195390 – sys-apps/util-linux < 2.12r-r8 Privilege Escalation Vulnerability (CVE-2007-5191)

Bug 195390 - sys-apps/util-linux < 2.12r-r8 Privilege Escalation Vulnerability (CVE-2007-5191)

Summary: sys-apps/util-linux < 2.12r-r8 Privilege Escalation Vulnerability (CVE-2007-5...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High critical (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/27145/
Whiteboard:	A1 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2007-10-10 16:12 UTC by Tobias Heinlein (RETIRED)
Modified:	2008-01-10 09:00 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tobias Heinlein (RETIRED) gentoo-dev

2007-10-10 16:12:06 UTC

A vulnerability has been reported in util-linux, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.

The vulnerability is caused due to the mount and umount programs incorrectly checking the return values of the "setuid()" and "setgid()" functions when dropping privileges. This can potentially be exploited to perform certain actions with escalated privileges via e.g. the mount.nfs utility.

The vulnerability is reported in version 2.12r. Other versions may also be affected.

Solution:
Fixed in the util-linux-ng repository.
http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commit;h=ebbeb2c7ac1b00b6083905957837a271e80b187e

Comment 1 Tobias Heinlein (RETIRED) gentoo-dev

2007-10-10 16:24:46 UTC

You already applied the patch in -r8 a few days ago, but I couldn't find an appropriate security bug for this issue.

Do you have plans to stabilise util-linux-2.12r-r8? Our latest stable version is vulnerable.

Comment 2 SpanKY gentoo-dev

2007-10-10 18:04:43 UTC

i dont have any plans for anything

whatever security team wants to push is up to them, 2.12r-r8 is fine

Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-10-10 20:06:12 UTC

Arches pleases test and mark stable sys-apps/util-linux-2.12r-r8
target "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86"

Comment 4 Christian Faulhammer (RETIRED) gentoo-dev

2007-10-10 23:06:28 UTC

x86 stable

Comment 5 Jeroen Roovers (RETIRED) gentoo-dev

2007-10-11 03:12:28 UTC

Stable for HPPA

Comment 6 Steve Dibb (RETIRED) gentoo-dev

2007-10-11 03:25:11 UTC

amd64 stable

Comment 7 Jeroen Roovers (RETIRED) gentoo-dev

2007-10-11 03:30:40 UTC

Stable for SPARC.

Comment 8 Tom Gall (RETIRED) gentoo-dev

2007-10-11 05:15:26 UTC

stable on ppc64

Comment 9 Raúl Porcel (RETIRED) gentoo-dev

2007-10-11 16:21:36 UTC

alpha/ia64 stable

Comment 10 Tobias Scherbaum (RETIRED) gentoo-dev

2007-10-12 15:14:10 UTC

ppc stable, ready for glsa

Comment 11 Robert Buchholz (RETIRED) gentoo-dev

2007-10-12 17:17:28 UTC

(In reply to comment #10)
> ppc stable, ready for glsa

request filed.

Comment 12 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-10-18 21:53:42 UTC

GLSA 200710-18

Comment 13 Joshua Kinard gentoo-dev

2007-11-19 07:20:45 UTC

mips stable.