 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.55377 |
| Categoría: | Slackware Local Security Checks |
| Título: | Slackware: Security Advisory (SSA:2005-255-02) |
| Resumen: | The remote host is missing an update for the 'util-linux' package(s) announced via the SSA:2005-255-02 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'util-linux' package(s) announced via the SSA:2005-255-02 advisory. Vulnerability Insight: New util-linux packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue with umount. A bug in the '-r' option could allow flags in /etc/fstab to be improperly dropped on user-mountable volumes, allowing a user to gain root privileges. For more details, see David Watson's post to BugTraq: [link moved to references] Here are the details from the Slackware 10.1 ChangeLog: +--------------------------+ patches/packages/util-linux-2.12p-i486-2.tgz: Patched an issue with umount where if the umount failed when the '-r' option was used, the filesystem would be remounted read-only but without any extra flags specified in /etc/fstab. This could allow an ordinary user able to mount a floppy or CD (but with nosuid, noexec, nodev, etc in /etc/fstab) to run a setuid binary from removable media and gain root privileges. Reported to BugTraq by David Watson: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'util-linux' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-2876 101960 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1 14816 http://www.securityfocus.com/bid/14816 16785 http://secunia.com/advisories/16785 16988 http://secunia.com/advisories/16988 17004 http://secunia.com/advisories/17004 17027 http://secunia.com/advisories/17027 17133 http://secunia.com/advisories/17133 17154 http://secunia.com/advisories/17154 18502 http://secunia.com/advisories/18502 19369 http://www.osvdb.org/19369 2005-0049 http://marc.info/?l=bugtraq&m=112690609622266&w=2 20050912 util-linux: unintentional grant of privileges by umount http://marc.info/?l=bugtraq&m=112656096125857&w=2 DSA-823 http://www.debian.org/security/2005/dsa-823 DSA-825 http://www.debian.org/security/2005/dsa-825 FLSA:168326 http://www.securityfocus.com/archive/1/419774/100/0/threaded SUSE-SR:2005:021 http://www.novell.com/linux/security/advisories/2005_21_sr.html USN-184 http://www.ubuntu.com/usn/usn-184-1 http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm oval:org.mitre.oval:def:10921 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10921 utillinux-umount-gain-privileges(22241) https://exchange.xforce.ibmcloud.com/vulnerabilities/22241 |
| Copyright | Copyright (C) 2012 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |