Bug 195390 - sys-apps/util-linux < 2.12r-r8 Privilege Escalation Vulnerability (CVE-2007-5191)
Bug#: 195390 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: critical Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: keytoaster@gentoo.org
Component: Vulnerabilities
URL:  http://secunia.com/advisories/27145/
Summary: sys-apps/util-linux < 2.12r-r8 Privilege Escalation Vulnerability (CVE-2007-5191)
Keywords:  
Status Whiteboard: A1 [glsa]
Opened: 2007-10-10 16:12 0000
Description:   Opened: 2007-10-10 16:12 0000 
A vulnerability has been reported in util-linux, which potentially can be
exploited by malicious, local users to perform certain actions with escalated
privileges.

The vulnerability is caused due to the mount and umount programs incorrectly
checking the return values of the "setuid()" and "setgid()" functions when
dropping privileges. This can potentially be exploited to perform certain
actions with escalated privileges via e.g. the mount.nfs utility.

The vulnerability is reported in version 2.12r. Other versions may also be
affected.

Solution:
Fixed in the util-linux-ng repository.
http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commit;h=ebbeb2c7ac1b00b6083905957837a271e80b187e

------- Comment #1 From Tobias Heinlein 2007-10-10 16:24:46 0000 ------- 
You already applied the patch in -r8 a few days ago, but I couldn't find an
appropriate security bug for this issue.

Do you have plans to stabilise util-linux-2.12r-r8? Our latest stable version
is vulnerable.

------- Comment #2 From SpanKY 2007-10-10 18:04:43 0000 ------- 
i dont have any plans for anything

whatever security team wants to push is up to them, 2.12r-r8 is fine

------- Comment #3 From Pierre-Yves Rofes 2007-10-10 20:06:12 0000 ------- 
Arches pleases test and mark stable sys-apps/util-linux-2.12r-r8
target "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86"

------- Comment #4 From Christian Faulhammer 2007-10-10 23:06:28 0000 ------- 
x86 stable

------- Comment #5 From Jeroen Roovers 2007-10-11 03:12:28 0000 ------- 
Stable for HPPA

------- Comment #6 From Steve Dibb 2007-10-11 03:25:11 0000 ------- 
amd64 stable

------- Comment #7 From Jeroen Roovers 2007-10-11 03:30:40 0000 ------- 
Stable for SPARC.

------- Comment #8 From Tom Gall 2007-10-11 05:15:26 0000 ------- 
stable on ppc64

------- Comment #9 From Raúl Porcel 2007-10-11 16:21:36 0000 ------- 
alpha/ia64 stable

------- Comment #10 From Tobias Scherbaum 2007-10-12 15:14:10 0000 ------- 
ppc stable, ready for glsa

------- Comment #11 From Robert Buchholz 2007-10-12 17:17:28 0000 ------- 
(In reply to comment #10)
> ppc stable, ready for glsa

request filed.

------- Comment #12 From Pierre-Yves Rofes 2007-10-18 21:53:42 0000 ------- 
GLSA 200710-18

------- Comment #13 From Joshua Kinard 2007-11-19 07:20:45 0000 ------- 
mips stable.