Note: This is an archival copy of Security Sun Alert 200522 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000399.1.
Article ID : 1000399.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2005-10-09
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability Involving the umount(8) Utility


Release Phase

Sun Java Desktop System Release 2

Bug Id

Date of Resolved Release


The remount option (-r) of umount(8) may allow a local unprivileged user who has privileges to unmount a filesystem the ability to gain additional privileges, such as removing the "nosuid" flag from a filesystem.

This issue is described in the following document:

Contributing Factors

This issue can occur in the following releases:

Linux Platform

  • Sun Java Desktop System (JDS) Release 2 without the updated RPMs (patch-10488)


  1. Sun Java Desktop System (JDS) release 2003 is no longer under entitlement.
  2. The described issue only occurs with util-linux versions util-linux-2.11u-134 or earlier.

To determine if unprivileged local users have privileges to umount(8) a filesystem, check the "/etc/fstab" (see fstab(5)) file for the presence of the "user" mount option. For example:

    $ grep user /etc/fstab
    /dev/fd0  	/media/floppy  auto  rw,noauto,user,sync  0 0

To determine the release of JDS for Linux installed on a system, the following command can be used:

    % cat /etc/sun-release
 Sun Java Desktop System, Release 2 -build 10b (GA)
 Assembled 30 March 2004

To determine the version of util-linux, the following command can be used:

    % rpm -qf  /bin/umount


There are no predictable symptoms that would indicate the described issue has been exploited.


There is no workaround. Please see the "Resolution" section below.


This issue is addressed in the following releases:


  • Sun Java Desktop System (JDS) Release 2 with the updated RPMs (patch-10488)

To download and install the updated RPMs from the update servers select the following from the menu:

    Launch >> Applications >> System Tools >> Online Update

For more information on obtaining updates see:

This solution has no attachment