Bug#328626: marked as done (mount: umount -r drops nosuid flag (CAN-2005-2876))

Fri, 16 Sep 2005 07:54:37 -0700 

Your message dated Fri, 16 Sep 2005 07:17:40 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#328626: fixed in loop-aes-utils 2.12p-9
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 13 Sep 2005 20:22:13 +0000
>From [EMAIL PROTECTED] Tue Sep 13 13:22:13 2005
Return-path: <[EMAIL PROTECTED]>
Received: from talus.maths.usyd.edu.au [129.78.68.1] 
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1EFHIC-0007CC-00; Tue, 13 Sep 2005 13:22:13 -0700
Received: from [EMAIL PROTECTED] by talus.maths.usyd.edu.au (8.12.3/8.1)
        id j8DKM0CD002464 for [EMAIL PROTECTED]; Wed, 14 Sep 2005 06:22:00 +1000
Received: from pisa.maths.usyd.edu.au ([EMAIL PROTECTED]) [129.78.69.136]
        by siv.maths.usyd.edu.au via smtpdoor V18.6
        id 2463 for [EMAIL PROTECTED]; Wed, 14 Sep 2005 06:22:00 +1000
Message-Id: <[EMAIL PROTECTED]>
Received: from [EMAIL PROTECTED] by pisa.maths.usyd.edu.au (8.12.3/8.2/Submit)
        id j8DKM03Q019153; Wed, 14 Sep 2005 06:22:00 +1000
From: Paul Szabo <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: mount: umount -r drops nosuid flag
X-Mailer: reportbug 1.50
Date: Wed, 14 Sep 2005 06:22:00 +1000
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-7.3 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        MSGID_FROM_MTA_HEADER autolearn=no 
        version=2.60-bugs.debian.org_2005_01_02

Package: mount
Version: 2.11n-7
Severity: critical
File: /bin/umount
Tags: security
Justification: root security hole


Please see

  http://www.securityfocus.com/archive/1/410333

for details. Verified (that noexec flag is gone) as follows:

psz:~$ id
uid=1001(psz) gid=1001(amstaff) groups=1001(amstaff),24(cdrom),25(floppy)
psz:~$ grep cdrom /etc/fstab
/dev/cdrom      /cdrom          iso9660 ro,user,noauto          0       0
psz:~$ /bin/mount /cdrom
psz:~$ /bin/mount | grep cdrom
/dev/cdrom on /cdrom type iso9660 (ro,noexec,nosuid,nodev,user=psz)
psz:~$ /cdrom/ML3/ML_30_013_Linuxi.bin
bash: /cdrom/ML3/ML_30_013_Linuxi.bin: /bin/sh: bad interpreter: Permission 
denied
psz:~$ cd /cdrom
psz:/cdrom$ /bin/umount -r /cdrom
umount: /dev/cdrom busy - remounted read-only
psz:/cdrom$ cd
psz:~$ /bin/mount | grep cdrom
/dev/cdrom on /cdrom type iso9660 (ro)
psz:~$ /cdrom/ML3/ML_30_013_Linuxi.bin
Unpacking to /tmp/ML.tar...
[ctrl-C]
psz:~$ /bin/umount -r /cdrom
psz:~$ 


-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux pisa.maths.usyd.edu.au 2.4.27-smssvr1.6 #1 SMP Wed Aug 24 
12:16:31 EST 2005 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages mount depends on:
ii  libc6                         2.2.5-11.8 GNU C Library: Shared libraries an


---------------------------------------
Received: (at 328626-close) by bugs.debian.org; 16 Sep 2005 14:27:51 +0000
>From [EMAIL PROTECTED] Fri Sep 16 07:27:51 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
        id 1EGH24-0004R9-00; Fri, 16 Sep 2005 07:17:40 -0700
From: Max Vozeler <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#328626: fixed in loop-aes-utils 2.12p-9
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 16 Sep 2005 07:17:40 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: loop-aes-utils
Source-Version: 2.12p-9

We believe that the bug you reported is fixed in the latest version of
loop-aes-utils, which is due to be installed in the Debian FTP archive:

loop-aes-utils_2.12p-9.diff.gz
  to pool/main/l/loop-aes-utils/loop-aes-utils_2.12p-9.diff.gz
loop-aes-utils_2.12p-9.dsc
  to pool/main/l/loop-aes-utils/loop-aes-utils_2.12p-9.dsc
loop-aes-utils_2.12p-9_i386.deb
  to pool/main/l/loop-aes-utils/loop-aes-utils_2.12p-9_i386.deb
mount-aes-udeb_2.12p-9_i386.udeb
  to pool/main/l/loop-aes-utils/mount-aes-udeb_2.12p-9_i386.udeb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Max Vozeler <[EMAIL PROTECTED]> (supplier of updated loop-aes-utils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 16 Sep 2005 14:55:18 +0200
Source: loop-aes-utils
Binary: loop-aes-utils mount-aes-udeb
Architecture: source i386
Version: 2.12p-9
Distribution: unstable
Urgency: high
Maintainer: Max Vozeler <[EMAIL PROTECTED]>
Changed-By: Max Vozeler <[EMAIL PROTECTED]>
Description: 
 loop-aes-utils - Tools for mounting and manipulating filesystems
 mount-aes-udeb - Mount utils for loop-AES (udeb)
Closes: 328626
Changes: 
 loop-aes-utils (2.12p-9) unstable; urgency=high
 .
   * [SECURITY] CAN-2005-2876. Applied patch from 2.12r-pre1 to
     fix a local privilege escalation vulnerability in umount -r.
     (Closes: #328626)
Files: 
 3ea11be1410ba14a6dafa4dd009bb1dc 643 admin optional loop-aes-utils_2.12p-9.dsc
 3474458bb9ec5a03401693857101ec1c 71977 admin optional 
loop-aes-utils_2.12p-9.diff.gz
 de304154806858bb84c5d63f27db9b0f 143060 admin optional 
loop-aes-utils_2.12p-9_i386.deb
 2f709404d6ec3f21768fd2f14abc122d 83938 debian-installer extra 
mount-aes-udeb_2.12p-9_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDKtHlnVvVEbfNotwRAu8iAKCMAXAKOe9pYmF6dF7CPyAiTOA6qgCguIq1
BPHaeLYnnCtXm1c43XDEwew=
=UDD/
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to