Ubuntu Security Notice (C) 2005-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
David Watson discovered that 'umount -r' removed some restrictive
mount options like the 'nosuid' flag. If /etc/fstab contains
user-mountable removable devices which specify the 'nosuid' flag
(which is common practice for such devices), a local attacker could
exploit this to execute arbitrary programs with root privileges by
calling 'umount -r' on a removable device.
This does not affect the default Ubuntu configuration. Since Ubuntu
mounts removable devices automatically, there is normally no need to
configure them manually in /etc/fstab.
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.2
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 20595 ()
CVE ID: CVE-2005-2876