==========================================================Ubuntu Security Notice USN-184-1 September 19, 2005
util-linux vulnerability CAN-2005-2876
A security issue affects the following Ubuntu releases:
The problem can be corrected by upgrading the affected package to
version 2.12-7ubuntu6.1 (for Ubuntu 4.10), or 2.12p-2ubuntu2.2 (for
Ubuntu 5.04). In general, a standard system upgrade is sufficient to
effect the necessary changes.
David Watson discovered that "umount -r" removed some restrictive
mount options like the "nosuid" flag. If /etc/fstab contains
user-mountable removable devices which specify the "nosuid" flag
(which is common practice for such devices), a local attacker could
exploit this to execute arbitrary programs with root privileges by
calling "umount -r" on a removable device.
This does not affect the default Ubuntu configuration. Since Ubuntu
mounts removable devices automatically, there is normally no need to
configure them manually in /etc/fstab.