David Watson discovered that “umount -r” removed some restrictive mount options like the “nosuid” flag. If /etc/fstab contains user-mountable removable devices which specify the “nosuid” flag (which is common practice for such devices), a local attacker could exploit this to execute arbitrary programs with root privileges by calling “umount -r” on a removable device.
This does not affect the default Ubuntu configuration. Since Ubuntu mounts removable devices automatically, there is normally no need to configure them manually in /etc/fstab.
19 September 2005
A security issue affects these releases of Ubuntu and its derivatives:
David Watson discovered that “umount -r” removed some restrictive mount options like the “nosuid” flag. If /etc/fstab contains user-mountable removable devices which specify the “nosuid” flag (which is common practice for such devices), a local attacker could exploit this to execute arbitrary programs with root privileges by calling “umount -r” on a removable device.
This does not affect the default Ubuntu configuration. Since Ubuntu mounts removable devices automatically, there is normally no need to configure them manually in /etc/fstab.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
Vulmon