Note: This is an archival copy of Security Sun Alert 200522 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000399.1.
Article ID : 1000399.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2005-10-09
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability Involving the umount(8) Utility



Category
Security

Release Phase
Resolved

Product
Sun Java Desktop System Release 2

Bug Id
6331438

Date of Resolved Release
10-OCT-2005

Impact

The remount option (-r) of umount(8) may allow a local unprivileged user who has privileges to unmount a filesystem the ability to gain additional privileges, such as removing the "nosuid" flag from a filesystem.

This issue is described in the following document:


Contributing Factors

This issue can occur in the following releases:

Linux Platform

  • Sun Java Desktop System (JDS) Release 2 without the updated RPMs (patch-10488)

Notes:

  1. Sun Java Desktop System (JDS) release 2003 is no longer under entitlement.
  2. The described issue only occurs with util-linux versions util-linux-2.11u-134 or earlier.

To determine if unprivileged local users have privileges to umount(8) a filesystem, check the "/etc/fstab" (see fstab(5)) file for the presence of the "user" mount option. For example:

    $ grep user /etc/fstab
    /dev/fd0  	/media/floppy  auto  rw,noauto,user,sync  0 0

To determine the release of JDS for Linux installed on a system, the following command can be used:

    % cat /etc/sun-release
 Sun Java Desktop System, Release 2 -build 10b (GA)
 Assembled 30 March 2004

To determine the version of util-linux, the following command can be used:

    % rpm -qf  /bin/umount
 util-linux-2.11u-135

Symptoms

There are no predictable symptoms that would indicate the described issue has been exploited.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

Linux

  • Sun Java Desktop System (JDS) Release 2 with the updated RPMs (patch-10488)

To download and install the updated RPMs from the update servers select the following from the menu:

    Launch >> Applications >> System Tools >> Online Update

For more information on obtaining updates see:














Attachments
This solution has no attachment