Mandrake Linux Security Advisory : util-linux (MDKSA-2005:167)
High Nessus Plugin ID 19922
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionDavid Watson disovered that the umount utility, when using the '-r' cpmmand, could remove some restrictive mount options such as 'nosuid'.
IF /etc/fstab contained user-mountable removable devices that specified nosuid, a local attacker could exploit this flaw to execute arbitrary programs with root privileges by calling 'umount -r' on a removable device.
The updated packages have been patched to ensure that '-r' can only be called by the root user.
SolutionUpdate the affected losetup, mount and / or util-linux packages.