assembled 30 March 2004 To determine the version of util-linux, the following command can be used: % rpm -qf /bin/umount util-linux-2.11u-135 Symptoms There are no predictable symptoms that would indicate the described issue has been exploited. Workaround There is no workaround. Please see the "Resolution" section below. Resolution This issue is addressed in the following releases: Linux
To download and install the updated RPMs from the update servers select the following from the menu: Launch >> Applications >> System Tools >> Online Update For more information on obtaining updates see:
Attachments This solution has no attachment | |||||||||||||||
|
|