Bug#328141: marked as done (mount: umount -r drops nosuid flag (CAN-2005-2876))

Wed, 21 Sep 2005 08:04:00 -0700 

Your message dated Wed, 21 Sep 2005 07:47:06 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#328141: fixed in util-linux 2.12p-8
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 13 Sep 2005 20:22:13 +0000
>From [EMAIL PROTECTED] Tue Sep 13 13:22:13 2005
Return-path: <[EMAIL PROTECTED]>
Received: from talus.maths.usyd.edu.au [129.78.68.1] 
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1EFHIC-0007CC-00; Tue, 13 Sep 2005 13:22:13 -0700
Received: from [EMAIL PROTECTED] by talus.maths.usyd.edu.au (8.12.3/8.1)
        id j8DKM0CD002464 for [EMAIL PROTECTED]; Wed, 14 Sep 2005 06:22:00 +1000
Received: from pisa.maths.usyd.edu.au ([EMAIL PROTECTED]) [129.78.69.136]
        by siv.maths.usyd.edu.au via smtpdoor V18.6
        id 2463 for [EMAIL PROTECTED]; Wed, 14 Sep 2005 06:22:00 +1000
Message-Id: <[EMAIL PROTECTED]>
Received: from [EMAIL PROTECTED] by pisa.maths.usyd.edu.au (8.12.3/8.2/Submit)
        id j8DKM03Q019153; Wed, 14 Sep 2005 06:22:00 +1000
From: Paul Szabo <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: mount: umount -r drops nosuid flag
X-Mailer: reportbug 1.50
Date: Wed, 14 Sep 2005 06:22:00 +1000
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-7.3 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        MSGID_FROM_MTA_HEADER autolearn=no 
        version=2.60-bugs.debian.org_2005_01_02

Package: mount
Version: 2.11n-7
Severity: critical
File: /bin/umount
Tags: security
Justification: root security hole


Please see

  http://www.securityfocus.com/archive/1/410333

for details. Verified (that noexec flag is gone) as follows:

psz:~$ id
uid=1001(psz) gid=1001(amstaff) groups=1001(amstaff),24(cdrom),25(floppy)
psz:~$ grep cdrom /etc/fstab
/dev/cdrom      /cdrom          iso9660 ro,user,noauto          0       0
psz:~$ /bin/mount /cdrom
psz:~$ /bin/mount | grep cdrom
/dev/cdrom on /cdrom type iso9660 (ro,noexec,nosuid,nodev,user=psz)
psz:~$ /cdrom/ML3/ML_30_013_Linuxi.bin
bash: /cdrom/ML3/ML_30_013_Linuxi.bin: /bin/sh: bad interpreter: Permission 
denied
psz:~$ cd /cdrom
psz:/cdrom$ /bin/umount -r /cdrom
umount: /dev/cdrom busy - remounted read-only
psz:/cdrom$ cd
psz:~$ /bin/mount | grep cdrom
/dev/cdrom on /cdrom type iso9660 (ro)
psz:~$ /cdrom/ML3/ML_30_013_Linuxi.bin
Unpacking to /tmp/ML.tar...
[ctrl-C]
psz:~$ /bin/umount -r /cdrom
psz:~$ 


-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux pisa.maths.usyd.edu.au 2.4.27-smssvr1.6 #1 SMP Wed Aug 24 
12:16:31 EST 2005 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages mount depends on:
ii  libc6                         2.2.5-11.8 GNU C Library: Shared libraries an


---------------------------------------
Received: (at 328141-close) by bugs.debian.org; 21 Sep 2005 14:48:16 +0000
>From [EMAIL PROTECTED] Wed Sep 21 07:48:16 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
        id 1EI5sI-0001db-00; Wed, 21 Sep 2005 07:47:06 -0700
From: LaMont Jones <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#328141: fixed in util-linux 2.12p-8
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 21 Sep 2005 07:47:06 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: util-linux
Source-Version: 2.12p-8

We believe that the bug you reported is fixed in the latest version of
util-linux, which is due to be installed in the Debian FTP archive:

bsdutils_2.12p-8_i386.deb
  to pool/main/u/util-linux/bsdutils_2.12p-8_i386.deb
fdisk-udeb_2.12p-8_i386.udeb
  to pool/main/u/util-linux/fdisk-udeb_2.12p-8_i386.udeb
mount_2.12p-8_i386.deb
  to pool/main/u/util-linux/mount_2.12p-8_i386.deb
util-linux-locales_2.12p-8_all.deb
  to pool/main/u/util-linux/util-linux-locales_2.12p-8_all.deb
util-linux_2.12p-8.diff.gz
  to pool/main/u/util-linux/util-linux_2.12p-8.diff.gz
util-linux_2.12p-8.dsc
  to pool/main/u/util-linux/util-linux_2.12p-8.dsc
util-linux_2.12p-8_i386.deb
  to pool/main/u/util-linux/util-linux_2.12p-8_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
LaMont Jones <[EMAIL PROTECTED]> (supplier of updated util-linux package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 21 Sep 2005 08:36:17 -0600
Source: util-linux
Binary: util-linux fdisk-udeb util-linux-locales bsdutils mount
Architecture: all i386 source 
Version: 2.12p-8
Distribution: unstable
Urgency: high
Maintainer: LaMont Jones <[EMAIL PROTECTED]>
Changed-By: LaMont Jones <[EMAIL PROTECTED]>
Description: 
 bsdutils   - Basic utilities from 4.4BSD-Lite
 fdisk-udeb - Partition a hard drive (manual, cfdisk)
 mount      - Tools for mounting and manipulating filesystems
 util-linux - Miscellaneous system utilities
 util-linux-locales - Locales files for util-linux
Closes: 328141 329063
Changes: 
 util-linux (2.12p-8) unstable; urgency=high
 .
   * if /etc/adjtime is a dangling symlink, don't use it in hwclock*.sh
   * Applited patch by Max Vozeler to fix a local privilege escalation
     vulnerability in umount -r [debian/patches/51security_CAN-2005-2876.dpatch]
     Closes: #328141, #329063
Files: 
 05dc3e83e483b500a188941d4ec58ca0 700 base required util-linux_2.12p-8.dsc
 262121de89e4a4d5da64a9a3043978a9 66258 base required bsdutils_2.12p-8_i386.deb
 9ae6656ec71c88fd133b065491ab5079 76281 base required util-linux_2.12p-8.diff.gz
 a7c20de195c91631b873ee77745f66f2 140396 base required mount_2.12p-8_i386.deb
 d415a1a9db5caa576f2b674183aba292 369144 base required 
util-linux_2.12p-8_i386.deb
 f07516de7a286e0d396aa9dafa95fc3b 1072692 utils optional 
util-linux-locales_2.12p-8_all.deb
 f28485490ec5b6208c4850bdec4d2fc0 537254 debian-installer extra 
fdisk-udeb_2.12p-8_i386.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDMXGRzN/kmwoKyScRAsj5AJ0dhwzeGrFvt4qByplpRYb8Sq1QiwCdEvAy
QDMHhcsAA129GQwDOx8gJBQ=
=M26d
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to